Bug 180670

Summary: [iOS] Remove unused services from WebContent Process sandbox
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit2Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: eric.carlson, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: iPhone / iPad   
OS: All   
Bug Depends on: 180610    
Bug Blocks: 181938    
Attachments:
Description Flags
Patch eric.carlson: review+

Brent Fulgham
Reported 2017-12-11 13:58:11 PST
Pare down the iOS WebContent Process sandbox to only things actually needed by WebKit.
Attachments
Patch (35.99 KB, patch)
2017-12-11 15:27 PST, Brent Fulgham 		eric.carlson: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2017-12-11 15:27:18 PST
Created attachment 329046 [details] Patch
Brent Fulgham
Comment 2 2017-12-11 15:28:24 PST
Pare down the set of sandbox exceptions in the iOS WebContent process sandbox to just those services actually in use: 1. Remove unused code. 2. Instead of defining a 'UIKit-app' function and calling it, just declare the individual sandbox commands inline. This will allow them to be more easily consolidated with other parts of the sandbox in a future step.
Brent Fulgham
Comment 3 2017-12-11 15:29:14 PST
These sandbox edits should not produce any change in behavior, since these are user interface features used by applications, not things needed by WebKit.
Eric Carlson
Comment 4 2017-12-11 15:31:10 PST
Comment on attachment 329046 [details] Patch rs=me
Brent Fulgham
Comment 5 2017-12-11 16:39:39 PST
Committed r225763: <https://trac.webkit.org/changeset/225763>
Radar WebKit Bug Importer
Comment 6 2017-12-11 16:41:15 PST
<rdar://problem/35982266>
Note You need to log in before you can comment on or make changes to this bug.