Bug 218999 - [macOS] Remove remote tcp capability from WebContent Sandbox
Summary: [macOS] Remove remote tcp capability from WebContent Sandbox
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Brent Fulgham
Keywords: InRadar
Depends on:
Reported: 2020-11-16 12:30 PST by Brent Fulgham
Modified: 2020-11-16 14:08 PST (History)
1 user (show)

See Also:

Patch (3.13 KB, patch)
2020-11-16 12:33 PST, Brent Fulgham
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2020-11-16 12:30:11 PST
We have moved all network activity (aside from some syslog use) out of the WebContent process. We no longer need the ability to open remote tcp connections, and should deny this in the sandbox.
Comment 1 Brent Fulgham 2020-11-16 12:30:49 PST
We do not have this power on iOS, and do not need it on macOS. I originally though there were media paths that needed this, but confirmed with the WebKit Media team that this is not the case, and performed local testing to confirm this.
Comment 2 Brent Fulgham 2020-11-16 12:31:34 PST
Comment 3 Brent Fulgham 2020-11-16 12:33:49 PST
Created attachment 414267 [details]
Comment 4 Per Arne Vollan 2020-11-16 13:06:21 PST
Comment on attachment 414267 [details]

Great! R=me.
Comment 5 EWS 2020-11-16 14:08:04 PST
Committed r269877: <https://trac.webkit.org/changeset/269877>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 414267 [details].