RESOLVED FIXED 206114
[iOS] Remove 'com.apple.diagnosticd' from WebContent process sandbox
https://bugs.webkit.org/show_bug.cgi?id=206114
Summary [iOS] Remove 'com.apple.diagnosticd' from WebContent process sandbox
Brent Fulgham
Reported 2020-01-10 17:15:49 PST
In Bug 205292 we began dynamically adding a sandbox extension for 'com.apple.diagnosticd' when needed. We should remove the blanket permission from the sandbox.
Attachments
Patch (5.20 KB, patch)
2020-01-10 17:25 PST, Brent Fulgham
pvollan: review+
Radar WebKit Bug Importer
Comment 1 2020-01-10 17:19:38 PST
Brent Fulgham
Comment 2 2020-01-10 17:25:16 PST
Brent Fulgham
Comment 3 2020-01-10 17:28:42 PST
Comment on attachment 387404 [details] Patch Tests pass on device.
Per Arne Vollan
Comment 4 2020-01-10 17:35:06 PST
Comment on attachment 387404 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=387404&action=review > LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html:18 > + shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.diagnosticd\")"); I expected this to be true, since we always issue the extension for internal builds, but perhaps I am mistaken?
Per Arne Vollan
Comment 5 2020-01-13 07:54:16 PST
Comment on attachment 387404 [details] Patch R=me. Perhaps you could consider removing the test, since I expect there to always be access to diagnostics in internal builds, because an extension is issued in this case.
Brent Fulgham
Comment 6 2020-01-13 09:38:20 PST
(In reply to Per Arne Vollan from comment #5) > Comment on attachment 387404 [details] > Patch > > R=me. Perhaps you could consider removing the test, since I expect there to > always be access to diagnostics in internal builds, because an extension is > issued in this case. Yes -- you are right. We can't write a test that will work in Open Source and Internal environments.
Brent Fulgham
Comment 7 2020-01-13 09:39:38 PST
Note You need to log in before you can comment on or make changes to this bug.