[iOS WK2] Add extension read permission to network sandbox profile
[WebKit-https.git] / Source / WebKit2 / Resources / SandboxProfiles / ios / com.apple.WebKit.Networking.sb
index 2a0fdfd..dc8d963 100644 (file)
 (import "common.sb")
 (import "removed-dev-nodes.sb")
 
-;; Access CFNetwork shared cookies
-;; This is too generous -- <rdar://problem/17496756>
-(apple-cookie-access 'with-read-write)
-
-;; Sandbox extensions
-(allow file-read* (extension "com.apple.webkit.read"))
-
 ;; Access to client's cache folder & re-vending to CFNetwork.
 ;; FIXME: Remove the webkti specific extension classes <rdar://problem/17755931>
 (allow file-issue-extension (require-all
-    (require-any (extension "com.apple.webkit.read-write") (extension "com.apple.app-sandbox.read-write"))
+    (extension "com.apple.app-sandbox.read-write")
     (extension-class "com.apple.nsurlstorage.extension-cache")))
 
 ;; App sandbox extensions
 (allow file-read* file-write* (extension "com.apple.app-sandbox.read-write"))
-
-;; Access to own cache & temp folders.
-(allow file-read* file-write* (extension "com.apple.webkit.read-write"))
+(allow file-read* (extension "com.apple.app-sandbox.read"))
 
 ;; IOKit user clients
 (allow iokit-open
@@ -59,8 +50,9 @@
 
 ;; Security framework
 (allow mach-lookup
-       (global-name "com.apple.ocspd")
-       (global-name "com.apple.securityd"))
+    (global-name "com.apple.ocspd")
+    (global-name "com.apple.securityd")
+    (global-name "com.apple.accountsd.accountmanager"))
 
 (deny file-write-create
        (vnode-type SYMLINK))