230909 – Remove redundant sandbox exception rules for registering mach extensions

Bug 230909 - Remove redundant sandbox exception rules for registering mach extensions

Summary: Remove redundant sandbox exception rules for registering mach extensions

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Brent Fulgham

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2021-09-28 13:17 PDT by Brent Fulgham
Modified:	2021-09-28 14:16 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Patch (4.62 KB, patch) 2021-09-28 13:22 PDT, Brent Fulgham	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brent Fulgham 2021-09-28 13:17:49 PDT

The Sandbox implementation offers a mechanism for applications to extend their sandbox at build time. WebKit does not use those extensions in its sandbox design, so we should remove those powers. They are left-over from importing the global App Sandbox rules long ago and are not used by WebKit.

Comment 1 Brent Fulgham 2021-09-28 13:18:02 PDT

<rdar://problem/66583587>

Comment 2 Brent Fulgham 2021-09-28 13:22:59 PDT

Created attachment 439510 [details]
Patch

Comment 3 Per Arne Vollan 2021-09-28 13:25:30 PDT

Comment on attachment 439510 [details]
Patch

R=me.

Comment 4 Brent Fulgham 2021-09-28 13:49:37 PDT

Tested on device and confirmed no findings.

Comment 5 EWS 2021-09-28 14:16:36 PDT

Committed r283195 (242242@main): <https://commits.webkit.org/242242@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 439510 [details].