[webkit-changes] [214404] trunk/Source/WebKit2

Sat, 25 Mar 2017 14:20:28 -0700

Title: [214404] trunk/Source/WebKit2
Revision
214404
Author
wilan...@apple.com
Date
2017-03-25 14:19:54 -0700 (Sat, 25 Mar 2017)

Log Message

Re-enable the web process' keychain access to fix client certificate authentication
https://bugs.webkit.org/show_bug.cgi?id=170074
<rdar://problem/31095987>

Reviewed by Brent Fulgham.

This is a follow-up patch to
https://trac.webkit.org/changeset/214389/webkit
since according to Alexey Proskuryakov, resource
loading has always required identical sandbox
rules in WebContent and Networking processes.

* WebProcess/com.apple.WebProcess.sb.in:
    Reverted remaining change from
    https://trac.webkit.org/changeset/208702/webkit and
    https://trac.webkit.org/changeset/208707/webkit.

Modified Paths

Diff

Modified: trunk/Source/WebKit2/ChangeLog (214403 => 214404)


--- trunk/Source/WebKit2/ChangeLog	2017-03-25 20:24:17 UTC (rev 214403)
+++ trunk/Source/WebKit2/ChangeLog	2017-03-25 21:19:54 UTC (rev 214404)
@@ -1,3 +1,22 @@
+2017-03-25  John Wilander  <wilan...@apple.com>
+
+        Re-enable the web process' keychain access to fix client certificate authentication
+        https://bugs.webkit.org/show_bug.cgi?id=170074
+        <rdar://problem/31095987>
+
+        Reviewed by Brent Fulgham.
+
+        This is a follow-up patch to
+        https://trac.webkit.org/changeset/214389/webkit
+        since according to Alexey Proskuryakov, resource
+        loading has always required identical sandbox
+        rules in WebContent and Networking processes.
+
+        * WebProcess/com.apple.WebProcess.sb.in:
+            Reverted remaining change from
+            https://trac.webkit.org/changeset/208702/webkit and
+            https://trac.webkit.org/changeset/208707/webkit.
+
 2017-03-24  Wenson Hsieh  <wenson_hs...@apple.com>
 
         [WK2] Add a UI delegate SPI hook to enable or disable navigation on drop

Modified: trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in (214403 => 214404)


--- trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in	2017-03-25 20:24:17 UTC (rev 214403)
+++ trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in	2017-03-25 21:19:54 UTC (rev 214404)
@@ -336,7 +336,6 @@
        (global-name "com.apple.CoreAuthentication.agent.libxpc")
        (global-name "com.apple.SecurityServer"))
 
-#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101240
 ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
 ;; Restrict AppSandboxed processes from creating /Library/Keychains, but allow access to the contents of /Library/Keychains:
 (allow file-read-data file-read-metadata file-write-data
@@ -350,7 +349,6 @@
 (deny file-read* file-write*
     (regex (string-append "/Library/Keychains/" (uuid-regex-string) "(/|$)"))
     (home-regex (string-append "/Library/Keychains/" (uuid-regex-string) "(/|$)")))
-#endif
 
 (allow file-read* file-write* (subpath "/private/var/db/mds/system")) ;; FIXME: This should be removed when <rdar://problem/9538414> is fixed.
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to