These services have not been observed being in use while running layout test, and should be denied in the WebContent Sandbox.
<rdar://problem/56757653>
Created attachment 382348 [details] Patch
Created attachment 382351 [details] Patch
Comment on attachment 382351 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=382351&action=review I am worried about this change. Please make sure to test on a device with this sandbox, using MobileMaill and MobileSafari, and attempting to share URLs. > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:434 > (xpc-service-name-regex #"\.apple-extension-service$") ;; <rdar://problem/19525887> I can't see this radar, but this could be related to sharing services. We should make sure to test with share sheet before checking this change in. > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:435 > (xpc-service-name-regex #"\.viewservice$") ;; <rdar://problem/31252371> I'm worried about this denial: According to <rdar://problem/31252371>, this was triggered in MobileSafari. Unless you have run MobileSafari with this change, I wouldn't want to land this.
(In reply to Brent Fulgham from comment #4) > Comment on attachment 382351 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=382351&action=review > > I am worried about this change. Please make sure to test on a device with > this sandbox, using MobileMaill and MobileSafari, and attempting to share > URLs. > > > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:434 > > (xpc-service-name-regex #"\.apple-extension-service$") ;; <rdar://problem/19525887> > > I can't see this radar, but this could be related to sharing services. We > should make sure to test with share sheet before checking this change in. > > > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:435 > > (xpc-service-name-regex #"\.viewservice$") ;; <rdar://problem/31252371> > > I'm worried about this denial: According to <rdar://problem/31252371>, this > was triggered in MobileSafari. Unless you have run MobileSafari with this > change, I wouldn't want to land this. I will perform tests with MobileMail and MobileSafari, sharing URLs and testing with share sheet. Thanks for reviewing!
Comment on attachment 382351 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=382351&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:432 > + (deny mach-lookup (with send-signal SIGKILL) Sending SIGKILL is potentially super disruptive to a lot of people if we miss something in testing. At the very least, there should be a bug that tracks removing SIGKILL before shipping, but really, we need a better mechanism to learn about sandbox violations.
Created attachment 382599 [details] Patch
Comment on attachment 382599 [details] Patch OK. I don't know what "with telemetry" does, but it sounds appropriate :)
(In reply to Alexey Proskuryakov from comment #8) > Comment on attachment 382599 [details] > Patch > > OK. I don't know what "with telemetry" does, but it sounds appropriate :) Thanks for reviewing :)
Comment on attachment 382599 [details] Patch Clearing flags on attachment: 382599 Committed r251935: <https://trac.webkit.org/changeset/251935>
All reviewed patches have been landed. Closing bug.