The default deny rule in our iOS sandboxes happens before we import common.sb, which potentially allows more things than we would prefer in the WebContent, Storage, or Network processes.
Instead, we should first import 'common.sb', then deny all lookups so we can be sure we only enable the items we absolutely need to function.
Created attachment 349092 [details]
I tested this manually on device to confirm proper function.
Comment on attachment 349092 [details]
Clearing flags on attachment: 349092
Committed r235781: <https://trac.webkit.org/changeset/235781>
All reviewed patches have been landed. Closing bug.