Correct sandbox profiles to fix some excess privileges
authoroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Jul 2014 00:10:11 +0000 (00:10 +0000)
committeroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Jul 2014 00:10:11 +0000 (00:10 +0000)
commit470b132d3a16ae41198c73851a828933892dec1e
tree9a871b9393a9ff10561afeb44e451ca76cd23b7f
parentb6a8dc479c650020058385f6add52e0acaec6713
Correct sandbox profiles to fix some excess privileges
https://bugs.webkit.org/show_bug.cgi?id=135134
<rdar://problem/17741886>
<rdar://problem/17739080>

Reviewed by Alexey Proskuryakov.

This cleans up our sandbox profiles to fix a few issues - the profiles
no longer allow us to issue file extension we have the ability to consume,
and tightens some of the other file access rules.

This means we have to addd some rules to allow us to access things
that we previously had access to due to lax file system restrictions.

Some of the features were fixable simply by using entitlements on the
process rather than custom rules.

* Configurations/WebContent-iOS.entitlements:
* Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171322 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebKit2/ChangeLog
Source/WebKit2/Configurations/WebContent-iOS.entitlements
Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb
Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb
Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb