Bug 227375

Summary: WebContent: Silence report of AppSupport denial
Product: WebKit Reporter: Adam Mazander <mazander>
Component: New BugsAssignee: Adam Mazander <mazander>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

Description Adam Mazander 2021-06-24 13:15:39 PDT 
rdar://79669030
Comment 1 Adam Mazander 2021-06-24 13:23:54 PDT 
Testing confirms AppSupport does not need access to WebContent. Silencing reports.
Comment 2 Adam Mazander 2021-07-08 15:38:11 PDT 
Created attachment 433173 [details]
Patch
Comment 3 Brent Fulgham 2021-07-08 15:43:44 PDT 
Comment on attachment 433173 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=433173&action=review

Could you please just add the AppSupport.plist to the rule around line 923? r- to make that change, but otherwise this looks great!

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:1079
> +        "Library/Preferences/com.apple.AppSupport.plist"

I'd suggest adding this into the rule around like 923, where we have a few more like this one.
Comment 4 Adam Mazander 2021-07-08 15:56:18 PDT 
Created attachment 433175 [details]
Patch
Comment 5 Brent Fulgham 2021-07-08 15:57:40 PDT 
Comment on attachment 433175 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=433175&action=review

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:924
> +        "Library/Preferences/com.apple.AppSupport.plist"

Could prefix with the slash to be consistent with the other two?
Comment 6 Adam Mazander 2021-07-08 16:09:49 PDT 
Created attachment 433179 [details]
Patch
Comment 7 EWS 2021-07-08 18:40:31 PDT 
Committed r279772 (239541@main): <https://commits.webkit.org/239541@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 433179 [details].