[webkit-reviews] review granted: [Bug 135134] Correct sandbox profiles to fix some excess privileges : [Attachment 235253] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 21 17:05:43 PDT 2014
Alexey Proskuryakov <ap at webkit.org> has granted Oliver Hunt
<oliver at apple.com>'s request for review:
Bug 135134: Correct sandbox profiles to fix some excess privileges
https://bugs.webkit.org/show_bug.cgi?id=135134
Attachment 235253: Patch
https://bugs.webkit.org/attachment.cgi?id=235253&action=review
------- Additional Comments from Alexey Proskuryakov <ap at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=235253&action=review
> Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb:32
> +(allow file-read* file-write* (require-any (
> + extension "com.apple.app-sandbox.read-write") (extension
"com.apple.app-sandbox.read-write")))
This is nonsense - com.apple.app-sandbox.read-write is repeated twice. Please
fix.
>
Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:40
> + (require-any (extension "com.apple.webkit.read-write") (extension
"com.apple.app-sandbox.read-write"))
I think that com.apple.webkit.read-write is here by some misunderstanding.
Please remove, or at the very least, please add a FIXME about removing it.
>
Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:74
> + (require-any (extension "com.apple.webkit.read-write") (extension
"com.apple.app-sandbox.read-write"))
Ditto.
More information about the webkit-reviews
mailing list