| Summary: | [macOS] Issue sandbox extension to the WebContent process for com.apple.lskdd | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Per Arne Vollan <pvollan> | ||||||||
| Component: | WebKit Misc. | Assignee: | Nobody <webkit-unassigned> | ||||||||
| Status: | RESOLVED FIXED | ||||||||||
| Severity: | Normal | CC: | bfulgham, ggaren, webkit-bug-importer | ||||||||
| Priority: | P2 | Keywords: | InRadar | ||||||||
| Version: | WebKit Nightly Build | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Per Arne Vollan
2020-11-13 12:18:41 PST
Created attachment 414078 [details]
Patch
Created attachment 414079 [details]
Patch
Created attachment 414082 [details]
Patch
Comment on attachment 414082 [details]
Patch
r=me
When we enable GPU Process for media, we plan to deny access to lskdd and the other media related mach services. But before we deny access to a service, we prefer to gather telemetry on its use. How will we gather telemetry on the media related mach services before we deny them outright?
(In reply to Geoffrey Garen from comment #5) > Comment on attachment 414082 [details] > Patch > > r=me > > When we enable GPU Process for media, we plan to deny access to lskdd and > the other media related mach services. But before we deny access to a > service, we prefer to gather telemetry on its use. How will we gather > telemetry on the media related mach services before we deny them outright? I think we should create a temporary rule, where we allow Media services, but with telemetry. This is what we currently do for GPU related IOKit classes. Thanks for reviewing! Committed r269792: <https://trac.webkit.org/changeset/269792> All reviewed patches have been landed. Closing bug and clearing flags on attachment 414082 [details]. |