[webkit-changes] [WebKit/WebKit] 5ab76c: Add webpushd iOS sandbox

bnham noreply at github.com
Fri Dec 16 20:20:02 PST 2022


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 5ab76c736b677f30be2693170b9ce4cee662b1dc
      https://github.com/WebKit/WebKit/commit/5ab76c736b677f30be2693170b9ce4cee662b1dc
  Author: Ben Nham <nham at apple.com>
  Date:   2022-12-16 (Fri, 16 Dec 2022)

  Changed paths:
    M Source/WebKit/DerivedSources-input.xcfilelist
    M Source/WebKit/DerivedSources-output.xcfilelist
    M Source/WebKit/DerivedSources.make
    A Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.webpushd.sb.in
    M Source/WebKit/Scripts/process-entitlements.sh
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj

  Log Message:
  -----------
  Add webpushd iOS sandbox
https://bugs.webkit.org/show_bug.cgi?id=249436
rdar://103410333

Reviewed by Brady Eidson.

This adds a sandbox profile for webpushd on iOS. It allows standard system operations, reading and
writing to the PushDatabase, interacting with apsd, and interacting with LaunchServices.

For now, the sandbox defaults to allowing all operations with symbolication, but we'll change the
default to deny once we're sure these rules are sufficient.

* Source/WebKit/DerivedSources-input.xcfilelist:
* Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.webpushd.sb.in: Added.
* Source/WebKit/Scripts/process-entitlements.sh:
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:

Canonical link: https://commits.webkit.org/258033@main




More information about the webkit-changes mailing list