Bug 218596

Summary:

[iOS] Remove redundant rule for iokit-open using never-granted extension

Product:

WebKit

Reporter:

Brent Fulgham <bfulgham>

Component:

WebKit Misc.

Assignee:

Brent Fulgham <bfulgham>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, pvollan, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Description Brent Fulgham 2020-11-04 17:01:53 PST

WebKit has long had a sandbox rule granting the ability to issue iokit-open operations if a particular security extension was granted to the process. The WebKit processes are known to never grant this extension, so this rule is not needed.

We should remove the rule to reduce sandbox complexity and increase the speed of sandbox compilation.

Comment 1 Brent Fulgham 2020-11-04 17:02:04 PST

<rdar://problem/66581246>

Comment 2 Brent Fulgham 2020-11-04 17:04:18 PST

Created attachment 413228 [details]
Patch

Comment 3 Per Arne Vollan 2020-11-04 17:30:52 PST

Comment on attachment 413228 [details]
Patch

R=me.

Comment 4 EWS 2020-11-05 09:38:59 PST

Committed r269444: <https://trac.webkit.org/changeset/269444>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 413228 [details].