222335 – [macOS] Allow additional syscall support in the sandbox

RESOLVED FIXED Bug 222335

[macOS] Allow additional syscall support in the sandbox

https://bugs.webkit.org/show_bug.cgi?id=222335

Summary [macOS] Allow additional syscall support in the sandbox

Brent Fulgham

Reported 2021-02-23 15:50:44 PST

We are seeing sandbox errors when some dependent frameworks created caches in the WebContent process. Some of these code paths are relevant in the Network Process, as well. We should allow this syscall access now that we understand its use, and have evaluated the risk of the syscall.

Attachments
Patch (1.44 KB, patch) 2021-02-23 15:53 PST, Brent Fulgham	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2021-02-23 15:51:32 PST

<rdar://problem/74473824>

Brent Fulgham

Comment 2 2021-02-23 15:53:10 PST

Created attachment 421361 [details] Patch

Per Arne Vollan

Comment 3 2021-02-23 15:54:25 PST

Comment on attachment 421361 [details] Patch R=me.

EWS

Comment 4 2021-02-23 17:02:49 PST

Committed r273359: <https://commits.webkit.org/r273359> All reviewed patches have been landed. Closing bug and clearing flags on attachment 421361 [details].

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit2

Assignee

Brent Fulgham

Reported

2021-02-23 15:50 PST

Modified

2021-02-23 17:02 PST History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks