218596 – [iOS] Remove redundant rule for iokit-open using never-granted extension

Bug 218596 - [iOS] Remove redundant rule for iokit-open using never-granted extension

Summary: [iOS] Remove redundant rule for iokit-open using never-granted extension

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Brent Fulgham

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-11-04 17:01 PST by Brent Fulgham
Modified:	2020-11-05 09:38 PST (History)
CC List:	3 users (show)

See Also:

Attachments
Patch (3.89 KB, patch) 2020-11-04 17:04 PST, Brent Fulgham	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brent Fulgham 2020-11-04 17:01:53 PST

WebKit has long had a sandbox rule granting the ability to issue iokit-open operations if a particular security extension was granted to the process. The WebKit processes are known to never grant this extension, so this rule is not needed.

We should remove the rule to reduce sandbox complexity and increase the speed of sandbox compilation.

Comment 1 Brent Fulgham 2020-11-04 17:02:04 PST

<rdar://problem/66581246>

Comment 2 Brent Fulgham 2020-11-04 17:04:18 PST

Created attachment 413228 [details]
Patch

Comment 3 Per Arne Vollan 2020-11-04 17:30:52 PST

Comment on attachment 413228 [details]
Patch

R=me.

Comment 4 EWS 2020-11-05 09:38:59 PST

Committed r269444: <https://trac.webkit.org/changeset/269444>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 413228 [details].