180610 – [iOS] Don't import 'UIKit-apps.sb' to the WebContent process sandbox

Bug 180610 - [iOS] Don't import 'UIKit-apps.sb' to the WebContent process sandbox

Summary: [iOS] Don't import 'UIKit-apps.sb' to the WebContent process sandbox

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Brent Fulgham

URL:
Keywords:	InRadar

Depends on:
Blocks:	180670
	Show dependency tree / graph

Reported:	2017-12-08 15:08 PST by Brent Fulgham
Modified:	2017-12-11 13:58 PST (History)
CC List:	6 users (show)

See Also:

Attachments
Patch (22.29 KB, patch) 2017-12-08 15:10 PST, Brent Fulgham	dino: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brent Fulgham 2017-12-08 15:08:00 PST

Currently the WebContent process sandbox includes the global "UIKit-apps.sb" sandbox. We should just duplicate the contents of that file, and remove things we don't use so that we can decrease the range of things our process has access too.

This patch is a first step, which just does a copy/paste of the sandbox rules. There should be no change in function.

Comment 1 Brent Fulgham 2017-12-08 15:10:22 PST

Created attachment 328875 [details]
Patch

Comment 2 Brent Fulgham 2017-12-11 13:25:53 PST

Committed r225754: <https://trac.webkit.org/changeset/225754>

Comment 3 Radar WebKit Bug Importer 2017-12-11 13:26:24 PST

<rdar://problem/35976253>

Comment 4 Brent Fulgham 2017-12-11 13:26:57 PST

Part of the effort to complete <rdar://problem/18899506>.