[macOS] Fix sandbox violations
authorpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 4 Apr 2019 20:44:50 +0000 (20:44 +0000)
committerpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 4 Apr 2019 20:44:50 +0000 (20:44 +0000)
https://bugs.webkit.org/show_bug.cgi?id=196616
<rdar://problem/49498040>

Reviewed by Brent Fulgham.

Fix some observed sandbox violations in the WebContent process on macOS.

* WebProcess/com.apple.WebProcess.sb.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243900 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

index 5c6549d..956de45 100644 (file)
@@ -1,3 +1,15 @@
+2019-04-04  Per Arne Vollan  <pvollan@apple.com>
+
+        [macOS] Fix sandbox violations
+        https://bugs.webkit.org/show_bug.cgi?id=196616
+        <rdar://problem/49498040>
+
+        Reviewed by Brent Fulgham.
+
+        Fix some observed sandbox violations in the WebContent process on macOS.
+
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2019-04-04  Eric Carlson  <eric.carlson@apple.com>
 
         [MediaStream] Host should be able to mute screen capture and camera/microphone independently
index 8a9751f..dc03779 100644 (file)
     (iokit-property "cail_properties")
     (iokit-property "dpm")
 #endif
+    (iokit-property "IOGVAH264EncodeCapabilities") ;; <rdar://problem/49498040>
 )
 
 #if !PLATFORM(MAC) || __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300
        (subpath "/private/var/db/mds")
        (literal "/private/var/db/DetachedSignatures"))
 
-(allow ipc-posix-shm-read* ipc-posix-shm-write-data
+(allow ipc-posix-shm-read* ipc-posix-shm-write-data ipc-posix-shm-write-create
        (ipc-posix-name "com.apple.AppleDatabaseChanged"))
 
 ;; CoreFoundation. We don't import com.apple.corefoundation.sb, because it allows unnecessary access to pasteboard.