Fix IOKit sandbox violations in the WebContent process on iOS.
<rdar://78523469>
Created attachment 430379 [details] Patch
Created attachment 430386 [details] Patch
Comment on attachment 430386 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=430386&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:267 > +#if __IPHONE_OS_VERSION_MIN_REQUIRED <= 150000 1) `<= a major version` is highly unusual and likely to lead to errors in the very near future. Does this need a FIXME + radar about reenabling it for future point updates? 2) what about the iOS-derived platforms that use this sandbox file but do not use __IPHONE_OS_VERSION_MIN_REQUIRED?
Created attachment 430391 [details] Patch
(In reply to Tim Horton from comment #4) > Comment on attachment 430386 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=430386&action=review > > > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:267 > > +#if __IPHONE_OS_VERSION_MIN_REQUIRED <= 150000 > > 1) `<= a major version` is highly unusual and likely to lead to errors in > the very near future. Does this need a FIXME + radar about reenabling it for > future point updates? > 2) what about the iOS-derived platforms that use this sandbox file but do > not use __IPHONE_OS_VERSION_MIN_REQUIRED? I have uploaded a new patch which I think should resolve these issues. Thanks for reviewing!
Comment on attachment 430391 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=430391&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:267 > +#if PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED < 150500 The new version check is odd for a different but very similar reason :) Maybe you meant < 160000? Also, you definitely still need a FIXME. Also, is it really OK that you're disabling this security feature for watchOS and tvOS?
Comment on attachment 430391 [details] Patch Per Arne explained both parts elsewhere, I retract my three comments :)
Comment on attachment 430391 [details] Patch Thanks for reviewing!
Committed r278370 (238397@main): <https://commits.webkit.org/238397@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 430391 [details].