Title: [277309] trunk/Source/WebKit
- Revision
- 277309
- Author
- bfulg...@apple.com
- Date
- 2021-05-10 17:25:26 -0700 (Mon, 10 May 2021)
Log Message
[Cocoa] Extend Network Process sandbox to access more Network Extension databases
https://bugs.webkit.org/show_bug.cgi?id=225614
<rdar://problem/77696566>
Reviewed by Per Arne Vollan.
We don't allow the Network Process to directly memory-map files used by the network extensions
feature. We can improve memory performance by allowing the process to mmap these files, rather
than forcing a series of XPC operations to build the same database in memory.
* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (277308 => 277309)
--- trunk/Source/WebKit/ChangeLog 2021-05-11 00:19:23 UTC (rev 277308)
+++ trunk/Source/WebKit/ChangeLog 2021-05-11 00:25:26 UTC (rev 277309)
@@ -1,3 +1,18 @@
+2021-05-10 Brent Fulgham <bfulg...@apple.com>
+
+ [Cocoa] Extend Network Process sandbox to access more Network Extension databases
+ https://bugs.webkit.org/show_bug.cgi?id=225614
+ <rdar://problem/77696566>
+
+ Reviewed by Per Arne Vollan.
+
+ We don't allow the Network Process to directly memory-map files used by the network extensions
+ feature. We can improve memory performance by allowing the process to mmap these files, rather
+ than forcing a series of XPC operations to build the same database in memory.
+
+ * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+
2021-05-10 Kate Cheney <katherine_che...@apple.com>
Speculative revalidation requests not properly attributed as app-bound
Modified: trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (277308 => 277309)
--- trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2021-05-11 00:19:23 UTC (rev 277308)
+++ trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2021-05-11 00:25:26 UTC (rev 277309)
@@ -473,3 +473,7 @@
(allow file-read* file-write*
(home-subpath "/Library/HTTPStorages"))
+
+(allow file-read*
+ (prefix "/private/var/db/com.apple.networkextension.")
+)
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (277308 => 277309)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2021-05-11 00:19:23 UTC (rev 277308)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2021-05-11 00:25:26 UTC (rev 277309)
@@ -1,4 +1,4 @@
-; Copyright (C) 2014-2020 Apple Inc. All rights reserved.
+; Copyright (C) 2014-2021 Apple Inc. All rights reserved.
;
; Redistribution and use in source and binary forms, with or without
; modification, are permitted provided that the following conditions
@@ -126,7 +126,10 @@
(with-filter (entitlement-is-present "com.apple.private.networkextension.configuration")
(allow file-read* (literal "/private/var/preferences/com.apple.networkextension.plist")))
- (allow file-read* (literal "/private/var/preferences/com.apple.networkextension.uuidcache.plist"))
+ (allow file-read*
+ (literal "/private/var/preferences/com.apple.networkextension.uuidcache.plist")
+ (prefix "/private/var/db/com.apple.networkextension.")
+ )
(allow mach-lookup
(global-name "com.apple.AppSSO.service-xpc"))
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
