Bug 180610

Summary: [iOS] Don't import 'UIKit-apps.sb' to the WebContent process sandbox
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit2Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, ap, bfulgham, dino, ggaren, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 180670    
Attachments:
Description Flags
Patch dino: review+

Description Brent Fulgham 2017-12-08 15:08:00 PST 
Currently the WebContent process sandbox includes the global "UIKit-apps.sb" sandbox. We should just duplicate the contents of that file, and remove things we don't use so that we can decrease the range of things our process has access too.

This patch is a first step, which just does a copy/paste of the sandbox rules. There should be no change in function.
Comment 1 Brent Fulgham 2017-12-08 15:10:22 PST 
Created attachment 328875 [details]
Patch
Comment 2 Brent Fulgham 2017-12-11 13:25:53 PST 
Committed r225754: <https://trac.webkit.org/changeset/225754>
Comment 3 Radar WebKit Bug Importer 2017-12-11 13:26:24 PST 
<rdar://problem/35976253>
Comment 4 Brent Fulgham 2017-12-11 13:26:57 PST 
Part of the effort to complete <rdar://problem/18899506>.