2011-04-07 Maciej Stachowiak <mjs@apple.com>
authormjs@apple.com <mjs@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 7 Apr 2011 09:53:46 +0000 (09:53 +0000)
committermjs@apple.com <mjs@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 7 Apr 2011 09:53:46 +0000 (09:53 +0000)
        Reviewed by Adam Barth.

        Remove temporary WebProcess sandbox rules that are unnecessary now that plugins are in their own process
        https://bugs.webkit.org/show_bug.cgi?id=58023

        * WebProcess/com.apple.WebProcess.sb:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@83157 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/com.apple.WebProcess.sb

index 3609d3f..0e4f021 100644 (file)
@@ -1,5 +1,14 @@
 2011-04-07  Maciej Stachowiak  <mjs@apple.com>
 
+        Reviewed by Adam Barth.
+
+        Remove temporary WebProcess sandbox rules that are unnecessary now that plugins are in their own process
+        https://bugs.webkit.org/show_bug.cgi?id=58023
+
+        * WebProcess/com.apple.WebProcess.sb:
+
+2011-04-07  Maciej Stachowiak  <mjs@apple.com>
+
         Reviewed by Dan Bernstein.
 
         Remove some no longer needed WebProcess sandbox allowances
index fb7869b..dbcbee6 100644 (file)
    (remote tcp)
 )
 
-;; FIXME: These rules are required until plug-ins are moved out of the web process.
-(allow file-read*
-   (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/com\.apple\.ist\."))
-   (literal (string-append (param "HOME_DIR") "/Library/Preferences/edu.mit.Kerberos"))
-   (literal "/Library/Preferences/edu.mit.Kerberos")
-)
-
-(allow mach-lookup
-   (global-name "org.h5l.kcm")
-   (global-name "com.apple.tsm.uiserver")
-   (global-name-regex #"^com\.apple\.ist")
-)
-
-(allow network-outbound (remote ip))
-
 ;; FIXME: Once <rdar://problem/8900275> has been fixed, these rules can be removed.
 (allow mach-lookup (global-name "com.apple.pubsub.ipc"))
 (allow network-outbound (regex #"^/private/tmp/launch-[^/]+/Render"))