218982 – [macOS] The WebContent sandbox does not apply for open source builds

Bug 218982 - [macOS] The WebContent sandbox does not apply for open source builds

Summary: [macOS] The WebContent sandbox does not apply for open source builds

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Per Arne Vollan

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-11-16 07:09 PST by Per Arne Vollan
Modified:	2020-11-16 11:54 PST (History)
CC List:	7 users (show)

See Also:

Attachments
Patch (6.79 KB, patch) 2020-11-16 07:12 PST, Per Arne Vollan	ap: review+	Details \| Formatted Diff \| Diff
Patch (7.32 KB, patch) 2020-11-16 10:16 PST, Per Arne Vollan	ews-feeder: commit-queue-	Details \| Formatted Diff \| Diff
Patch (7.36 KB, patch) 2020-11-16 10:29 PST, Per Arne Vollan	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Per Arne Vollan 2020-11-16 07:09:37 PST

The WebContent sandbox does not apply for open source builds on macOS, since it has enabled message filtering, which requires a private entitlement.

Comment 1 Per Arne Vollan 2020-11-16 07:12:18 PST

Created attachment 414232 [details]
Patch

Comment 2 Alexey Proskuryakov 2020-11-16 09:27:50 PST

Comment on attachment 414232 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=414232&action=review

> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:115
> +#if USE(APPLE_INTERNAL_SDK) && __MAC_OS_X_VERSION_MIN_REQUIRED > 110000

It may be nicer to add and use HAVE(SANDBOX_MESSAGE_FILTERING) instead of version checks everywhere.

Comment 3 Per Arne Vollan 2020-11-16 09:55:45 PST

(In reply to Alexey Proskuryakov from comment #2)
> Comment on attachment 414232 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=414232&action=review
> 
> > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:115
> > +#if USE(APPLE_INTERNAL_SDK) && __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
> 
> It may be nicer to add and use HAVE(SANDBOX_MESSAGE_FILTERING) instead of
> version checks everywhere.

Ah, good point, will fix.

Thanks for reviewing!

Comment 4 Per Arne Vollan 2020-11-16 10:16:30 PST

Created attachment 414247 [details]
Patch

Comment 5 Per Arne Vollan 2020-11-16 10:29:42 PST

Created attachment 414250 [details]
Patch

Comment 6 EWS 2020-11-16 11:53:06 PST

Committed r269867: <https://trac.webkit.org/changeset/269867>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 414250 [details].

Comment 7 Radar WebKit Bug Importer 2020-11-16 11:54:17 PST

<rdar://problem/71451891>