[webkit-reviews] review granted: [Bug 233129] [iOS] Block access to unused resources in the Networking process' sandbox : [Attachment 444280] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 17 13:05:29 PST 2021
Brent Fulgham <bfulgham at webkit.org> has granted Per Arne Vollan
<pvollan at apple.com>'s request for review:
Bug 233129: [iOS] Block access to unused resources in the Networking process'
sandbox
https://bugs.webkit.org/show_bug.cgi?id=233129
Attachment 444280: Patch
https://bugs.webkit.org/attachment.cgi?id=444280&action=review
--- Comment #5 from Brent Fulgham <bfulgham at webkit.org> ---
Comment on attachment 444280
--> https://bugs.webkit.org/attachment.cgi?id=444280
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=444280&action=review
r=me
>
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:128
> + (global-name "com.apple.symptomsd"))
Might be tidier to include this in the deny/with-telemetry on line 121.
>
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:175
> (global-name "com.apple.nsurlsessiond"))
It's shocking to me that this isn't needed!
>
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:338
> (subpath "/private/var/preferences/Logging"))
Could this be combined with the set on line 325 above (along with
/private/var/db/timezone?)
More information about the webkit-reviews
mailing list