Title: [233177] trunk/Source/WebKit
- Revision
- 233177
- Author
- you...@apple.com
- Date
- 2018-06-25 15:29:55 -0700 (Mon, 25 Jun 2018)
Log Message
Add a sandbox profile to Hangout plug-in
https://bugs.webkit.org/show_bug.cgi?id=187005
<rdar://problem/41428391>
Reviewed by Brent Fulgham.
Add a sandbox profile so that this plug-in can be run when UIProcess is sandboxed.
* Resources/PlugInSandboxProfiles/com.google.googletalkbrowserplugin.sb: Added.
* WebKit.xcodeproj/project.pbxproj:
Modified Paths
Added Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (233176 => 233177)
--- trunk/Source/WebKit/ChangeLog 2018-06-25 21:29:50 UTC (rev 233176)
+++ trunk/Source/WebKit/ChangeLog 2018-06-25 22:29:55 UTC (rev 233177)
@@ -1,5 +1,18 @@
2018-06-25 Youenn Fablet <you...@apple.com>
+ Add a sandbox profile to Hangout plug-in
+ https://bugs.webkit.org/show_bug.cgi?id=187005
+ <rdar://problem/41428391>
+
+ Reviewed by Brent Fulgham.
+
+ Add a sandbox profile so that this plug-in can be run when UIProcess is sandboxed.
+
+ * Resources/PlugInSandboxProfiles/com.google.googletalkbrowserplugin.sb: Added.
+ * WebKit.xcodeproj/project.pbxproj:
+
+2018-06-25 Youenn Fablet <you...@apple.com>
+
NetworkLoadChecker should not check CORS for 304 responses triggered by WebProcess revalidation
https://bugs.webkit.org/show_bug.cgi?id=186939
<rdar://problem/40941725>
Added: trunk/Source/WebKit/Resources/PlugInSandboxProfiles/com.google.googletalkbrowserplugin.sb (0 => 233177)
--- trunk/Source/WebKit/Resources/PlugInSandboxProfiles/com.google.googletalkbrowserplugin.sb (rev 0)
+++ trunk/Source/WebKit/Resources/PlugInSandboxProfiles/com.google.googletalkbrowserplugin.sb 2018-06-25 22:29:55 UTC (rev 233177)
@@ -0,0 +1,45 @@
+; Copyright (C) 2018 Apple Inc. All rights reserved.
+;
+; Redistribution and use in source and binary forms, with or without
+; modification, are permitted provided that the following conditions
+; are met:
+; 1. Redistributions of source code must retain the above copyright
+; notice, this list of conditions and the following disclaimer.
+; 2. Redistributions in binary form must reproduce the above copyright
+; notice, this list of conditions and the following disclaimer in the
+; documentation and/or other materials provided with the distribution.
+;
+; THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+; BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+; THE POSSIBILITY OF SUCH DAMAGE.
+
+(define (home-subpath home-relative-subpath)
+ (subpath (string-append (param "HOME_DIR") home-relative-subpath)))
+
+(allow file-read* file-write*
+ (home-subpath "/Library/Application Support/Google/Google Talk Plugin"))
+
+(allow file-read* file-write*
+ (subpath "/Library/Application Support/Google"))
+
+(allow job-creation)
+(allow signal)
+(allow mach-lookup)
+
+(webkit-powerbox)
+(webkit-printing)
+(webkit-camera)
+(webkit-microphone)
+
+(allow network-bind (local ip))
+
+(allow network-outbound)
+(allow network-inbound (local ip))
Modified: trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj (233176 => 233177)
--- trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2018-06-25 21:29:50 UTC (rev 233176)
+++ trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2018-06-25 22:29:55 UTC (rev 233177)
@@ -931,6 +931,7 @@
4131F3D11F96BCCC0059995A /* ServiceWorkerClientFetch.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4131F3D01F96BCC80059995A /* ServiceWorkerClientFetch.cpp */; };
4131F3E21F9880840059995A /* WebServiceWorkerFetchTaskClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4131F3E01F98712C0059995A /* WebServiceWorkerFetchTaskClient.cpp */; };
4135FBD11F4FB8090074C47B /* CacheStorageEngineCaches.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4135FBCF1F4FB7F20074C47B /* CacheStorageEngineCaches.cpp */; };
+ 413CCD5020DEBC740065A21A /* com.google.googletalkbrowserplugin.sb in Copy Plug-in Sandbox Profiles */ = {isa = PBXBuildFile; fileRef = 413CCD4F20DEBC2F0065A21A /* com.google.googletalkbrowserplugin.sb */; };
414DD37920BF43F5006959FB /* com.cisco.webex.plugin.gpc64.sb in Resources */ = {isa = PBXBuildFile; fileRef = 414DD37820BF43EA006959FB /* com.cisco.webex.plugin.gpc64.sb */; };
414DD37A20BF49A5006959FB /* com.cisco.webex.plugin.gpc64.sb in Copy Plug-in Sandbox Profiles */ = {isa = PBXBuildFile; fileRef = 414DD37820BF43EA006959FB /* com.cisco.webex.plugin.gpc64.sb */; };
414DEDD71F9EDDE50047C40D /* ServiceWorkerProcessProxy.h in Headers */ = {isa = PBXBuildFile; fileRef = 414DEDD51F9EDDDF0047C40D /* ServiceWorkerProcessProxy.h */; };
@@ -2339,6 +2340,7 @@
7CB16FF01724BA24007A0A95 /* com.apple.QuickTime Plugin.plugin.sb in Copy Plug-in Sandbox Profiles */,
7A772C8D1DDD4A25000F34F1 /* com.apple.WebKit.plugin-common.sb in Copy Plug-in Sandbox Profiles */,
414DD37A20BF49A5006959FB /* com.cisco.webex.plugin.gpc64.sb in Copy Plug-in Sandbox Profiles */,
+ 413CCD5020DEBC740065A21A /* com.google.googletalkbrowserplugin.sb in Copy Plug-in Sandbox Profiles */,
A102A7081EC0EEE900D81D82 /* com.macromedia.Flash Player ESR.plugin.sb in Copy Plug-in Sandbox Profiles */,
7CB16FF21724BA28007A0A95 /* com.macromedia.Flash Player.plugin.sb in Copy Plug-in Sandbox Profiles */,
7CB16FF31724BA2F007A0A95 /* com.microsoft.SilverlightPlugin.sb in Copy Plug-in Sandbox Profiles */,
@@ -3326,6 +3328,7 @@
4131F3E01F98712C0059995A /* WebServiceWorkerFetchTaskClient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WebServiceWorkerFetchTaskClient.cpp; sourceTree = "<group>"; };
4135FBCF1F4FB7F20074C47B /* CacheStorageEngineCaches.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CacheStorageEngineCaches.cpp; sourceTree = "<group>"; };
4135FBD01F4FB7F20074C47B /* CacheStorageEngineCaches.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CacheStorageEngineCaches.h; sourceTree = "<group>"; };
+ 413CCD4F20DEBC2F0065A21A /* com.google.googletalkbrowserplugin.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.google.googletalkbrowserplugin.sb; sourceTree = "<group>"; };
414DD37820BF43EA006959FB /* com.cisco.webex.plugin.gpc64.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.cisco.webex.plugin.gpc64.sb; sourceTree = "<group>"; };
414DEDD51F9EDDDF0047C40D /* ServiceWorkerProcessProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ServiceWorkerProcessProxy.h; sourceTree = "<group>"; };
414DEDD61F9EDDE00047C40D /* ServiceWorkerProcessProxy.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ServiceWorkerProcessProxy.cpp; sourceTree = "<group>"; };
@@ -6947,6 +6950,7 @@
7CB16FE21724B9B5007A0A95 /* com.apple.ist.ds.appleconnect.webplugin.sb */,
7CB16FE31724B9B5007A0A95 /* com.apple.QuickTime Plugin.plugin.sb */,
414DD37820BF43EA006959FB /* com.cisco.webex.plugin.gpc64.sb */,
+ 413CCD4F20DEBC2F0065A21A /* com.google.googletalkbrowserplugin.sb */,
7A5E39491D5BD8A700B4B7CE /* com.macromedia.Flash Player ESR.plugin.sb */,
7CB16FE51724B9B5007A0A95 /* com.macromedia.Flash Player.plugin.sb */,
7CB16FE61724B9B5007A0A95 /* com.microsoft.SilverlightPlugin.sb */,
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
