[webkit-reviews] review granted: [Bug 230516] Move PCMDaemon to WebKit.framework and rename it to AdAttributionDaemon : [Attachment 438966] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 22 13:27:48 PDT 2021
Brent Fulgham <bfulgham at webkit.org> has granted Alex Christensen
<achristensen at apple.com>'s request for review:
Bug 230516: Move PCMDaemon to WebKit.framework and rename it to
AdAttributionDaemon
https://bugs.webkit.org/show_bug.cgi?id=230516
Attachment 438966: Patch
https://bugs.webkit.org/attachment.cgi?id=438966&action=review
--- Comment #11 from Brent Fulgham <bfulgham at webkit.org> ---
Comment on attachment 438966
--> https://bugs.webkit.org/attachment.cgi?id=438966
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=438966&action=review
r=me.
> Source/WebKit/ChangeLog:11
> + * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
Do we expect to run this daemon on macOS, too? Or is it only iOS at this time?
>>
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:689
>> +(allow mach-lookup (global-name "com.apple.webkit.adattributiond.service"))
>
> Needs a Per Arne or Brent review IMO
To allow this access, we will need to do a few things:
1. Make sure the AdAttribution daemon runs as non-root.
2. AdAttribution daemon must be sandboxed.
3. We should get Product Security to review the new daemon and the IPC messages
we exchange with it.
But this rule is fine for now.
More information about the webkit-reviews
mailing list