Bug 196043 - [iOS] Allow file-read* for Cookies.binarycookies in NetworkProcess sandbox
Summary: [iOS] Allow file-read* for Cookies.binarycookies in NetworkProcess sandbox
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Per Arne Vollan
Keywords: InRadar
Depends on:
Reported: 2019-03-20 16:20 PDT by Per Arne Vollan
Modified: 2019-03-21 10:39 PDT (History)
2 users (show)

See Also:

Patch (1.50 KB, patch)
2019-03-20 16:26 PDT, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (1.48 KB, patch)
2019-03-20 16:38 PDT, Per Arne Vollan
bfulgham: review-
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Per Arne Vollan 2019-03-20 16:20:51 PDT
The sandbox needs to allow reading the file Cookies.binarycookies.
Comment 1 Per Arne Vollan 2019-03-20 16:21:16 PDT
Comment 2 Per Arne Vollan 2019-03-20 16:26:11 PDT
Created attachment 365430 [details]
Comment 3 Per Arne Vollan 2019-03-20 16:38:54 PDT
Created attachment 365433 [details]
Comment 4 Brent Fulgham 2019-03-20 16:51:46 PDT
Comment on attachment 365433 [details]

View in context: https://bugs.webkit.org/attachment.cgi?id=365433&action=review

> Source/WebKit/ChangeLog:9
> +        The sandbox needs to allow reading from and writing to the file Cookies.binarycookies.

I'm not sure we need file-write. I think that's handled elsewhere? Or did you see file-write issues?

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:110
> +    ((relative-regex #"/Library/Cookies/Cookies.binarycookies$"))

Gotta love scheme let syntax. So many parentheses.

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:111
> +    (allow file-read* file-write*

I think we should limit it to file-read. Do we know of valid file-write cases?
Comment 5 Brent Fulgham 2019-03-21 10:39:12 PDT
Comment on attachment 365433 [details]

Actually, after investigating further, I don't think we want any of this. I think the sandbox violation we noticed was a bug in shutdown code.
Comment 6 Brent Fulgham 2019-03-21 10:39:52 PDT
I think this bug was due to a misunderstanding on my part. I'm going to close this as not needed -- I think we may have a bug in the NetworkProcess shutdown code.