Skip to site navigation (Press enter)

[webkit-changes] [221647] trunk/Source/WebKit

bfulgham Tue, 05 Sep 2017 16:37:20 -0700

Title: [221647] trunk/Source/WebKit

Revision: 221647
Author: bfulg...@apple.com
Date: 2017-09-05 16:36:59 -0700 (Tue, 05 Sep 2017)

Log Message

Relax keychain access to permit users to permanently allow client certificates
https://bugs.webkit.org/show_bug.cgi?id=175857
<rdar://problem/32293867>


Reviewed by Alex Christensen.

Further relax the write permissions on the user's Keychain directory to support local certificates.

* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
* WebProcess/com.apple.WebProcess.sb.in:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in
trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

Diff

Modified: trunk/Source/WebKit/ChangeLog (221646 => 221647)


--- trunk/Source/WebKit/ChangeLog	2017-09-05 23:33:49 UTC (rev 221646)
+++ trunk/Source/WebKit/ChangeLog	2017-09-05 23:36:59 UTC (rev 221647)
@@ -1,3 +1,16 @@
+2017-09-05  Brent Fulgham  <bfulg...@apple.com>
+
+        Relax keychain access to permit users to permanently allow client certificates
+        https://bugs.webkit.org/show_bug.cgi?id=175857
+        <rdar://problem/32293867>
+
+        Reviewed by Alex Christensen.
+
+        Further relax the write permissions on the user's Keychain directory to support local certificates.
+
+        * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2017-09-05  Youenn Fablet  <you...@apple.com>
 
         Cache Storage Engine should not mix different origin caches

Modified: trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (221646 => 221647)


--- trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in	2017-09-05 23:33:49 UTC (rev 221646)
+++ trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in	2017-09-05 23:36:59 UTC (rev 221647)
@@ -165,7 +165,7 @@
 
 ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
 ;; Restrict AppSandboxed processes from creating /Library/Keychains, but allow access to the contents of /Library/Keychains:
-(allow file-read-data file-read-metadata file-write-create file-write-data
+(allow file-read-data file-read-metadata file-write*
     (subpath "/Library/Keychains")
     (home-subpath "/Library/Keychains"))

Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (221646 => 221647)


--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2017-09-05 23:33:49 UTC (rev 221646)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2017-09-05 23:36:59 UTC (rev 221647)
@@ -430,7 +430,7 @@
 
 ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
 ;; Restrict AppSandboxed processes from creating /Library/Keychains, but allow access to the contents of /Library/Keychains:
-(allow file-read-data file-read-metadata file-write-create file-write-data
+(allow file-read-data file-read-metadata file-write*
     (subpath "/Library/Keychains"))
 
 ;; Do permit creating per-user keychains

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes