Bug 189385

Summary:

[iOS] Move default mach-lookup deny to after common.sb is imported

Product:

WebKit

Reporter:

Brent Fulgham <bfulgham>

Component:

WebKit2

Assignee:

Brent Fulgham <bfulgham>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, bfulgham, commit-queue, eric.carlson, youennf

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Brent Fulgham

Reported 2018-09-06 16:46:49 PDT

The default deny rule in our iOS sandboxes happens before we import common.sb, which potentially allows more things than we would prefer in the WebContent, Storage, or Network processes. Instead, we should first import 'common.sb', then deny all lookups so we can be sure we only enable the items we absolutely need to function.

Attachments
Patch (3.26 KB, patch) 2018-09-06 16:49 PDT, Brent Fulgham	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2018-09-06 16:47:05 PDT

<rdar://problem/43624193>

Brent Fulgham

Comment 2 2018-09-06 16:49:13 PDT

Created attachment 349092 [details] Patch

Brent Fulgham

Comment 3 2018-09-06 16:49:43 PDT

I tested this manually on device to confirm proper function.

WebKit Commit Bot

Comment 4 2018-09-07 05:28:32 PDT

Comment on attachment 349092 [details] Patch Clearing flags on attachment: 349092 Committed r235781: <https://trac.webkit.org/changeset/235781>

WebKit Commit Bot

Comment 5 2018-09-07 05:28:34 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.