Title: [214404] trunk/Source/WebKit2
- Revision
- 214404
- Author
- wilan...@apple.com
- Date
- 2017-03-25 14:19:54 -0700 (Sat, 25 Mar 2017)
Log Message
Re-enable the web process' keychain access to fix client certificate authentication
https://bugs.webkit.org/show_bug.cgi?id=170074
<rdar://problem/31095987>
Reviewed by Brent Fulgham.
This is a follow-up patch to
https://trac.webkit.org/changeset/214389/webkit
since according to Alexey Proskuryakov, resource
loading has always required identical sandbox
rules in WebContent and Networking processes.
* WebProcess/com.apple.WebProcess.sb.in:
Reverted remaining change from
https://trac.webkit.org/changeset/208702/webkit and
https://trac.webkit.org/changeset/208707/webkit.
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (214403 => 214404)
--- trunk/Source/WebKit2/ChangeLog 2017-03-25 20:24:17 UTC (rev 214403)
+++ trunk/Source/WebKit2/ChangeLog 2017-03-25 21:19:54 UTC (rev 214404)
@@ -1,3 +1,22 @@
+2017-03-25 John Wilander <wilan...@apple.com>
+
+ Re-enable the web process' keychain access to fix client certificate authentication
+ https://bugs.webkit.org/show_bug.cgi?id=170074
+ <rdar://problem/31095987>
+
+ Reviewed by Brent Fulgham.
+
+ This is a follow-up patch to
+ https://trac.webkit.org/changeset/214389/webkit
+ since according to Alexey Proskuryakov, resource
+ loading has always required identical sandbox
+ rules in WebContent and Networking processes.
+
+ * WebProcess/com.apple.WebProcess.sb.in:
+ Reverted remaining change from
+ https://trac.webkit.org/changeset/208702/webkit and
+ https://trac.webkit.org/changeset/208707/webkit.
+
2017-03-24 Wenson Hsieh <wenson_hs...@apple.com>
[WK2] Add a UI delegate SPI hook to enable or disable navigation on drop
Modified: trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in (214403 => 214404)
--- trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2017-03-25 20:24:17 UTC (rev 214403)
+++ trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2017-03-25 21:19:54 UTC (rev 214404)
@@ -336,7 +336,6 @@
(global-name "com.apple.CoreAuthentication.agent.libxpc")
(global-name "com.apple.SecurityServer"))
-#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101240
;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
;; Restrict AppSandboxed processes from creating /Library/Keychains, but allow access to the contents of /Library/Keychains:
(allow file-read-data file-read-metadata file-write-data
@@ -350,7 +349,6 @@
(deny file-read* file-write*
(regex (string-append "/Library/Keychains/" (uuid-regex-string) "(/|$)"))
(home-regex (string-append "/Library/Keychains/" (uuid-regex-string) "(/|$)")))
-#endif
(allow file-read* file-write* (subpath "/private/var/db/mds/system")) ;; FIXME: This should be removed when <rdar://problem/9538414> is fixed.
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes