<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[198973] trunk/Source/WebKit2</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/198973">198973</a></dd>
<dt>Author</dt> <dd>dbates@webkit.org</dd>
<dt>Date</dt> <dd>2016-04-02 12:34:14 -0700 (Sat, 02 Apr 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Another attempt to fix the Apple Internal Yosemite and El Capitan builds following
<http://trac.webkit.org/changeset/198933> (https://bugs.webkit.org/show_bug.cgi?id=155455)
Similar to the sandbox policy for WebProcess and NetworkProcess, grant a Database process
access to the passed user's cache directory and passed user's temporary directory so that
the Security framework can verify the code signature of the app that launched it when the
Database process is itself code signed.
* DatabaseProcess/mac/com.apple.WebKit.Databases.sb.in:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2DatabaseProcessmaccomappleWebKitDatabasessbin">trunk/Source/WebKit2/DatabaseProcess/mac/com.apple.WebKit.Databases.sb.in</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (198972 => 198973)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/ChangeLog 2016-04-02 16:34:03 UTC (rev 198972)
+++ trunk/Source/WebKit2/ChangeLog 2016-04-02 19:34:14 UTC (rev 198973)
</span><span class="lines">@@ -1,3 +1,15 @@
</span><ins>+2016-04-02 Daniel Bates <dabates@apple.com>
+
+ Another attempt to fix the Apple Internal Yosemite and El Capitan builds following
+ <http://trac.webkit.org/changeset/198933> (https://bugs.webkit.org/show_bug.cgi?id=155455)
+
+ Similar to the sandbox policy for WebProcess and NetworkProcess, grant a Database process
+ access to the passed user's cache directory and passed user's temporary directory so that
+ the Security framework can verify the code signature of the app that launched it when the
+ Database process is itself code signed.
+
+ * DatabaseProcess/mac/com.apple.WebKit.Databases.sb.in:
+
</ins><span class="cx"> 2016-04-01 Daniel Bates <dabates@apple.com>
</span><span class="cx">
</span><span class="cx"> Attempt to fix the Apple Internal Yosemite and El Capitan builds following
</span></span></pre></div>
<a id="trunkSourceWebKit2DatabaseProcessmaccomappleWebKitDatabasessbin"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/DatabaseProcess/mac/com.apple.WebKit.Databases.sb.in (198972 => 198973)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/DatabaseProcess/mac/com.apple.WebKit.Databases.sb.in 2016-04-02 16:34:03 UTC (rev 198972)
+++ trunk/Source/WebKit2/DatabaseProcess/mac/com.apple.WebKit.Databases.sb.in 2016-04-02 19:34:14 UTC (rev 198973)
</span><span class="lines">@@ -37,6 +37,13 @@
</span><span class="cx"> (define (home-literal home-relative-literal)
</span><span class="cx"> (literal (string-append (param "HOME_DIR") home-relative-literal)))
</span><span class="cx">
</span><ins>+;; For code signing verification
+(if (positive? (string-length (param "DARWIN_USER_CACHE_DIR")))
+ (allow file* (subpath (param "DARWIN_USER_CACHE_DIR"))))
+
+(if (positive? (string-length (param "DARWIN_USER_TEMP_DIR")))
+ (allow file* (subpath (param "DARWIN_USER_TEMP_DIR"))))
+
</ins><span class="cx"> ;; Read-only preferences and data
</span><span class="cx"> (allow file-read*
</span><span class="cx"> ;; Basic system paths
</span></span></pre>
</div>
</div>
</body>
</html>