The default deny rule in our iOS sandboxes happens before we import common.sb, which potentially allows more things than we would prefer in the WebContent, Storage, or Network processes. Instead, we should first import 'common.sb', then deny all lookups so we can be sure we only enable the items we absolutely need to function.
<rdar://problem/43624193>
Created attachment 349092 [details] Patch
I tested this manually on device to confirm proper function.
Comment on attachment 349092 [details] Patch Clearing flags on attachment: 349092 Committed r235781: <https://trac.webkit.org/changeset/235781>
All reviewed patches have been landed. Closing bug.