[webkit-reviews] review granted: [Bug 203525] [iOS] Clean up sandbox to group similar rules together : [Attachment 382116] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 28 16:40:50 PDT 2019
Per Arne Vollan <pvollan at apple.com> has granted Brent Fulgham
<bfulgham at webkit.org>'s request for review:
Bug 203525: [iOS] Clean up sandbox to group similar rules together
https://bugs.webkit.org/show_bug.cgi?id=203525
Attachment 382116: Patch
https://bugs.webkit.org/attachment.cgi?id=382116&action=review
--- Comment #3 from Per Arne Vollan <pvollan at apple.com> ---
Comment on attachment 382116
--> https://bugs.webkit.org/attachment.cgi?id=382116
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=382116&action=review
Great! R=me.
>
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:275
> + (allow iokit-get-properties
> + (iokit-property "IOGLBundleName")
> + (iokit-property "IOGLESBundleName")
> + (iokit-property "IOGLESDefaultUseMetal")
> + (iokit-property "IOGLESMetalBundleName")
> + (iokit-property "MetalPluginClassName")
> + (iokit-property "MetalPluginName")
> + )
Is this a new rule?
>
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:433
> + (global-name "com.apple.frontboard.systemappservices")
This seems to be a duplicate.
>
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:-520
> -(with-filter (uid 0)
> - (allow file-read*
> - (literal "/private/etc/master.passwd")))
Is this a behavior change? Perhaps consider moving this into its own patch in
case it is.
More information about the webkit-reviews
mailing list