2011-05-16 Maciej Stachowiak <mjs@apple.com>
authormjs@apple.com <mjs@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 16 May 2011 21:37:50 +0000 (21:37 +0000)
committermjs@apple.com <mjs@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 16 May 2011 21:37:50 +0000 (21:37 +0000)
        Reviewed by Sam Weinig.

        Sandbox denies Kerberos authentication
        https://bugs.webkit.org/show_bug.cgi?id=60921
        <rdar://problem/9133872>

        * WebProcess/com.apple.WebProcess.sb:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86608 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/com.apple.WebProcess.sb

index 21b7665..03ee389 100644 (file)
@@ -1,3 +1,13 @@
+2011-05-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Sandbox denies Kerberos authentication
+        https://bugs.webkit.org/show_bug.cgi?id=60921
+        <rdar://problem/9133872>
+        
+        * WebProcess/com.apple.WebProcess.sb:
+
 2011-05-16  David Kilzer  <ddkilzer@apple.com>
 
         <http://webkit.org/b/60913> C++ exceptions should not be enabled when building with llvm-gcc-4.2
index 20683ce..101435d 100644 (file)
 (allow file-read*
        (home-literal "/Library/Preferences/com.apple.Safari.RSS.plist")
        (home-literal "/Library/Preferences/com.apple.Syndication.plist"))
+
+;; FIXME should be removed when <rdar://problem/9347205> + related radar in Safari is fixed
+(allow mach-lookup
+       (global-name "org.h5l.kcm")
+       (global-name "com.apple.system.logger")
+       (global-name "com.apple.system.notification_center"))
+(allow network-outbound
+       (remote udp))
+(allow file-read*
+        (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.Kerberos.plist"))
+        (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.GSS.plist"))
+        (literal (string-append (param "HOME_DIR") "/Library/Preferences/edu.mit.Kerberos"))
+        (literal "/Library/Preferences/com.apple.Kerberos.plist")
+        (literal "/Library/Preferences/com.apple.GSS.plist")
+        (literal "/Library/Preferences/edu.mit.Kerberos")
+        (literal "/private/etc/krb5.conf")
+        (literal "/private/etc/services")
+        (literal "/private/etc/host"))