Title: [221647] trunk/Source/WebKit
- Revision
- 221647
- Author
- bfulg...@apple.com
- Date
- 2017-09-05 16:36:59 -0700 (Tue, 05 Sep 2017)
Log Message
Relax keychain access to permit users to permanently allow client certificates
https://bugs.webkit.org/show_bug.cgi?id=175857
<rdar://problem/32293867>
Reviewed by Alex Christensen.
Further relax the write permissions on the user's Keychain directory to support local certificates.
* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (221646 => 221647)
--- trunk/Source/WebKit/ChangeLog 2017-09-05 23:33:49 UTC (rev 221646)
+++ trunk/Source/WebKit/ChangeLog 2017-09-05 23:36:59 UTC (rev 221647)
@@ -1,3 +1,16 @@
+2017-09-05 Brent Fulgham <bfulg...@apple.com>
+
+ Relax keychain access to permit users to permanently allow client certificates
+ https://bugs.webkit.org/show_bug.cgi?id=175857
+ <rdar://problem/32293867>
+
+ Reviewed by Alex Christensen.
+
+ Further relax the write permissions on the user's Keychain directory to support local certificates.
+
+ * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2017-09-05 Youenn Fablet <you...@apple.com>
Cache Storage Engine should not mix different origin caches
Modified: trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (221646 => 221647)
--- trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2017-09-05 23:33:49 UTC (rev 221646)
+++ trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2017-09-05 23:36:59 UTC (rev 221647)
@@ -165,7 +165,7 @@
;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
;; Restrict AppSandboxed processes from creating /Library/Keychains, but allow access to the contents of /Library/Keychains:
-(allow file-read-data file-read-metadata file-write-create file-write-data
+(allow file-read-data file-read-metadata file-write*
(subpath "/Library/Keychains")
(home-subpath "/Library/Keychains"))
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (221646 => 221647)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2017-09-05 23:33:49 UTC (rev 221646)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2017-09-05 23:36:59 UTC (rev 221647)
@@ -430,7 +430,7 @@
;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
;; Restrict AppSandboxed processes from creating /Library/Keychains, but allow access to the contents of /Library/Keychains:
-(allow file-read-data file-read-metadata file-write-create file-write-data
+(allow file-read-data file-read-metadata file-write*
(subpath "/Library/Keychains"))
;; Do permit creating per-user keychains
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes