Bug 133750 - Restrict database process profile
Summary: Restrict database process profile
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Oliver Hunt
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-06-11 10:59 PDT by Oliver Hunt
Modified: 2014-06-11 13:24 PDT (History)
0 users

See Also:

Attachments
Patch (3.30 KB, patch)
2014-06-11 11:00 PDT, Oliver Hunt 		ap: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Hunt 2014-06-11 10:59:51 PDT 
Restrict database process profile
Comment 1 Oliver Hunt 2014-06-11 11:00:24 PDT 
Created attachment 232875 [details]
Patch
Comment 2 Alexey Proskuryakov 2014-06-11 11:32:22 PDT 
Comment on attachment 232875 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=232875&action=review

> Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb:47
> +;; FIXME: Should be removed once <rdar://problem/16329087> is fixed.
> +(deny file-write-xattr (xattr "com.apple.quarantine") (with no-log))

Please remove this, there is no quarantine.

> Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb:50
> +;; Reserve a namespace for additional protected extended attributes.
> +(deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))

Do any iOS profiles have this, or is it an OS X only thing?
Comment 3 Oliver Hunt 2014-06-11 13:24:15 PDT 
Committed r169821: <http://trac.webkit.org/changeset/169821>