Bug 209815

Summary: [macOS] Add additional IPC permission needed by Security.framework
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit2Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, pvollan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Brent Fulgham
Reported 2020-03-31 09:48:21 PDT
WebKit's Network sandbox needs the ipc-posix-shm-write-create permission to properly interact with the 'com.apple.AppleDatabaseChanged' name.
Attachments
Patch (1.63 KB, patch)
2020-03-31 09:50 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2020-03-31 09:48:34 PDT
<rdar://problem/60892378>
Brent Fulgham
Comment 2 2020-03-31 09:50:15 PDT
Created attachment 395052 [details] Patch
Per Arne Vollan
Comment 3 2020-03-31 09:53:38 PDT
Comment on attachment 395052 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=395052&action=review R=me. > Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:359 > -(allow ipc-posix-shm-read* ipc-posix-shm-write-data > +(allow ipc-posix-shm-read* ipc-posix-shm-write-create ipc-posix-shm-write-data > (ipc-posix-name "com.apple.AppleDatabaseChanged")) Does older macOS versions still need ipc-posix-shm-write-data?
Brent Fulgham
Comment 4 2020-03-31 10:13:19 PDT
Comment on attachment 395052 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=395052&action=review >> Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:359 >> (ipc-posix-name "com.apple.AppleDatabaseChanged")) > > Does older macOS versions still need ipc-posix-shm-write-data? Yes -- this is entirely about needing to add *-create, not about taking anything else away. It's possible we could have left the old rule for pre-10.15 systems, but I don't think the extra complexity in the sandbox is worth it.
EWS
Comment 5 2020-03-31 10:40:44 PDT
Committed r259300: <https://trac.webkit.org/changeset/259300> All reviewed patches have been landed. Closing bug and clearing flags on attachment 395052 [details].
Note You need to log in before you can comment on or make changes to this bug.