Bug 168594

Summary: [WebRTC][Mac] Network process sandbox does not allow WebRTC networking
Product: WebKit Reporter: youenn fablet <youennf>
Component: WebKit2Assignee: youenn fablet <youennf>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, bfulgham, buildbot, commit-queue, eric.carlson, rniwa
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Archive of layout-test-results from ews105 for mac-elcapitan-wk2
none
Patch
none
Patch for landing none

Description youenn fablet 2017-02-20 07:21:46 PST 
Network process sandbox does not allow WebRTC networking
Comment 1 youenn fablet 2017-02-20 07:25:19 PST 
Created attachment 302143 [details]
Patch
Comment 2 Build Bot 2017-02-20 08:13:03 PST 
Comment on attachment 302143 [details]
Patch

Attachment 302143 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.webkit.org/results/3159660

Number of test failures exceeded the failure limit.
Comment 3 Build Bot 2017-02-20 08:13:06 PST 
Created attachment 302147 [details]
Archive of layout-test-results from ews105 for mac-elcapitan-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews105  Port: mac-elcapitan-wk2  Platform: Mac OS X 10.11.6
Comment 4 youenn fablet 2017-02-20 14:50:27 PST 
Created attachment 302173 [details]
Patch
Comment 5 youenn fablet 2017-02-20 14:51:59 PST 
(In reply to comment #3)
> Created attachment 302147 [details]
> Archive of layout-test-results from ews105 for mac-elcapitan-wk2
> 
> The attached test failures were seen while running run-webkit-tests on the
> mac-wk2-ews.
> Bot: ews105  Port: mac-elcapitan-wk2  Platform: Mac OS X 10.11.6

ElCapitain does not know about with-filter.
Inlining its definition into NetworkProcess sandbox should fix the issue.
Comment 6 Brent Fulgham 2017-02-21 11:57:16 PST 
Comment on attachment 302173 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=302173&action=review

I misunderstood what you described to me in person -- this is absolutely a better approach than my first attempt. r=me.

> Source/WebKit2/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:212
> +(macro (with-filter form)

"with-filter" is now defined in the core Sandboxing language. I don't think you need to redefine this here.

> Source/WebKit2/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:247
> +(with-filter (extension "com.apple.webkit.webrtc")

Much better than my approach!
Comment 7 youenn fablet 2017-02-21 12:45:14 PST 
Thanks for the review.

(In reply to comment #6)
> Comment on attachment 302173 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=302173&action=review
> 
> I misunderstood what you described to me in person -- this is absolutely a
> better approach than my first attempt. r=me.
> 
> > Source/WebKit2/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:212
> > +(macro (with-filter form)
> 
> "with-filter" is now defined in the core Sandboxing language. I don't think
> you need to redefine this here.

I needed to add it for ElCapitan.
Comment 8 youenn fablet 2017-02-21 12:54:04 PST 
Created attachment 302295 [details]
Patch for landing
Comment 9 WebKit Commit Bot 2017-02-21 13:32:42 PST 
Comment on attachment 302295 [details]
Patch for landing

Clearing flags on attachment: 302295

Committed r212746: <http://trac.webkit.org/changeset/212746>
Comment 10 WebKit Commit Bot 2017-02-21 13:32:46 PST 
All reviewed patches have been landed.  Closing bug.