RESOLVED FIXED218999
[macOS] Remove remote tcp capability from WebContent Sandbox 
https://bugs.webkit.org/show_bug.cgi?id=218999
Summary [macOS] Remove remote tcp capability from WebContent Sandbox
Brent Fulgham
Reported 2020-11-16 12:30:11 PST
We have moved all network activity (aside from some syslog use) out of the WebContent process. We no longer need the ability to open remote tcp connections, and should deny this in the sandbox.
Attachments
Patch (3.13 KB, patch)
2020-11-16 12:33 PST, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2020-11-16 12:30:49 PST
We do not have this power on iOS, and do not need it on macOS. I originally though there were media paths that needed this, but confirmed with the WebKit Media team that this is not the case, and performed local testing to confirm this.
Brent Fulgham
Comment 2 2020-11-16 12:31:34 PST
<rdar://problem/70355789>
Brent Fulgham
Comment 3 2020-11-16 12:33:49 PST
Created attachment 414267 [details] Patch
Per Arne Vollan
Comment 4 2020-11-16 13:06:21 PST
Comment on attachment 414267 [details] Patch Great! R=me.
EWS
Comment 5 2020-11-16 14:08:04 PST
Committed r269877: <https://trac.webkit.org/changeset/269877> All reviewed patches have been landed. Closing bug and clearing flags on attachment 414267 [details].
Note You need to log in before you can comment on or make changes to this bug.