[iOS] Silently deny access to mail settings triggered by MessageUI framework
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 4 Jan 2019 16:44:43 +0000 (16:44 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 4 Jan 2019 16:44:43 +0000 (16:44 +0000)
https://bugs.webkit.org/show_bug.cgi?id=193123
<rdar://problem/42485581>

Reviewed by Alexey Proskuryakov.

Remove unhelpful logging generated when we block access to non-WebKit preferences. These
invalid checks are done by an system framework that we cannot modify.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239611 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

index 2466949..153c822 100644 (file)
@@ -1,5 +1,18 @@
 2019-01-03  Brent Fulgham  <bfulgham@apple.com>
 
+        [iOS] Silently deny access to mail settings triggered by MessageUI framework
+        https://bugs.webkit.org/show_bug.cgi?id=193123
+        <rdar://problem/42485581>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Remove unhelpful logging generated when we block access to non-WebKit preferences. These
+        invalid checks are done by an system framework that we cannot modify.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
+2019-01-03  Brent Fulgham  <bfulgham@apple.com>
+
         [iOS] Update sandbox profile to use iconservices instead of lsdiconservice
         https://bugs.webkit.org/show_bug.cgi?id=193115
         <rdar://problem/44867379>
index b36ab4f..d29efd5 100644 (file)
     "com.apple.lookup.shared" ; Needed for DataDetector (Spotlight) support
 )
 
+;; Silently deny unnecessary accesses caused by MessageUI framework.
+;; This can be removed once <rdar://problem/47038102> is resolved.
+(deny file-read*
+    (home-literal "/Library/Preferences/com.apple.mobilemail.plist")
+    (with no-log))
+
 ;; <rdar://problem/12985925> Need read access to /var/mobile/Library/Fonts to all apps
 (allow file-read*
     (home-subpath "/Library/Fonts"))