[SCM] WebKit Debian packaging branch, debian/experimental, updated. debian/1.3.8-1-1049-g2e11a8e
mitz at apple.com
mitz at apple.com
Fri Jan 21 14:57:55 UTC 2011
The following commit has been merged in the debian/experimental branch:
commit 2824de2dd0b50dab7b26144b211ec21b78360644
Author: mitz at apple.com <mitz at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Jan 5 17:50:20 2011 +0000
Cleaned up com.apple.WebProcess.sb
Rubber-stamped by Darin Adler.
* WebProcess/com.apple.WebProcess.sb: Moved the closing parentheses of multi-line blocks to
their own lines. Changed to use WebKit-standard 4-space indentation.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@75075 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebKit2/ChangeLog b/WebKit2/ChangeLog
index 30c9f42..899eee2 100644
--- a/WebKit2/ChangeLog
+++ b/WebKit2/ChangeLog
@@ -1,3 +1,12 @@
+2011-01-05 Dan Bernstein <mitz at apple.com>
+
+ Rubber-stamped by Darin Adler.
+
+ Cleaned up com.apple.WebProcess.sb
+
+ * WebProcess/com.apple.WebProcess.sb: Moved the closing parentheses of multi-line blocks to
+ their own lines. Changed to use WebKit-standard 4-space indentation.
+
2011-01-05 Alexey Proskuryakov <ap at apple.com>
Reviewed by Sam Weinig.
diff --git a/WebKit2/WebProcess/com.apple.WebProcess.sb b/WebKit2/WebProcess/com.apple.WebProcess.sb
index 3d143fc..0432bd5 100644
--- a/WebKit2/WebProcess/com.apple.WebProcess.sb
+++ b/WebKit2/WebProcess/com.apple.WebProcess.sb
@@ -6,46 +6,49 @@
;; Read-only preferences and data
(allow file-read*
- ;; Basic system paths
- (subpath "/Library/Fonts")
- (subpath "/Library/Frameworks")
- (subpath "/Library/Keychains")
- (subpath "/private/var/db/mds")
- (regex #"^/private/etc/(hosts|group|passwd)$")
-
- ;; Plugins
- (subpath "/Library/Internet Plug-Ins")
- (subpath (string-append (param "_HOME") "/Library/Internet Plug-Ins"))
-
- ;; System and user preferences
- (literal "/Library/Preferences/.GlobalPreferences.plist")
- (literal "/Library/Preferences/com.apple.security.plist")
- (literal (string-append (param "_HOME") "/Library/Preferences/.GlobalPreferences.plist"))
- (regex (string-append "^" (param "_HOME") "/Library/Preferences/ByHost/\.GlobalPreferences\."))
- (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.ATS.plist"))
- (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.HIToolbox.plist"))
- (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.LaunchServices.plist"))
- (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.WebFoundation.plist"))
- (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.security.plist"))
- (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.security.revocation.plist"))
- (subpath (string-append (param "_HOME") "/Library/Keychains"))
-
- ;; On-disk WebKit2 framework location, to account for debug installations
- ;; outside of /System/Library/Frameworks
- (subpath (param "WEBKIT2_FRAMEWORK_DIR"))
-
- ;; Extensions from UIProcess
- (extension))
+ ;; Basic system paths
+ (subpath "/Library/Fonts")
+ (subpath "/Library/Frameworks")
+ (subpath "/Library/Keychains")
+ (subpath "/private/var/db/mds")
+ (regex #"^/private/etc/(hosts|group|passwd)$")
+
+ ;; Plugins
+ (subpath "/Library/Internet Plug-Ins")
+ (subpath (string-append (param "_HOME") "/Library/Internet Plug-Ins"))
+
+ ;; System and user preferences
+ (literal "/Library/Preferences/.GlobalPreferences.plist")
+ (literal "/Library/Preferences/com.apple.security.plist")
+ (literal (string-append (param "_HOME") "/Library/Preferences/.GlobalPreferences.plist"))
+ (regex (string-append "^" (param "_HOME") "/Library/Preferences/ByHost/\.GlobalPreferences\."))
+ (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.ATS.plist"))
+ (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.HIToolbox.plist"))
+ (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.LaunchServices.plist"))
+ (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.WebFoundation.plist"))
+ (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.security.plist"))
+ (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.security.revocation.plist"))
+ (subpath (string-append (param "_HOME") "/Library/Keychains"))
+
+ ;; On-disk WebKit2 framework location, to account for debug installations
+ ;; outside of /System/Library/Frameworks
+ (subpath (param "WEBKIT2_FRAMEWORK_DIR"))
+
+ ;; Extensions from UIProcess
+ (extension)
+)
(allow file-write*
- ;; Extensions from UIProcess
- (extension))
+ ;; Extensions from UIProcess
+ (extension)
+)
;; Writable preferences and temporary files
(allow file*
- (subpath (string-append (param "_HOME") "/Library/Caches/com.apple.WebProcess"))
- (regex (string-append "^" (param "_HOME") "/Library/Preferences/ByHost/com\.apple\.HIToolbox\."))
- (regex (string-append "^" (param "_HOME") "/Library/Preferences/com\.apple\.WebProcess\.")))
+ (subpath (string-append (param "_HOME") "/Library/Caches/com.apple.WebProcess"))
+ (regex (string-append "^" (param "_HOME") "/Library/Preferences/ByHost/com\.apple\.HIToolbox\."))
+ (regex (string-append "^" (param "_HOME") "/Library/Preferences/com\.apple\.WebProcess\."))
+)
;; Darwin temporary files and caches, if present
(if (positive? (string-length (param "DARWIN_USER_CACHE_DIR")))
@@ -55,51 +58,58 @@
;; FIXME: overly permissive since we can't pre-enumerate the client
;; classes for graphics cards
-(allow iokit-open)
- ;;(iokit-user-client-class "IOHIDParamUserClient")
- ;;(iokit-user-client-class "RootDomainUserClient"))
+(allow iokit-open
+ ;;(iokit-user-client-class "IOHIDParamUserClient")
+ ;;(iokit-user-client-class "RootDomainUserClient")
+)
;; Various services required by AppKit and other frameworks
(allow mach-lookup
- (global-name "com.apple.CoreServices.coreservicesd")
- (global-name "com.apple.DiskArbitration.diskarbitrationd")
- (global-name "com.apple.FileCoordination")
- (global-name "com.apple.FontObjectsServer")
- (global-name "com.apple.FontServer")
- (global-name "com.apple.SecurityServer")
- (global-name "com.apple.SystemConfiguration.configd")
- (global-name "com.apple.audio.VDCAssistant")
- (global-name "com.apple.audio.audiohald")
- (global-name "com.apple.audio.coreaudiod")
- (global-name "com.apple.cookied")
- (global-name "com.apple.cvmsServ")
- (global-name "com.apple.distributed_notifications.2")
- (global-name "com.apple.dock.server")
- (global-name "com.apple.ocspd")
- (global-name "com.apple.pasteboard.1")
- (global-name "com.apple.window_proxies")
- (global-name "com.apple.windowserver.active")
- (global-name-regex #"^com\.apple\.WebKit\.WebProcess-")
- (global-name-regex #"^com\.apple\.qtkitserver\."))
+ (global-name "com.apple.CoreServices.coreservicesd")
+ (global-name "com.apple.DiskArbitration.diskarbitrationd")
+ (global-name "com.apple.FileCoordination")
+ (global-name "com.apple.FontObjectsServer")
+ (global-name "com.apple.FontServer")
+ (global-name "com.apple.SecurityServer")
+ (global-name "com.apple.SystemConfiguration.configd")
+ (global-name "com.apple.audio.VDCAssistant")
+ (global-name "com.apple.audio.audiohald")
+ (global-name "com.apple.audio.coreaudiod")
+ (global-name "com.apple.cookied")
+ (global-name "com.apple.cvmsServ")
+ (global-name "com.apple.distributed_notifications.2")
+ (global-name "com.apple.dock.server")
+ (global-name "com.apple.ocspd")
+ (global-name "com.apple.pasteboard.1")
+ (global-name "com.apple.window_proxies")
+ (global-name "com.apple.windowserver.active")
+ (global-name-regex #"^com\.apple\.WebKit\.WebProcess-")
+ (global-name-regex #"^com\.apple\.qtkitserver\.")
+)
;; FIXME: These rules are required until <rdar://problem/8448410> is addressed. See <rdar://problem/8349882> for discussion.
(allow network-outbound)
(deny network-outbound (regex ""))
(deny network-outbound (local ip))
(allow network-outbound
- ;; Local mDNSResponder for DNS, arbitrary outbound TCP
- (literal "/private/var/run/mDNSResponder")
- (remote tcp))
+ ;; Local mDNSResponder for DNS, arbitrary outbound TCP
+ (literal "/private/var/run/mDNSResponder")
+ (remote tcp)
+)
;; FIXME: These rules are required until plug-ins are moved out of the web process.
(allow file-read*
- (regex (string-append "^" (param "_HOME") "/Library/Preferences/ByHost/com\.apple\.ist\."))
- (literal (string-append (param "_HOME") "/Library/Preferences/edu.mit.Kerberos"))
- (literal "/Library/Preferences/edu.mit.Kerberos"))
+ (regex (string-append "^" (param "_HOME") "/Library/Preferences/ByHost/com\.apple\.ist\."))
+ (literal (string-append (param "_HOME") "/Library/Preferences/edu.mit.Kerberos"))
+ (literal "/Library/Preferences/edu.mit.Kerberos")
+)
+
(allow mach-lookup
- (global-name "org.h5l.kcm")
- (global-name "com.apple.tsm.uiserver")
- (global-name-regex #"^com\.apple\.ist"))
+ (global-name "org.h5l.kcm")
+ (global-name "com.apple.tsm.uiserver")
+ (global-name-regex #"^com\.apple\.ist")
+)
+
(allow network-outbound (remote ip))
;; These rules are required while QTKitServer is being launched directly via posix_spawn (<rdar://problem/6912494>).
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list