Skip to content
Permalink
Browse files
Close access to "lsopen" for non-UI process
https://bugs.webkit.org/show_bug.cgi?id=185890
<rdar://problem/39686511>

Reviewed by Alexey Proskuryakov.

Close down access to 'lsopen' in the iOS sandboxes. These operations are
performed by the UIProcess on behalf of these helper processes.

* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:


Canonical link: https://commits.webkit.org/201344@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@232097 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
brentfulgham committed May 23, 2018
1 parent 326f6e2 commit d2632b85cb206a88952ed396fcb1bf4f6e0a55e9
@@ -1,3 +1,18 @@
2018-05-22 Brent Fulgham <bfulgham@apple.com>

Close access to "lsopen" for non-UI process
https://bugs.webkit.org/show_bug.cgi?id=185890
<rdar://problem/39686511>

Reviewed by Alexey Proskuryakov.

Close down access to 'lsopen' in the iOS sandboxes. These operations are
performed by the UIProcess on behalf of these helper processes.

* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

2018-05-22 Dean Jackson <dino@apple.com>

Optimized path zoom animation needs a valid UIImage and CGRect
@@ -29,6 +29,8 @@

(import "common.sb")

(deny lsopen)

(deny sysctl*)
(allow sysctl-read
(sysctl-name
@@ -29,6 +29,8 @@

(import "common.sb")

(deny lsopen)

(allow file-read* file-write* (extension "com.apple.app-sandbox.read-write"))

(deny sysctl*)
@@ -29,6 +29,8 @@

(import "common.sb")

(deny lsopen)

;;;
;;; The following rules were originally contained in 'UIKit-apps.sb'. We are duplicating them here so we can
;;; remove unneeded sandbox extensions.

0 comments on commit d2632b8

Please sign in to comment.