Bug 180670

Summary: [iOS] Remove unused services from WebContent Process sandbox
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit2Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: eric.carlson, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: iPhone / iPad   
OS: All   
Bug Depends on: 180610    
Bug Blocks: 181938    
Attachments:
Description Flags
Patch eric.carlson: review+

Description Brent Fulgham 2017-12-11 13:58:11 PST 
Pare down the iOS WebContent Process sandbox to only things actually needed by WebKit.
Comment 1 Brent Fulgham 2017-12-11 15:27:18 PST 
Created attachment 329046 [details]
Patch
Comment 2 Brent Fulgham 2017-12-11 15:28:24 PST 
Pare down the set of sandbox exceptions in the iOS WebContent process sandbox to just
those services actually in use:
    1. Remove unused code.
    2. Instead of defining a 'UIKit-app' function and calling it, just declare the individual sandbox
       commands inline. This will allow them to be more easily consolidated with other parts of the
       sandbox in a future step.
Comment 3 Brent Fulgham 2017-12-11 15:29:14 PST 
These sandbox edits should not produce any change in behavior, since these are user interface features used by applications, not things needed by WebKit.
Comment 4 Eric Carlson 2017-12-11 15:31:10 PST 
Comment on attachment 329046 [details]
Patch

rs=me
Comment 5 Brent Fulgham 2017-12-11 16:39:39 PST 
Committed r225763: <https://trac.webkit.org/changeset/225763>
Comment 6 Radar WebKit Bug Importer 2017-12-11 16:41:15 PST 
<rdar://problem/35982266>