Bug 165332 - [Mac] Update sandbox profiles to use modern syntax and avoid duplication
Summary: [Mac] Update sandbox profiles to use modern syntax and avoid duplication
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Brent Fulgham
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2016-12-02 13:48 PST by Brent Fulgham
Modified: 2016-12-02 15:21 PST (History)
4 users (show)

See Also:

Attachments
Patch (17.99 KB, patch)
2016-12-02 13:51 PST, Brent Fulgham 		no flags Details | Formatted Diff | Diff
Patch (17.62 KB, patch)
2016-12-02 13:53 PST, Brent Fulgham 		andersca: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2016-12-02 13:48:56 PST 
Clean up the WebKit Sandbox rules to use the modern syntax:

Change from:

;; Read-only preferences and data
(allow file-read*
…
      (home-literal "/Library/Preferences/com.apple.ATS.plist")
      (home-literal "/Library/Preferences/com.apple.CoreGraphics.plist")
      etc.

To:

(allow user-preference-read
    (preference-domain
        “com.apple.ATS”
        “com.apple.CoreGraphics”
        etc.))

Also get rid of duplicated macro and function definitions that are part of the core sandbox language.
Comment 1 Brent Fulgham 2016-12-02 13:49:15 PST 
<rdar://problem/26898991>
Comment 2 Brent Fulgham 2016-12-02 13:51:48 PST 
Created attachment 295992 [details]
Patch
Comment 3 Brent Fulgham 2016-12-02 13:53:33 PST 
Created attachment 295995 [details]
Patch
Comment 4 Brent Fulgham 2016-12-02 14:40:34 PST 
Note: The changes in these sandbox profiles have been confirmed (with the Sandbox team) to be compatible with macOS 10.9 and newer.
Comment 5 Brent Fulgham 2016-12-02 15:21:43 PST 
Committed r209280: <http://trac.webkit.org/changeset/209280>