Update sandbox profile for AWD similarly to what was done for iOS in <http://trac.webkit.org/changeset/182278>. Radar: <rdar://problem/20719293>
Created attachment 251826 [details] Patch
Comment on attachment 251826 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=251826&action=review > Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in:310 > +(allow mach-lookup > + (global-name "com.apple.awdd")) Why is this OK to do? Let's discuss offline, we should not allow anything in the sandbox profile without extreme caution and long deliberation. Also, why WebContent only, what does it even have to do with awd?
(In reply to comment #2) > Comment on attachment 251826 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=251826&action=review > > > Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in:310 > > +(allow mach-lookup > > + (global-name "com.apple.awdd")) > > Why is this OK to do? > > Let's discuss offline, we should not allow anything in the sandbox profile > without extreme caution and long deliberation. > > Also, why WebContent only, what does it even have to do with awd? Please see comment on radar as to why we need this for the web content process only. Also you already approved this change for iOS, why is this an issue for Mac specifically? I use the same code on Mac and iOS so it makes sense we need the same sandbox permissions on both platforms.
Comment on attachment 251826 [details] Patch I'd just add this to the "various" section.
Created attachment 251851 [details] Patch
Comment on attachment 251851 [details] Patch Clearing flags on attachment: 251851 Committed r183480: <http://trac.webkit.org/changeset/183480>
All reviewed patches have been landed. Closing bug.