Created attachment 435243 [details] Patch

Comment on attachment 435243 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=435243&action=review > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:1453 > + (require-not (extension "com.apple.webkit.extension.mach")) This says that if we did not extend access to SYS_getpriority dynamically, allow the syscall. Since we don't currently extend any syscalls dynamically I think this will always be true. Consequently, I would just add this to the existing "(when (defined? 'syscall-unix)" case inside a version check like we do for SYS_setattrlist. Please also add the radar and a comment that we should remove it once the GPU Process is permanently enabled.

Comment on attachment 435243 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=435243&action=review > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:1453 > + (require-not (extension "com.apple.webkit.extension.mach")) the way that test appears to be used thorough the file is to check if the GPU Process is enabled. require-all tells me that extension "com.apple.webkit.extension.mach" needs to be false for SYS_getpriority to be allowed. I admit I'm definitely not a sandbox expert Also, I can't definitely say that this is only required for MacOS >= 12, it's just where I noticed the problem and that I can definitely test with. it may be required with other OS once AudioToolbox framework gets updated.

Created attachment 435316 [details] Patch Apply comment

Created attachment 435391 [details] Patch update Changelog

Comment on attachment 435391 [details] Patch R=me

thank you

Committed r280955 (240461@main): <https://commits.webkit.org/240461@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 435391 [details].