Bug 131942

Summary: Check the com.apple.security.network.client entitlement for all processes
Product: WebKit Reporter: Anders Carlsson <andersca>
Component: New BugsAssignee: Anders Carlsson <andersca>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch mitz: review+

Description Anders Carlsson 2014-04-21 12:05:30 PDT
Check the com.apple.security.network.client entitlement for all processes
Comment 1 Anders Carlsson 2014-04-21 12:06:15 PDT
Created attachment 229817 [details]
Patch
Comment 2 mitz 2014-04-21 12:08:50 PDT
Comment on attachment 229817 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=229817&action=review

> Source/WebKit2/Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm:59
> +    // FIXME: Once we're 100% sure that a process won't access the network we can get rid of this requirement for all processes.

This should say “can’t” instead of “won’t”. We can be sure of this when the sandbox of the process in question disallows network access.
Comment 3 Anders Carlsson 2014-04-21 12:11:01 PDT
Committed r167603: <http://trac.webkit.org/changeset/167603>