RESOLVED FIXED180670
[iOS] Remove unused services from WebContent Process sandbox 
https://bugs.webkit.org/show_bug.cgi?id=180670
Summary [iOS] Remove unused services from WebContent Process sandbox
Brent Fulgham
Reported 2017-12-11 13:58:11 PST
Pare down the iOS WebContent Process sandbox to only things actually needed by WebKit.
Attachments
Patch (35.99 KB, patch)
2017-12-11 15:27 PST, Brent Fulgham 		eric.carlson: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2017-12-11 15:27:18 PST
Created attachment 329046 [details] Patch
Brent Fulgham
Comment 2 2017-12-11 15:28:24 PST
Pare down the set of sandbox exceptions in the iOS WebContent process sandbox to just those services actually in use: 1. Remove unused code. 2. Instead of defining a 'UIKit-app' function and calling it, just declare the individual sandbox commands inline. This will allow them to be more easily consolidated with other parts of the sandbox in a future step.
Brent Fulgham
Comment 3 2017-12-11 15:29:14 PST
These sandbox edits should not produce any change in behavior, since these are user interface features used by applications, not things needed by WebKit.
Eric Carlson
Comment 4 2017-12-11 15:31:10 PST
Comment on attachment 329046 [details] Patch rs=me
Brent Fulgham
Comment 5 2017-12-11 16:39:39 PST
Committed r225763: <https://trac.webkit.org/changeset/225763>
Radar WebKit Bug Importer
Comment 6 2017-12-11 16:41:15 PST
<rdar://problem/35982266>
Note You need to log in before you can comment on or make changes to this bug.