[webkit-changes] [171113] trunk/Source/WebKit2

Tue, 15 Jul 2014 13:32:43 -0700

Title: [171113] trunk/Source/WebKit2
Revision
171113
Author
oli...@apple.com
Date
2014-07-15 13:31:50 -0700 (Tue, 15 Jul 2014)

Log Message

More tidying of the webcontent sandbox profile
https://bugs.webkit.org/show_bug.cgi?id=134938

Reviewed by Alexey Proskuryakov.

Remove some excessive abilities from the profile and make
the required ones explicit.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

Modified Paths

Diff

Modified: trunk/Source/WebKit2/ChangeLog (171112 => 171113)


--- trunk/Source/WebKit2/ChangeLog	2014-07-15 19:41:32 UTC (rev 171112)
+++ trunk/Source/WebKit2/ChangeLog	2014-07-15 20:31:50 UTC (rev 171113)
@@ -1,3 +1,15 @@
+2014-07-15  Oliver Hunt  <oli...@apple.com>
+
+        More tidying of the webcontent sandbox profile
+        https://bugs.webkit.org/show_bug.cgi?id=134938
+
+        Reviewed by Alexey Proskuryakov.
+
+        Remove some excessive abilities from the profile and make
+        the required ones explicit.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2014-07-14  Andreas Kling  <akl...@apple.com>
 
         [iOS] Don't progressively re-render tiles while pinch-zooming under memory pressure.

Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (171112 => 171113)


--- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2014-07-15 19:41:32 UTC (rev 171112)
+++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2014-07-15 20:31:50 UTC (rev 171113)
@@ -29,7 +29,7 @@
 (import "removed-dev-nodes.sb")
 (import "apple-UI-apps.sb")
 
-(apple-ui-app "com.apple.WebKit.WebContent" 'with-webkit 'with-opengl)
+(apple-ui-app "com.apple.WebKit.WebContent" 'with-opengl)
 (opengl)
 
 ;; Access CFNetwork shared cookies
@@ -87,7 +87,10 @@
 
 ;; Various services required by CFNetwork and other frameworks
 (allow mach-lookup
-       (global-name "com.apple.PowerManagement.control"))
+    (global-name "com.apple.PowerManagement.control")
+    (global-name "com.apple.accountsd.accountmanager"))
 
 (deny file-write-create (vnode-type SYMLINK))
 (deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))
+
+(network-client (remote tcp))

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to