Lock down the sandbox further by denying XPC services access by default, and only permitting connections to things we need to access.
Created attachment 310199 [details] Patch
Created attachment 310203 [details] Patch v2
Comment on attachment 310203 [details] Patch v2 Revised patch -- some of the XPC services granted to the plugin process were not needed.
Comment on attachment 310203 [details] Patch v2 Clearing flags on attachment: 310203 Committed r216941: <http://trac.webkit.org/changeset/216941>
All reviewed patches have been landed. Closing bug.
<rdar://problem/31916325>