RESOLVED FIXED 207276
Update sandbox to allow communication with dnssd service 
https://bugs.webkit.org/show_bug.cgi?id=207276
Summary Update sandbox to allow communication with dnssd service
Brent Fulgham
Reported 2020-02-05 10:12:46 PST
Testing and telemetry indicates that we need access to the DNSSD mach service in our Network Process.
Attachments
Patch (3.43 KB, patch)
2020-02-05 10:16 PST, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2020-02-05 10:15:49 PST
<rdar://problem/59158405>
Brent Fulgham
Comment 2 2020-02-05 10:16:44 PST
Created attachment 389827 [details] Patch
Per Arne Vollan
Comment 3 2020-02-05 11:17:52 PST
Comment on attachment 389827 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=389827&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:95 > + (allow network-outbound (literal "/private/var/run/mDNSResponder")) > + (allow mach-lookup (global-name "com.apple.dnssd.service"))) ;; <rdar://problem/55562091> > + (begin > + (allow network-outbound (literal "/private/var/run/mDNSResponder")) > + (allow mach-lookup (global-name "com.apple.dnssd.service")))) ;; <rdar://problem/55562091> Should this be outside 'if gizmo?'?
Brent Fulgham
Comment 4 2020-02-05 12:14:36 PST
Comment on attachment 389827 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=389827&action=review >> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:95 >> + (allow mach-lookup (global-name "com.apple.dnssd.service")))) ;; <rdar://problem/55562091> > > Should this be outside 'if gizmo?'? It is in the 'else' of the 'if gizmo?' clause, so it's correct.
Per Arne Vollan
Comment 5 2020-02-05 12:59:01 PST
Comment on attachment 389827 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=389827&action=review R=me. >>> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:95 >>> + (allow mach-lookup (global-name "com.apple.dnssd.service")))) ;; <rdar://problem/55562091> >> >> Should this be outside 'if gizmo?'? > > It is in the 'else' of the 'if gizmo?' clause, so it's correct. Ah, I see!
WebKit Commit Bot
Comment 6 2020-02-05 13:42:33 PST
Comment on attachment 389827 [details] Patch Clearing flags on attachment: 389827 Committed r255852: <https://trac.webkit.org/changeset/255852>
WebKit Commit Bot
Comment 7 2020-02-05 13:42:35 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.