Bug 218999

Summary: [macOS] Remove remote tcp capability from WebContent Sandbox
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: pvollan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Brent Fulgham 2020-11-16 12:30:11 PST 
We have moved all network activity (aside from some syslog use) out of the WebContent process. We no longer need the ability to open remote tcp connections, and should deny this in the sandbox.
Comment 1 Brent Fulgham 2020-11-16 12:30:49 PST 
We do not have this power on iOS, and do not need it on macOS. I originally though there were media paths that needed this, but confirmed with the WebKit Media team that this is not the case, and performed local testing to confirm this.
Comment 2 Brent Fulgham 2020-11-16 12:31:34 PST 
<rdar://problem/70355789>
Comment 3 Brent Fulgham 2020-11-16 12:33:49 PST 
Created attachment 414267 [details]
Patch
Comment 4 Per Arne Vollan 2020-11-16 13:06:21 PST 
Comment on attachment 414267 [details]
Patch

Great! R=me.
Comment 5 EWS 2020-11-16 14:08:04 PST 
Committed r269877: <https://trac.webkit.org/changeset/269877>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 414267 [details].