[OS X][WK2] Expand sandbox for new mach endpoints

author bfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>

Thu, 19 May 2016 22:55:04 +0000 (22:55 +0000)

committer bfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>

Thu, 19 May 2016 22:55:04 +0000 (22:55 +0000)
author bfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 19 May 2016 22:55:04 +0000 (22:55 +0000)
committer bfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 19 May 2016 22:55:04 +0000 (22:55 +0000)
diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog

index 0142f32..c9fa7ae 100644 (file)
--- a/Source/WebKit2/ChangeLog
+++ b/Source/WebKit2/ChangeLog
@@ -1,3 +1,17 @@
+2016-05-19  Brent Fulgham  <bfulgham@apple.com>
+
+        [OS X][WK2] Expand sandbox for new mach endpoints
+        https://bugs.webkit.org/show_bug.cgi?id=157919
+        <rdar://problem/25238336>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Grant the WebContent and Networking processes the mach lookup capability for
+        various Security-related mach endpoints..
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
  2016-05-19  Brian Burg  <bburg@apple.com>
  
          Web Inspector: CRASH when closing a page while element selection mode is enabled via Develop menu
diff --git a/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb b/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb

index a22984f..020825e 100644 (file)
--- a/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb
+++ b/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb
@@ -56,6 +56,9 @@
  (allow mach-lookup
      (global-name "com.apple.ocspd")
      (global-name "com.apple.securityd")
+    (global-name "com.apple.securityd.xpc")
+    (global-name "com.apple.ctkd.token-client")
+    (global-name "com.apple.CoreAuthentication.agent.libxpc")
      (global-name "com.apple.accountsd.accountmanager"))
  
  (deny file-write-create
diff --git a/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb b/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

index 727cf03..827785a 100644 (file)
--- a/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
+++ b/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
@@ -75,6 +75,9 @@
  ;; Various services required by CFNetwork and other frameworks
  (allow mach-lookup
      (global-name "com.apple.PowerManagement.control")
+    (global-name "com.apple.securityd.xpc")
+    (global-name "com.apple.ctkd.token-client")
+    (global-name "com.apple.CoreAuthentication.agent.libxpc")
      (global-name "com.apple.accountsd.accountmanager")
      (global-name "com.apple.coremedia.audiodeviceclock"))
author	bfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Thu, 19 May 2016 22:55:04 +0000 (22:55 +0000)
committer	bfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Thu, 19 May 2016 22:55:04 +0000 (22:55 +0000)
Source/WebKit2/ChangeLog		patch \| blob \| history
Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb		patch \| blob \| history
Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb		patch \| blob \| history