Bug 180610

Summary:

[iOS] Don't import 'UIKit-apps.sb' to the WebContent process sandbox

Product:

WebKit

Reporter:

Brent Fulgham <bfulgham>

Component:

WebKit2

Assignee:

Brent Fulgham <bfulgham>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, ap, bfulgham, dino, ggaren, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

180670

Attachments:

Description	Flags
Patch	dino: review+

Brent Fulgham

Reported 2017-12-08 15:08:00 PST

Currently the WebContent process sandbox includes the global "UIKit-apps.sb" sandbox. We should just duplicate the contents of that file, and remove things we don't use so that we can decrease the range of things our process has access too. This patch is a first step, which just does a copy/paste of the sandbox rules. There should be no change in function.

Attachments
Patch (22.29 KB, patch) 2017-12-08 15:10 PST, Brent Fulgham	dino: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2017-12-08 15:10:22 PST

Created attachment 328875 [details] Patch

Brent Fulgham

Comment 2 2017-12-11 13:25:53 PST

Committed r225754: <https://trac.webkit.org/changeset/225754>

Radar WebKit Bug Importer

Comment 3 2017-12-11 13:26:24 PST

<rdar://problem/35976253>

Brent Fulgham

Comment 4 2017-12-11 13:26:57 PST

Part of the effort to complete <rdar://problem/18899506>.

Note You need to log in before you can comment on or make changes to this bug.