[webkit-changes] [256334] branches/safari-609-branch/Source/WebKit

[bfulgham]

Title: [256334] branches/safari-609-branch/Source/WebKit

Revision

256334

Author

bfulg...@apple.com

Date

2020-02-11 11:54:21 -0800 (Tue, 11 Feb 2020)

Log Message

Apply patch. rdar://problem/59354409

Modified Paths

• branches/safari-609-branch/Source/WebKit/ChangeLog
• branches/safari-609-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb

Diff

Modified: branches/safari-609-branch/Source/WebKit/ChangeLog (256333 => 256334)

--- branches/safari-609-branch/Source/WebKit/ChangeLog	2020-02-11 19:41:55 UTC (rev 256333)
+++ branches/safari-609-branch/Source/WebKit/ChangeLog	2020-02-11 19:54:21 UTC (rev 256334)
@@ -1,3 +1,17 @@
+2020-02-11  Brent Fulgham  <bfulg...@apple.com>
+
+        Cherry-pick r254989. rdar://problem/59354409
+
+    [iOS] Camera is lost during WebRTC demo
+    https://bugs.webkit.org/show_bug.cgi?id=206613
+    <rdar://problem/58764572>
+
+    Reviewed by Brent Fulgham.
+
+    Fix observed sandbox violations in the Networking process.
+
+    * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+
 2020-02-10  Kocsen Chung  <kocsen_ch...@apple.com>
 
         Cherry-pick r256105. rdar://problem/59302221

Modified: branches/safari-609-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (256333 => 256334)

--- branches/safari-609-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb	2020-02-11 19:41:55 UTC (rev 256333)
+++ branches/safari-609-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb	2020-02-11 19:54:21 UTC (rev 256334)
@@ -587,8 +587,9 @@
 ;; enough access to make it possible.
 
 ;; IOKit user clients
-(allow iokit-open (with report) (with telemetry)
-       (iokit-user-client-class "RootDomainUserClient"))
+(allow iokit-open
+       (iokit-user-client-class "RootDomainUserClient") ;; Needed by PowerObserver
+)
 
 ;; Various services required by CFNetwork and other frameworks
 (allow mach-lookup
@@ -647,3 +648,21 @@
 ;; Various shared memory accesses required by system frameworks
 (allow ipc-posix-shm-read-data
     (ipc-posix-name "/com.apple.AppSSO.version"))
+
+;; Access to ContainerManager
+(allow mach-lookup
+    (global-name "com.apple.containermanagerd"))
+(allow ipc-posix-sem-open
+    (ipc-posix-name "containermanagerd.fb_check"))
+
+(allow file-read*
+    (literal "/dev/random")
+    (literal "/dev/urandom"))
+
+;; Access to MobileGestalt
+(allow mach-lookup
+    (global-name "com.apple.mobilegestalt.xpc"))
+(allow file-read*
+    (well-known-system-group-container-literal "/systemgroup.com.apple.mobilegestaltcache/Library/Caches/com.apple.MobileGestalt.plist"))
+(allow iokit-get-properties
+    (iokit-property "IORegistryEntryPropertyKeys"))

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes