Bug 180670 - [iOS] Remove unused services from WebContent Process sandbox
Summary: [iOS] Remove unused services from WebContent Process sandbox
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: iPhone / iPad All
: P2 Normal
Assignee: Brent Fulgham
URL:
Keywords: InRadar
Depends on: 180610
Blocks: 181938
  Show dependency treegraph
 
Reported: 2017-12-11 13:58 PST by Brent Fulgham
Modified: 2018-01-22 12:37 PST (History)
2 users (show)

See Also:

Attachments
Patch (35.99 KB, patch)
2017-12-11 15:27 PST, Brent Fulgham 		eric.carlson: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2017-12-11 13:58:11 PST 
Pare down the iOS WebContent Process sandbox to only things actually needed by WebKit.
Comment 1 Brent Fulgham 2017-12-11 15:27:18 PST 
Created attachment 329046 [details]
Patch
Comment 2 Brent Fulgham 2017-12-11 15:28:24 PST 
Pare down the set of sandbox exceptions in the iOS WebContent process sandbox to just
those services actually in use:
    1. Remove unused code.
    2. Instead of defining a 'UIKit-app' function and calling it, just declare the individual sandbox
       commands inline. This will allow them to be more easily consolidated with other parts of the
       sandbox in a future step.
Comment 3 Brent Fulgham 2017-12-11 15:29:14 PST 
These sandbox edits should not produce any change in behavior, since these are user interface features used by applications, not things needed by WebKit.
Comment 4 Eric Carlson 2017-12-11 15:31:10 PST 
Comment on attachment 329046 [details]
Patch

rs=me
Comment 5 Brent Fulgham 2017-12-11 16:39:39 PST 
Committed r225763: <https://trac.webkit.org/changeset/225763>
Comment 6 Radar WebKit Bug Importer 2017-12-11 16:41:15 PST 
<rdar://problem/35982266>