Correct sandbox profiles to fix some excess privileges
Created attachment 235253 [details] Patch
Comment on attachment 235253 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=235253&action=review > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb:32 > +(allow file-read* file-write* (require-any ( > + extension "com.apple.app-sandbox.read-write") (extension "com.apple.app-sandbox.read-write"))) This is nonsense - com.apple.app-sandbox.read-write is repeated twice. Please fix. > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:40 > + (require-any (extension "com.apple.webkit.read-write") (extension "com.apple.app-sandbox.read-write")) I think that com.apple.webkit.read-write is here by some misunderstanding. Please remove, or at the very least, please add a FIXME about removing it. > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:74 > + (require-any (extension "com.apple.webkit.read-write") (extension "com.apple.app-sandbox.read-write")) Ditto.
Committed r171322: <http://trac.webkit.org/changeset/171322>
(In reply to comment #3) > Committed r171322: <http://trac.webkit.org/changeset/171322> This contained the string “webkti” in a couple places.