Bug 237009

Summary: Allow adattributiond to start on iOS devices
Product: WebKit Reporter: Alex Christensen <achristensen>
Component: New BugsAssignee: Alex Christensen <achristensen>
Status: RESOLVED FIXED    
Severity: Normal CC: pvollan, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch achristensen: commit-queue+

Description Alex Christensen 2022-02-21 17:11:16 PST 
Allow adattributiond to start on iOS devices
Comment 1 Alex Christensen 2022-02-21 17:13:45 PST 
Created attachment 452801 [details]
Patch
Comment 2 Alex Christensen 2022-02-21 17:13:49 PST 
<rdar://problem/89062166>
Comment 3 Per Arne Vollan 2022-02-21 17:16:29 PST 
Comment on attachment 452801 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=452801&action=review

R=me.

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb:79
> +(allow file-read* file-map-executable
> +       (subpath "/System/Library/Frameworks")
> +       (subpath "/System/Library/PrivateFrameworks"))
> +

Could this be limited to only the WebKit framework?
Comment 4 Alex Christensen 2022-02-21 17:47:33 PST 
Created attachment 452805 [details]
Patch
Comment 5 Alex Christensen 2022-02-21 17:48:48 PST 
(In reply to Per Arne Vollan from comment #3)
> Comment on attachment 452801 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=452801&action=review
> 
> R=me.
> 
> > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb:79
> > +(allow file-read* file-map-executable
> > +       (subpath "/System/Library/Frameworks")
> > +       (subpath "/System/Library/PrivateFrameworks"))
> > +
> 
> Could this be limited to only the WebKit framework?

We need CFNetwork, among others.  I'm basing the abilities I'm adding on what the network process has access to.
Comment 6 Alex Christensen 2022-02-21 20:57:57 PST 
r290288