Certain Flash-based media players have DRM that require access to additional IOKit property. This patch weakens the PluginProcess sandbox to support these DRM features.
<rdar://problem/31889297>
Created attachment 310222 [details] Patch
Comment on attachment 310222 [details] Patch Clearing flags on attachment: 310222 Committed r216943: <http://trac.webkit.org/changeset/216943>
All reviewed patches have been landed. Closing bug.
Comment on attachment 310222 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=310222&action=review > Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:68 > + (iokit-property "IOMACAddress") ;; For some Flash players > + (iokit-property "IOPlatformSerialNumber") ;; Ditto I wonder why things that are needed for specific plug-ins cannot be in the sandbox profiles for those specific plug-ins, such as com.macromedia.Flash Player.plugin.sb and com.macromedia.Flash Player ESR.plugin.sb.
(In reply to mitz from comment #5) > Comment on attachment 310222 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=310222&action=review > > > Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:68 > > + (iokit-property "IOMACAddress") ;; For some Flash players > > + (iokit-property "IOPlatformSerialNumber") ;; Ditto > > I wonder why things that are needed for specific plug-ins cannot be in the > sandbox profiles for those specific plug-ins, such as com.macromedia.Flash > Player.plugin.sb and com.macromedia.Flash Player ESR.plugin.sb. They definitely could be done at a lower level. Once some internal discussions are complete, we may decide to narrow the scope of these properties to specific plugins only. Ultimately, of course, the goal is to get rid of plugins entirely.