Title: [232097] trunk/Source/WebKit
- Revision
- 232097
- Author
- bfulg...@apple.com
- Date
- 2018-05-22 19:23:57 -0700 (Tue, 22 May 2018)
Log Message
Close access to "lsopen" for non-UI process
https://bugs.webkit.org/show_bug.cgi?id=185890
<rdar://problem/39686511>
Reviewed by Alexey Proskuryakov.
Close down access to 'lsopen' in the iOS sandboxes. These operations are
performed by the UIProcess on behalf of these helper processes.
* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (232096 => 232097)
--- trunk/Source/WebKit/ChangeLog 2018-05-23 02:15:15 UTC (rev 232096)
+++ trunk/Source/WebKit/ChangeLog 2018-05-23 02:23:57 UTC (rev 232097)
@@ -1,3 +1,18 @@
+2018-05-22 Brent Fulgham <bfulg...@apple.com>
+
+ Close access to "lsopen" for non-UI process
+ https://bugs.webkit.org/show_bug.cgi?id=185890
+ <rdar://problem/39686511>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Close down access to 'lsopen' in the iOS sandboxes. These operations are
+ performed by the UIProcess on behalf of these helper processes.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
2018-05-22 Dean Jackson <d...@apple.com>
Optimized path zoom animation needs a valid UIImage and CGRect
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (232096 => 232097)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2018-05-23 02:15:15 UTC (rev 232096)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2018-05-23 02:23:57 UTC (rev 232097)
@@ -29,6 +29,8 @@
(import "common.sb")
+(deny lsopen)
+
(deny sysctl*)
(allow sysctl-read
(sysctl-name
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb (232096 => 232097)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb 2018-05-23 02:15:15 UTC (rev 232096)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb 2018-05-23 02:23:57 UTC (rev 232097)
@@ -29,6 +29,8 @@
(import "common.sb")
+(deny lsopen)
+
(allow file-read* file-write* (extension "com.apple.app-sandbox.read-write"))
(deny sysctl*)
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (232096 => 232097)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2018-05-23 02:15:15 UTC (rev 232096)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2018-05-23 02:23:57 UTC (rev 232097)
@@ -29,6 +29,8 @@
(import "common.sb")
+(deny lsopen)
+
;;;
;;; The following rules were originally contained in 'UIKit-apps.sb'. We are duplicating them here so we can
;;; remove unneeded sandbox extensions.
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
