Bug 168594

Summary: [WebRTC][Mac] Network process sandbox does not allow WebRTC networking
Product: WebKit Reporter: youenn fablet <youennf>
Component: WebKit2Assignee: youenn fablet <youennf>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, bfulgham, buildbot, commit-queue, eric.carlson, rniwa
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Archive of layout-test-results from ews105 for mac-elcapitan-wk2
none
Patch
none
Patch for landing none

youenn fablet
Reported 2017-02-20 07:21:46 PST
Network process sandbox does not allow WebRTC networking
Attachments
Patch (7.85 KB, patch)
2017-02-20 07:25 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews105 for mac-elcapitan-wk2 (75.77 KB, application/zip)
2017-02-20 08:13 PST, Build Bot 		no flags
Details
Patch (9.21 KB, patch)
2017-02-20 14:50 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch for landing (9.31 KB, patch)
2017-02-21 12:54 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
youenn fablet
Comment 1 2017-02-20 07:25:19 PST
Created attachment 302143 [details] Patch
Build Bot
Comment 2 2017-02-20 08:13:03 PST
Comment on attachment 302143 [details] Patch Attachment 302143 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/3159660 Number of test failures exceeded the failure limit.
Build Bot
Comment 3 2017-02-20 08:13:06 PST
Created attachment 302147 [details] Archive of layout-test-results from ews105 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews105 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6
youenn fablet
Comment 4 2017-02-20 14:50:27 PST
Created attachment 302173 [details] Patch
youenn fablet
Comment 5 2017-02-20 14:51:59 PST
(In reply to comment #3) > Created attachment 302147 [details] > Archive of layout-test-results from ews105 for mac-elcapitan-wk2 > > The attached test failures were seen while running run-webkit-tests on the > mac-wk2-ews. > Bot: ews105 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6 ElCapitain does not know about with-filter. Inlining its definition into NetworkProcess sandbox should fix the issue.
Brent Fulgham
Comment 6 2017-02-21 11:57:16 PST
Comment on attachment 302173 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=302173&action=review I misunderstood what you described to me in person -- this is absolutely a better approach than my first attempt. r=me. > Source/WebKit2/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:212 > +(macro (with-filter form) "with-filter" is now defined in the core Sandboxing language. I don't think you need to redefine this here. > Source/WebKit2/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:247 > +(with-filter (extension "com.apple.webkit.webrtc") Much better than my approach!
youenn fablet
Comment 7 2017-02-21 12:45:14 PST
Thanks for the review. (In reply to comment #6) > Comment on attachment 302173 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=302173&action=review > > I misunderstood what you described to me in person -- this is absolutely a > better approach than my first attempt. r=me. > > > Source/WebKit2/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:212 > > +(macro (with-filter form) > > "with-filter" is now defined in the core Sandboxing language. I don't think > you need to redefine this here. I needed to add it for ElCapitan.
youenn fablet
Comment 8 2017-02-21 12:54:04 PST
Created attachment 302295 [details] Patch for landing
WebKit Commit Bot
Comment 9 2017-02-21 13:32:42 PST
Comment on attachment 302295 [details] Patch for landing Clearing flags on attachment: 302295 Committed r212746: <http://trac.webkit.org/changeset/212746>
WebKit Commit Bot
Comment 10 2017-02-21 13:32:46 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.