Bug 231594 - Restrict "darwin-notification-post" to a minimal set in the WP sandbox
Summary: Restrict "darwin-notification-post" to a minimal set in the WP sandbox
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Per Arne Vollan
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-10-12 10:34 PDT by Per Arne Vollan
Modified: 2021-10-13 12:05 PDT (History)
4 users (show)

See Also:

Attachments
Patch (2.98 KB, patch)
2021-10-13 09:08 PDT, Per Arne Vollan 		bfulgham: review+
Details | Formatted Diff | Diff
Patch (2.95 KB, patch)
2021-10-13 11:19 PDT, Per Arne Vollan 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Per Arne Vollan 2021-10-12 10:34:36 PDT 
Restrict "darwin-notification-post" to a minimal set in the WP sandbox on macOS and iOS.
Comment 1 Per Arne Vollan 2021-10-12 10:42:03 PDT 
<rdar://66586792>
Comment 2 Per Arne Vollan 2021-10-13 09:08:58 PDT 
Created attachment 441088 [details]
Patch
Comment 3 Brent Fulgham 2021-10-13 10:12:43 PDT 
Comment on attachment 441088 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=441088&action=review

r=me

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:1577
> +(allow darwin-notification-post (with telemetry)

Do we need to collect telemetry on the items we allow? Presumably we allow them because we know we need them?
Comment 4 Per Arne Vollan 2021-10-13 11:16:41 PDT 
(In reply to Brent Fulgham from comment #3)
> Comment on attachment 441088 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=441088&action=review
> 
> r=me
> 
> > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:1577
> > +(allow darwin-notification-post (with telemetry)
> 
> Do we need to collect telemetry on the items we allow? Presumably we allow
> them because we know we need them?

Yes, that is a good point; I'll remove the telemetry.

Thanks for reviewing!
Comment 5 Per Arne Vollan 2021-10-13 11:19:33 PDT 
Created attachment 441111 [details]
Patch
Comment 6 EWS 2021-10-13 12:05:44 PDT 
Committed r284119 (242939@main): <https://commits.webkit.org/242939@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 441111 [details].