[OS X][WK2] Expand sandbox for new mach endpoints
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 23 Jun 2016 19:16:42 +0000 (19:16 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 23 Jun 2016 19:16:42 +0000 (19:16 +0000)
https://bugs.webkit.org/show_bug.cgi?id=159040
<rdar://problem/25238336>

Reviewed by Alexey Proskuryakov.

Grant the WebContent and Networking processes the mach lookup capability for
various Security-related mach endpoints..

* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
* WebProcess/com.apple.WebProcess.sb.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202389 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in
Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in

index 63ba207..f649d61 100644 (file)
@@ -1,3 +1,17 @@
+2016-06-23  Brent Fulgham  <bfulgham@apple.com>
+
+        [OS X][WK2] Expand sandbox for new mach endpoints
+        https://bugs.webkit.org/show_bug.cgi?id=159040
+        <rdar://problem/25238336>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Grant the WebContent and Networking processes the mach lookup capability for
+        various Security-related mach endpoints..
+
+        * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2016-06-23  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, rolling out r201194.
index ca2a5cc..1eeb4d3 100644 (file)
@@ -1,4 +1,4 @@
-; Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
+; Copyright (C) 2013-2016 Apple Inc. All rights reserved.
 ;
 ; Redistribution and use in source and binary forms, with or without
 ; modification, are permitted provided that the following conditions
 
 ;; Security framework
 (allow mach-lookup
+       (global-name "com.apple.ctkd.token-client") 
        (global-name "com.apple.ocspd")
+       (global-name "com.apple.securityd.xpc") 
+       (global-name "com.apple.CoreAuthentication.agent.libxpc")
        (global-name "com.apple.SecurityServer"))
 (allow file-read* file-write* (home-subpath "/Library/Keychains")) ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
 (allow file-read* file-write* (subpath "/private/var/db/mds/system")) ;; FIXME: This should be removed when <rdar://problem/9538414> is fixed.
index 4d89ab7..f0e1e1d 100644 (file)
 
 ;; Security framework
 (allow mach-lookup
+       (global-name "com.apple.ctkd.token-client") 
        (global-name "com.apple.ocspd")
+       (global-name "com.apple.securityd.xpc") 
+       (global-name "com.apple.CoreAuthentication.agent.libxpc")
        (global-name "com.apple.SecurityServer"))
 (allow file-read* file-write* (home-subpath "/Library/Keychains")) ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
 (allow file-read* file-write* (subpath "/private/var/db/mds/system")) ;; FIXME: This should be removed when <rdar://problem/9538414> is fixed.