[macOS] Correct kerberos-related sandbox violations
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 27 Mar 2019 00:55:19 +0000 (00:55 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 27 Mar 2019 00:55:19 +0000 (00:55 +0000)
https://bugs.webkit.org/show_bug.cgi?id=196279
<rdar://problem/48622502>

Reviewed by Per Arne Vollan.

We need to allow communications with a Kerberos-related service on macOS
until <rdar://problem/35542803> is fixed.

* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243531 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in

index 928202b..3940ed6 100644 (file)
@@ -1,3 +1,16 @@
+2019-03-26  Brent Fulgham  <bfulgham@apple.com>
+
+        [macOS] Correct kerberos-related sandbox violations
+        https://bugs.webkit.org/show_bug.cgi?id=196279
+        <rdar://problem/48622502>
+
+        Reviewed by Per Arne Vollan.
+
+        We need to allow communications with a Kerberos-related service on macOS
+        until <rdar://problem/35542803> is fixed.
+
+        * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+
 2019-03-26  Chris Dumez  <cdumez@apple.com>
 
         [macOS] The network process is not exiting reliably when the WebProcessPool is destroyed
index 3ef0566..06a13d4 100644 (file)
@@ -94,6 +94,7 @@
         "kCFPreferencesAnyApplication"
         "com.apple.DownloadAssessment"
         "com.apple.WebFoundation"
+        "com.apple.ist.ds.appleconnect2.uat" ;; Remove after <rdar://problem/35542803> ships
         "com.apple.networkConnect"))
 (allow file-read*
     ;; Basic system paths
 (allow mach-lookup
     (global-name "org.h5l.kcm")
     (global-name "com.apple.GSSCred")
+    (global-name "com.apple.ist.ds.appleconnect.service.kdctunnel") ;; Remove after <rdar://problem/35542803> ships
     (global-name "com.apple.system.logger")
     (global-name "com.apple.system.notification_center"))
 (allow network-outbound