RESOLVED INVALID196043
[iOS] Allow file-read* for Cookies.binarycookies in NetworkProcess sandbox 
https://bugs.webkit.org/show_bug.cgi?id=196043
Summary [iOS] Allow file-read* for Cookies.binarycookies in NetworkProcess sandbox
Per Arne Vollan
Reported 2019-03-20 16:20:51 PDT
The sandbox needs to allow reading the file Cookies.binarycookies.
Attachments
Patch (1.50 KB, patch)
2019-03-20 16:26 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (1.48 KB, patch)
2019-03-20 16:38 PDT, Per Arne Vollan 		bfulgham: review-
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Per Arne Vollan
Comment 1 2019-03-20 16:21:16 PDT
rdar://problem/45818048
Per Arne Vollan
Comment 2 2019-03-20 16:26:11 PDT
Created attachment 365430 [details] Patch
Per Arne Vollan
Comment 3 2019-03-20 16:38:54 PDT
Created attachment 365433 [details] Patch
Brent Fulgham
Comment 4 2019-03-20 16:51:46 PDT
Comment on attachment 365433 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=365433&action=review > Source/WebKit/ChangeLog:9 > + The sandbox needs to allow reading from and writing to the file Cookies.binarycookies. I'm not sure we need file-write. I think that's handled elsewhere? Or did you see file-write issues? > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:110 > + ((relative-regex #"/Library/Cookies/Cookies.binarycookies$")) Gotta love scheme let syntax. So many parentheses. > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:111 > + (allow file-read* file-write* I think we should limit it to file-read. Do we know of valid file-write cases?
Brent Fulgham
Comment 5 2019-03-21 10:39:12 PDT
Comment on attachment 365433 [details] Patch Actually, after investigating further, I don't think we want any of this. I think the sandbox violation we noticed was a bug in shutdown code.
Brent Fulgham
Comment 6 2019-03-21 10:39:52 PDT
I think this bug was due to a misunderstanding on my part. I'm going to close this as not needed -- I think we may have a bug in the NetworkProcess shutdown code.
Note You need to log in before you can comment on or make changes to this bug.