The WebContent process' sandbox should deny mach lookup to the content filter service. Instead an extension from the UI process should be consumed when needed.
<rdar://problem/57803795>
Created attachment 385302 [details] Patch
Comment on attachment 385302 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=385302&action=review Looks good! r=me > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:969 > + (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.AGXCompilerService" "com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI"))) Is there an equivalent process we use on macOS that we could treat the same way?
Created attachment 385312 [details] Patch
(In reply to Brent Fulgham from comment #3) > Comment on attachment 385302 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=385302&action=review > > Looks good! r=me > > > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:969 > > + (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.AGXCompilerService" "com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI"))) > > Is there an equivalent process we use on macOS that we could treat the same > way? That’s a good point. I will try to find the equivalent service on macOS, so we can do the same there. Thanks for reviewing!
Created attachment 385413 [details] Patch
(In reply to Per Arne Vollan from comment #6) > Created attachment 385413 [details] > Patch I uploaded another patch with a potential fix for the API test failure. Brent, are you OK with landing this, or would you like to do another review?
Comment on attachment 385413 [details] Patch r=me
(In reply to Brent Fulgham from comment #8) > Comment on attachment 385413 [details] > Patch > > r=me Thanks for reviewing!
Comment on attachment 385413 [details] Patch Clearing flags on attachment: 385413 Committed r253440: <https://trac.webkit.org/changeset/253440>
Created attachment 385644 [details] Patch
Reopening to attach new patch.
Created attachment 385647 [details] Patch
(In reply to Per Arne Vollan from comment #13) > Created attachment 385647 [details] > Patch Do you need to land this other patch, too? It's not marked for review.
(In reply to Brent Fulgham from comment #14) > (In reply to Per Arne Vollan from comment #13) > > Created attachment 385647 [details] > > Patch > > Do you need to land this other patch, too? It's not marked for review. This was landed manually as a tvOS build fix.