commit d823d9e2eb98aad7803c654f520a4162552a5d26
author bfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Fri Jan 04 16:44:43 2019 +0000
committer bfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Fri Jan 04 16:44:43 2019 +0000
tree 88ee50fba45bb4a04cb03bfcbf3bbeed73e4df61
parent 2b97c7cfdf3e56f1e95efd475246dba6856e936a

[iOS] Silently deny access to mail settings triggered by MessageUI framework
https://bugs.webkit.org/show_bug.cgi?id=193123
<rdar://problem/42485581>

Reviewed by Alexey Proskuryakov.

Remove unhelpful logging generated when we block access to non-WebKit preferences. These
invalid checks are done by an system framework that we cannot modify.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@239611 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog

diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
index 2466949..153c822 100644
--- a/Source/WebKit/ChangeLog
+++ b/Source/WebKit/ChangeLog
@@ -1,5 +1,18 @@
 2019-01-03  Brent Fulgham  <bfulgham@apple.com>
 
+        [iOS] Silently deny access to mail settings triggered by MessageUI framework
+        https://bugs.webkit.org/show_bug.cgi?id=193123
+        <rdar://problem/42485581>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Remove unhelpful logging generated when we block access to non-WebKit preferences. These
+        invalid checks are done by an system framework that we cannot modify.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
+2019-01-03  Brent Fulgham  <bfulgham@apple.com>
+
         [iOS] Update sandbox profile to use iconservices instead of lsdiconservice
         https://bugs.webkit.org/show_bug.cgi?id=193115
         <rdar://problem/44867379>

Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

diff --git a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
index b36ab4f..d29efd5 100644
--- a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
+++ b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
@@ -155,6 +155,12 @@
     "com.apple.lookup.shared" ; Needed for DataDetector (Spotlight) support
 )
 
+;; Silently deny unnecessary accesses caused by MessageUI framework.
+;; This can be removed once <rdar://problem/47038102> is resolved.
+(deny file-read*
+    (home-literal "/Library/Preferences/com.apple.mobilemail.plist")
+    (with no-log))
+
 ;; <rdar://problem/12985925> Need read access to /var/mobile/Library/Fonts to all apps
 (allow file-read*
     (home-subpath "/Library/Fonts"))