Skip to content
Permalink
Browse files
[macOS] Disable permissive call logging in sandbox
https://bugs.webkit.org/show_bug.cgi?id=194061

Reviewed by Alexey Proskuryakov.

Strict call filtering should be reenabled.

* WebProcess/com.apple.WebProcess.sb.in:


Canonical link: https://commits.webkit.org/208588@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@240811 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
pvollan committed Jan 31, 2019
1 parent 637fbc2 commit f8e95cb018331648c4019bad4fcbf003b308b7cf
Showing 2 changed files with 13 additions and 0 deletions.
@@ -1,3 +1,14 @@
2019-01-31 Per Arne Vollan <pvollan@apple.com>

[macOS] Disable permissive call logging in sandbox
https://bugs.webkit.org/show_bug.cgi?id=194061

Reviewed by Alexey Proskuryakov.

Strict call filtering should be reenabled.

* WebProcess/com.apple.WebProcess.sb.in:

2019-01-31 Per Arne Vollan <pvollan@apple.com>

[macOS] Crash when control-clicking or copying text rendered with a web font
@@ -830,6 +830,7 @@
#endif // PLATFORM(MAC)

(when (defined? 'syscall-unix)
(deny syscall-unix (with send-signal SIGKILL))
(allow syscall-unix
(syscall-number SYS_exit)
(syscall-number SYS_read)
@@ -959,6 +960,7 @@
(syscall-number SYS_necp_client_action)
(syscall-number SYS_ulock_wait)
(syscall-number SYS_ulock_wake)
(syscall-number SYS_work_interval_ctl)
)
)

0 comments on commit f8e95cb

Please sign in to comment.