218596 – [iOS] Remove redundant rule for iokit-open using never-granted extension

RESOLVED FIXED 218596

[iOS] Remove redundant rule for iokit-open using never-granted extension

https://bugs.webkit.org/show_bug.cgi?id=218596

Summary [iOS] Remove redundant rule for iokit-open using never-granted extension

Brent Fulgham

Reported 2020-11-04 17:01:53 PST

WebKit has long had a sandbox rule granting the ability to issue iokit-open operations if a particular security extension was granted to the process. The WebKit processes are known to never grant this extension, so this rule is not needed. We should remove the rule to reduce sandbox complexity and increase the speed of sandbox compilation.

Attachments
Patch (3.89 KB, patch) 2020-11-04 17:04 PST, Brent Fulgham	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2020-11-04 17:02:04 PST

<rdar://problem/66581246>

Brent Fulgham

Comment 2 2020-11-04 17:04:18 PST

Created attachment 413228 [details] Patch

Per Arne Vollan

Comment 3 2020-11-04 17:30:52 PST

Comment on attachment 413228 [details] Patch R=me.

EWS

Comment 4 2020-11-05 09:38:59 PST

Committed r269444: <https://trac.webkit.org/changeset/269444> All reviewed patches have been landed. Closing bug and clearing flags on attachment 413228 [details].

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit Misc.

Assignee

Brent Fulgham

Reported

2020-11-04 17:01 PST

Modified

2020-11-05 09:38 PST History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks