Expand adattributiond sandbox slightly to avoid sandbox crashes
Created attachment 456238 [details] Patch
<rdar://problem/91073280>
Created attachment 456239 [details] Patch
Comment on attachment 456239 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=456239&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb.in:151 > +;; Note this does not allow subpaths of "/" > +(allow file-read* > + (literal "/")) > + Is there a way to make this more specific? Would allowing file-read-metadata be sufficient?
No. file-read-metadata is insufficient. It needs at least file-read-data and at that point may as well allow file-read*
We also need file-test-existence
Created attachment 456249 [details] Patch
Comment on attachment 456249 [details] Patch R=me.
r292171