Restrict network process to remote connections
authoroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 14 Jul 2014 23:13:56 +0000 (23:13 +0000)
committeroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 14 Jul 2014 23:13:56 +0000 (23:13 +0000)
https://bugs.webkit.org/show_bug.cgi?id=134908

Reviewed by Geoffrey Garen.

Further restrict network client

* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171090 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb

index c133c19..ccef92c 100644 (file)
@@ -1,3 +1,14 @@
+2014-07-14  Oliver Hunt  <oliver@apple.com>
+
+        Restrict network process to remote connections
+        https://bugs.webkit.org/show_bug.cgi?id=134908
+
+        Reviewed by Geoffrey Garen.
+
+        Further restrict network client
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+
 2014-07-14  Tim Horton  <timothy_horton@apple.com>
 
         ASSERT(isMainThread()) under OneShotDisplayLinkHandler
index 2e8a89f..ef5a7a4 100644 (file)
@@ -53,7 +53,7 @@
 (allow mach-lookup
        (global-name "com.apple.PowerManagement.control"))
 
-(network-client)
+(network-client (remote tcp))
 
 ;; Security framework
 (allow mach-lookup