Sandbox violations when visiting a site using HTTP authentication
authorweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 5 Feb 2011 00:30:19 +0000 (00:30 +0000)
committerweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 5 Feb 2011 00:30:19 +0000 (00:30 +0000)
<rdar://problem/8951079>

Reviewed by Mark Rowe.

* WebProcess/com.apple.WebProcess.sb:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77703 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/com.apple.WebProcess.sb

index e2f679a96cb271f5b8bc653897faeeec6af60ca0..7de8bca8cfcf0418a490b4600536463644e142a7 100644 (file)
@@ -1,3 +1,12 @@
+2011-02-04  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Sandbox violations when visiting a site using HTTP authentication
+        <rdar://problem/8951079> 
+
+        * WebProcess/com.apple.WebProcess.sb:
+
 2011-02-04  Alexey Proskuryakov  <ap@apple.com>
 
         Reviewed by Darin Adler.
index 1d12965358d144f7839391e614cb24739237119c..9087c41721ccc164dc74883ff57ff6d3b283b267 100644 (file)
@@ -6,51 +6,53 @@
 
 ;; Read-only preferences and data
 (allow file-read*
-   ;; Basic system paths
-   (subpath "/Library/Fonts")
-   (subpath "/Library/Frameworks")
-   (subpath "/Library/Keychains")
-   (subpath "/private/var/db/mds")
-   (regex #"^/private/etc/(hosts|group|passwd)$")
-
-   ;; Plugins
-   (subpath "/Library/Internet Plug-Ins")
-   (subpath (string-append (param "HOME_DIR") "/Library/Internet Plug-Ins"))
-
-   ;; System and user preferences
-   (literal "/Library/Preferences/.GlobalPreferences.plist")
-   (literal "/Library/Preferences/com.apple.security.plist")
-   (literal (string-append (param "HOME_DIR") "/Library/Preferences/.GlobalPreferences.plist"))
-   (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/\.GlobalPreferences\."))
-   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.ATS.plist"))
-   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.HIToolbox.plist"))
-   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.LaunchServices.plist"))
-   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.WebFoundation.plist"))
-   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.security.plist"))
-   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.security.revocation.plist"))
-   (subpath (string-append (param "HOME_DIR") "/Library/Keychains"))
-
-   ;; On-disk WebKit2 framework location, to account for debug installations
-   ;; outside of /System/Library/Frameworks
-   (subpath (param "WEBKIT2_FRAMEWORK_DIR"))
-
-   ;; FIXME: This should be removed when <rdar://problem/8957845> is fixed.
-   (subpath (string-append (param "HOME_DIR") "/Library/Fonts"))
-
-   ;; Extensions from UIProcess
-   (extension)
+    ;; Basic system paths
+    (subpath "/Library/Fonts")
+    (subpath "/Library/Frameworks")
+    (subpath "/Library/Keychains")
+    (subpath "/private/var/db/mds")
+    (subpath "/private/var/db/DetachedSignatures")
+    (regex #"^/private/etc/(hosts|group|passwd)$")
+
+    ;; Plugins
+    (subpath "/Library/Internet Plug-Ins")
+    (subpath (string-append (param "HOME_DIR") "/Library/Internet Plug-Ins"))
+
+    ;; System and user preferences
+    (literal "/Library/Preferences/.GlobalPreferences.plist")
+    (literal "/Library/Preferences/com.apple.security.plist")
+    (literal (string-append (param "HOME_DIR") "/Library/Preferences/.GlobalPreferences.plist"))
+    (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/\.GlobalPreferences\."))
+    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.ATS.plist"))
+    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.HIToolbox.plist"))
+    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.LaunchServices.plist"))
+    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.WebFoundation.plist"))
+    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.security.plist"))
+    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.security.revocation.plist"))
+    (literal (string-append (param "HOME_DIR") "/Library/Application Support/SyncServices/Local/ClientsWithChanges/com.apple.Keychain"))
+
+    ;; On-disk WebKit2 framework location, to account for debug installations
+    ;; outside of /System/Library/Frameworks
+    (subpath (param "WEBKIT2_FRAMEWORK_DIR"))
+
+    ;; FIXME: This should be removed when <rdar://problem/8957845> is fixed.
+    (subpath (string-append (param "HOME_DIR") "/Library/Fonts"))
+
+    ;; Extensions from UIProcess
+    (extension)
 )
 
 (allow file-write*
-   ;; Extensions from UIProcess
-   (extension)
+    ;; Extensions from UIProcess
+    (extension)
 )
 
 ;; Writable preferences and temporary files
 (allow file*
-   (subpath (string-append (param "HOME_DIR") "/Library/Caches/com.apple.WebProcess"))
-   (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/com\.apple\.HIToolbox\."))
-   (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/com\.apple\.WebProcess\."))
+    (subpath (string-append (param "HOME_DIR") "/Library/Caches/com.apple.WebProcess"))
+    (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/com\.apple\.HIToolbox\."))
+    (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/com\.apple\.WebProcess\."))
+    (subpath (string-append (param "HOME_DIR") "/Library/Keychains"))
 )
 
 ;; Darwin temporary files and caches, if present