[OS X][WK2] Expand sandbox for new mach endpoints
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 19 May 2016 22:55:04 +0000 (22:55 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 19 May 2016 22:55:04 +0000 (22:55 +0000)
https://bugs.webkit.org/show_bug.cgi?id=157919
<rdar://problem/25238336>

Reviewed by Alexey Proskuryakov.

Grant the WebContent and Networking processes the mach lookup capability for
various Security-related mach endpoints..

* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201194 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb
Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

index 0142f32..c9fa7ae 100644 (file)
@@ -1,3 +1,17 @@
+2016-05-19  Brent Fulgham  <bfulgham@apple.com>
+
+        [OS X][WK2] Expand sandbox for new mach endpoints
+        https://bugs.webkit.org/show_bug.cgi?id=157919
+        <rdar://problem/25238336>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Grant the WebContent and Networking processes the mach lookup capability for
+        various Security-related mach endpoints..
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2016-05-19  Brian Burg  <bburg@apple.com>
 
         Web Inspector: CRASH when closing a page while element selection mode is enabled via Develop menu
index a22984f..020825e 100644 (file)
@@ -56,6 +56,9 @@
 (allow mach-lookup
     (global-name "com.apple.ocspd")
     (global-name "com.apple.securityd")
+    (global-name "com.apple.securityd.xpc")
+    (global-name "com.apple.ctkd.token-client")
+    (global-name "com.apple.CoreAuthentication.agent.libxpc")
     (global-name "com.apple.accountsd.accountmanager"))
 
 (deny file-write-create
index 727cf03..827785a 100644 (file)
@@ -75,6 +75,9 @@
 ;; Various services required by CFNetwork and other frameworks
 (allow mach-lookup
     (global-name "com.apple.PowerManagement.control")
+    (global-name "com.apple.securityd.xpc")
+    (global-name "com.apple.ctkd.token-client")
+    (global-name "com.apple.CoreAuthentication.agent.libxpc")
     (global-name "com.apple.accountsd.accountmanager")
     (global-name "com.apple.coremedia.audiodeviceclock"))