180610 – [iOS] Don't import 'UIKit-apps.sb' to the WebContent process sandbox

RESOLVED FIXED 180610

[iOS] Don't import 'UIKit-apps.sb' to the WebContent process sandbox

https://bugs.webkit.org/show_bug.cgi?id=180610

Summary [iOS] Don't import 'UIKit-apps.sb' to the WebContent process sandbox

Brent Fulgham

Reported 2017-12-08 15:08:00 PST

Currently the WebContent process sandbox includes the global "UIKit-apps.sb" sandbox. We should just duplicate the contents of that file, and remove things we don't use so that we can decrease the range of things our process has access too. This patch is a first step, which just does a copy/paste of the sandbox rules. There should be no change in function.

Attachments
Patch (22.29 KB, patch) 2017-12-08 15:10 PST, Brent Fulgham	dino: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2017-12-08 15:10:22 PST

Created attachment 328875 [details] Patch

Brent Fulgham

Comment 2 2017-12-11 13:25:53 PST

Committed r225754: <https://trac.webkit.org/changeset/225754>

Radar WebKit Bug Importer

Comment 3 2017-12-11 13:26:24 PST

<rdar://problem/35976253>

Brent Fulgham

Comment 4 2017-12-11 13:26:57 PST

Part of the effort to complete <rdar://problem/18899506>.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit2

Assignee

Brent Fulgham

Reported

2017-12-08 15:08 PST

Modified

2017-12-11 13:58 PST History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks

180670

Dependencies

tree graph