2011-04-07 Maciej Stachowiak <mjs@apple.com>

Reviewed by Dan Bernstein. Remove some no longer needed WebProcess sandbox allowances https://bugs.webkit.org/show_bug.cgi?id=58015 <rdar://problem/9232592> * WebProcess/com.apple.WebProcess.sb: Remove no-longer needed extra network and launching privileges, since the bugs that required them are fixed. git-svn-id: svn://svn.chromium.org/blink/trunk@83148 bbb929c8-8fbe-4397-9dbb-9b2b20218538

2011-04-07 Maciej Stachowiak <mjs@apple.com>
Reviewed by Dan Bernstein. Remove some no longer needed WebProcess sandbox allowances https://bugs.webkit.org/show_bug.cgi?id=58015 <rdar://problem/9232592> * WebProcess/com.apple.WebProcess.sb: Remove no-longer needed extra network and launching privileges, since the bugs that required them are fixed. git-svn-id: svn://svn.chromium.org/blink/trunk@83148 bbb929c8-8fbe-4397-9dbb-9b2b20218538
2211d104 · mjs@apple.com · 1285645e · 2211d104 · 2211d104
Commit 2211d104 authored Apr 07, 2011 by mjs@apple.com
2 changed files
--- a/third_party/WebKit/Source/WebKit2/ChangeLog
+++ b/third_party/WebKit/Source/WebKit2/ChangeLog
+2011-04-07  Maciej Stachowiak  <mjs@apple.com>
+        Reviewed by Dan Bernstein.
+        Remove some no longer needed WebProcess sandbox allowances
+        https://bugs.webkit.org/show_bug.cgi?id=58015
+        <rdar://problem/9232592>
+        * WebProcess/com.apple.WebProcess.sb: Remove no-longer needed extra network
+        and launching privileges, since the bugs that required them are fixed.
 2011-04-06  Chang Shu  <cshu@webkit.org>
        Reviewed by Darin Adler.

--- a/third_party/WebKit/Source/WebKit2/WebProcess/com.apple.WebProcess.sb
+++ b/third_party/WebKit/Source/WebKit2/WebProcess/com.apple.WebProcess.sb
@@ -132,10 +132,6 @@
   (global-name-regex #"^com\.apple\.qtkitserver\.")
 )
-;; FIXME: These rules are required until <rdar://problem/8448410> is addressed. See <rdar://problem/8349882> for discussion.
-(allow network-outbound)
-(deny network-outbound (regex ""))
-(deny network-outbound (local ip))
 (allow network-outbound
   ;; Local mDNSResponder for DNS, arbitrary outbound TCP
   (literal "/private/var/run/mDNSResponder")
@@ -157,10 +153,6 @@
 (allow network-outbound (remote ip))
-;; These rules are required while QTKitServer is being launched directly via posix_spawn (<rdar://problem/6912494>).
-(allow process-fork)
-(allow process-exec (literal "/System/Library/Frameworks/QTKit.framework/Versions/A/Resources/QTKitServer") (with no-sandbox))
 ;; FIXME: Once <rdar://problem/8900275> has been fixed, these rules can be removed.
 (allow mach-lookup (global-name "com.apple.pubsub.ipc"))
 (allow network-outbound (regex #"^/private/tmp/launch-[^/]+/Render"))