In Bug 205292 we began dynamically adding a sandbox extension for 'com.apple.diagnosticd' when needed. We should remove the blanket permission from the sandbox.
<rdar://problem/58496791>
Created attachment 387404 [details] Patch
Comment on attachment 387404 [details] Patch Tests pass on device.
Comment on attachment 387404 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=387404&action=review > LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html:18 > + shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.diagnosticd\")"); I expected this to be true, since we always issue the extension for internal builds, but perhaps I am mistaken?
Comment on attachment 387404 [details] Patch R=me. Perhaps you could consider removing the test, since I expect there to always be access to diagnostics in internal builds, because an extension is issued in this case.
(In reply to Per Arne Vollan from comment #5) > Comment on attachment 387404 [details] > Patch > > R=me. Perhaps you could consider removing the test, since I expect there to > always be access to diagnostics in internal builds, because an extension is > issued in this case. Yes -- you are right. We can't write a test that will work in Open Source and Internal environments.
Committed r254436: <https://trac.webkit.org/changeset/254436>