RESOLVED FIXED238609
Expand adattributiond sandbox slightly to avoid sandbox crashes 
https://bugs.webkit.org/show_bug.cgi?id=238609
Summary Expand adattributiond sandbox slightly to avoid sandbox crashes
Alex Christensen
Reported 2022-03-31 08:11:31 PDT
Expand adattributiond sandbox slightly to avoid sandbox crashes
Attachments
Patch (2.27 KB, patch)
2022-03-31 08:12 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (2.32 KB, patch)
2022-03-31 08:14 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (2.02 KB, patch)
2022-03-31 09:42 PDT, Alex Christensen 		pvollan: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Alex Christensen
Comment 1 2022-03-31 08:12:17 PDT
Created attachment 456238 [details] Patch
Alex Christensen
Comment 2 2022-03-31 08:12:21 PDT
<rdar://problem/91073280>
Alex Christensen
Comment 3 2022-03-31 08:14:43 PDT
Created attachment 456239 [details] Patch
Per Arne Vollan
Comment 4 2022-03-31 08:45:20 PDT
Comment on attachment 456239 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=456239&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb.in:151 > +;; Note this does not allow subpaths of "/" > +(allow file-read* > + (literal "/")) > + Is there a way to make this more specific? Would allowing file-read-metadata be sufficient?
Alex Christensen
Comment 5 2022-03-31 08:55:48 PDT
No. file-read-metadata is insufficient. It needs at least file-read-data and at that point may as well allow file-read*
Alex Christensen
Comment 6 2022-03-31 09:36:53 PDT
We also need file-test-existence
Alex Christensen
Comment 7 2022-03-31 09:42:09 PDT
Created attachment 456249 [details] Patch
Per Arne Vollan
Comment 8 2022-03-31 10:33:07 PDT
Comment on attachment 456249 [details] Patch R=me.
Alex Christensen
Comment 9 2022-03-31 13:55:20 PDT
r292171
Note You need to log in before you can comment on or make changes to this bug.