218999 – [macOS] Remove remote tcp capability from WebContent Sandbox

Bug 218999 - [macOS] Remove remote tcp capability from WebContent Sandbox

Summary: [macOS] Remove remote tcp capability from WebContent Sandbox

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Brent Fulgham

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-11-16 12:30 PST by Brent Fulgham
Modified:	2020-11-16 14:08 PST (History)
CC List:	1 user (show)

See Also:

Attachments
Patch (3.13 KB, patch) 2020-11-16 12:33 PST, Brent Fulgham	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brent Fulgham 2020-11-16 12:30:11 PST

We have moved all network activity (aside from some syslog use) out of the WebContent process. We no longer need the ability to open remote tcp connections, and should deny this in the sandbox.

Comment 1 Brent Fulgham 2020-11-16 12:30:49 PST

We do not have this power on iOS, and do not need it on macOS. I originally though there were media paths that needed this, but confirmed with the WebKit Media team that this is not the case, and performed local testing to confirm this.

Comment 2 Brent Fulgham 2020-11-16 12:31:34 PST

<rdar://problem/70355789>

Comment 3 Brent Fulgham 2020-11-16 12:33:49 PST

Created attachment 414267 [details]
Patch

Comment 4 Per Arne Vollan 2020-11-16 13:06:21 PST

Comment on attachment 414267 [details]
Patch

Great! R=me.

Comment 5 EWS 2020-11-16 14:08:04 PST

Committed r269877: <https://trac.webkit.org/changeset/269877>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 414267 [details].