[iOS] Move default mach-lookup deny to after common.sb is imported
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 7 Sep 2018 12:28:25 +0000 (12:28 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 7 Sep 2018 12:28:25 +0000 (12:28 +0000)
https://bugs.webkit.org/show_bug.cgi?id=189385
<rdar://problem/43624193>

Reviewed by Eric Carlson.

* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: Move the 'deny mach-lookup' call later in the file.
* Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb: Ditto.
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@235781 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

index 6cf3204..e1e3cb7 100644 (file)
@@ -1,3 +1,15 @@
+2018-09-07  Brent Fulgham  <bfulgham@apple.com>
+
+        [iOS] Move default mach-lookup deny to after common.sb is imported
+        https://bugs.webkit.org/show_bug.cgi?id=189385
+        <rdar://problem/43624193>
+
+        Reviewed by Eric Carlson.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: Move the 'deny mach-lookup' call later in the file.
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb: Ditto.
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Ditto.
+
 2018-09-06  Wenson Hsieh  <wenson_hsieh@apple.com>
 
         Refactor WebCore::EditAction to be an 8-bit enum class
index 2898776..ceefddf 100644 (file)
 (deny default (with partial-symbolication))
 (allow system-audit file-read-metadata)
 
-(deny mach-lookup (xpc-service-name-prefix ""))
-
 (import "common.sb")
 
+(deny mach-lookup (xpc-service-name-prefix #""))
+
 (deny lsopen)
 
 (deny sysctl*)
index e89d757..df9783b 100644 (file)
@@ -1,4 +1,4 @@
-; Copyright (C) 2014 Apple Inc. All rights reserved.
+; Copyright (C) 2014-2018 Apple Inc. All rights reserved.
 ;
 ; Redistribution and use in source and binary forms, with or without
 ; modification, are permitted provided that the following conditions
 (deny default (with partial-symbolication))
 (allow system-audit file-read-metadata)
 
-(deny mach-lookup (xpc-service-name-prefix ""))
-
 (import "common.sb")
 
+(deny mach-lookup (xpc-service-name-prefix #""))
+
 (deny lsopen)
 
 (allow file-read* file-write* (extension "com.apple.app-sandbox.read-write"))
index 3a973d0..1ed824f 100644 (file)
 (deny default (with partial-symbolication))
 (allow system-audit file-read-metadata)
 
-(deny mach-lookup (xpc-service-name-prefix ""))
-
 (import "common.sb")
 
+(deny mach-lookup (xpc-service-name-prefix #""))
+
 (deny lsopen)
 
 ;;;