RESOLVED FIXED 189385
[iOS] Move default mach-lookup deny to after common.sb is imported 
https://bugs.webkit.org/show_bug.cgi?id=189385
Summary [iOS] Move default mach-lookup deny to after common.sb is imported
Brent Fulgham
Reported 2018-09-06 16:46:49 PDT
The default deny rule in our iOS sandboxes happens before we import common.sb, which potentially allows more things than we would prefer in the WebContent, Storage, or Network processes. Instead, we should first import 'common.sb', then deny all lookups so we can be sure we only enable the items we absolutely need to function.
Attachments
Patch (3.26 KB, patch)
2018-09-06 16:49 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2018-09-06 16:47:05 PDT
<rdar://problem/43624193>
Brent Fulgham
Comment 2 2018-09-06 16:49:13 PDT
Created attachment 349092 [details] Patch
Brent Fulgham
Comment 3 2018-09-06 16:49:43 PDT
I tested this manually on device to confirm proper function.
WebKit Commit Bot
Comment 4 2018-09-07 05:28:32 PDT
Comment on attachment 349092 [details] Patch Clearing flags on attachment: 349092 Committed r235781: <https://trac.webkit.org/changeset/235781>
WebKit Commit Bot
Comment 5 2018-09-07 05:28:34 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.