Make sandbox rules for debug syscalls stricter in the WebContent process on macOS and iOS.
<rdar://49531420>
Created attachment 439659 [details] Patch
Comment on attachment 439659 [details] Patch Nice! r=me
Comment on attachment 439659 [details] Patch Thanks for reviewing!
Created attachment 439680 [details] Patch
Created attachment 439853 [details] Patch
Committed r283375 (242383@main): <https://commits.webkit.org/242383@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 439853 [details].
Comment on attachment 439853 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=439853&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:1333 > +(with-filter (system-attribute apple-internal) What are the consequences of this? Will dtrace and Instruments still work with WebKit?
(In reply to Alexey Proskuryakov from comment #8) > Comment on attachment 439853 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=439853&action=review > > > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:1333 > > +(with-filter (system-attribute apple-internal) > > What are the consequences of this? Will dtrace and Instruments still work > with WebKit? That is a good point. I will look into confirming that. Thanks for reviewing!