Bug 133750 - Restrict database process profile
Summary: Restrict database process profile
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Oliver Hunt
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-06-11 10:59 PDT by Oliver Hunt
Modified: 2014-06-11 13:24 PDT (History)
0 users

See Also:


Attachments
Patch (3.30 KB, patch)
2014-06-11 11:00 PDT, Oliver Hunt
ap: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Hunt 2014-06-11 10:59:51 PDT
Restrict database process profile
Comment 1 Oliver Hunt 2014-06-11 11:00:24 PDT
Created attachment 232875 [details]
Patch
Comment 2 Alexey Proskuryakov 2014-06-11 11:32:22 PDT
Comment on attachment 232875 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=232875&action=review

> Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb:47
> +;; FIXME: Should be removed once <rdar://problem/16329087> is fixed.
> +(deny file-write-xattr (xattr "com.apple.quarantine") (with no-log))

Please remove this, there is no quarantine.

> Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb:50
> +;; Reserve a namespace for additional protected extended attributes.
> +(deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))

Do any iOS profiles have this, or is it an OS X only thing?
Comment 3 Oliver Hunt 2014-06-11 13:24:15 PDT
Committed r169821: <http://trac.webkit.org/changeset/169821>