Summary: | [macOS] Add additional IPC permission needed by Security.framework | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Brent Fulgham <bfulgham> | ||||
Component: | WebKit2 | Assignee: | Brent Fulgham <bfulgham> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | bfulgham, pvollan | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | WebKit Nightly Build | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
Brent Fulgham
2020-03-31 09:48:21 PDT
Created attachment 395052 [details]
Patch
Comment on attachment 395052 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=395052&action=review R=me. > Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:359 > -(allow ipc-posix-shm-read* ipc-posix-shm-write-data > +(allow ipc-posix-shm-read* ipc-posix-shm-write-create ipc-posix-shm-write-data > (ipc-posix-name "com.apple.AppleDatabaseChanged")) Does older macOS versions still need ipc-posix-shm-write-data? Comment on attachment 395052 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=395052&action=review >> Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:359 >> (ipc-posix-name "com.apple.AppleDatabaseChanged")) > > Does older macOS versions still need ipc-posix-shm-write-data? Yes -- this is entirely about needing to add *-create, not about taking anything else away. It's possible we could have left the old rule for pre-10.15 systems, but I don't think the extra complexity in the sandbox is worth it. Committed r259300: <https://trac.webkit.org/changeset/259300> All reviewed patches have been landed. Closing bug and clearing flags on attachment 395052 [details]. |