[webkit-reviews] review granted: [Bug 205468] Unblock iokit-get-property needed for frame buffer initialization : [Attachment 386135] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Dec 19 14:22:59 PST 2019
Per Arne Vollan <pvollan at apple.com> has granted Brent Fulgham
<bfulgham at webkit.org>'s request for review:
Bug 205468: Unblock iokit-get-property needed for frame buffer initialization
https://bugs.webkit.org/show_bug.cgi?id=205468
Attachment 386135: Patch
https://bugs.webkit.org/attachment.cgi?id=386135&action=review
--- Comment #6 from Per Arne Vollan <pvollan at apple.com> ---
Comment on attachment 386135
--> https://bugs.webkit.org/attachment.cgi?id=386135
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=386135&action=review
R=me.
>>>>
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:105
>>>> +)
>>>
>>> Do we need to audit new iokit get properties rules in the WebContent
process? Or is it always safe to add these?
>>
>> Are all strictly needed, or would a subset be sufficient?
>
> Many of these are already part of the "global" set of allow rules; I want to
move to this model for them in the future. So this change is a first step in
that direction.
>
> I think these are safe to add from a security standpoint. They were vetted
for use in container.sb, and David has stated that he isn't worried about these
"read data" properties.
Sounds good!
More information about the webkit-reviews
mailing list