Bug 168242

Summary: [WebRTC][Mac][WebKit2] UIProcess should be able to veto WebRTC requests
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebRTCAssignee: Brent Fulgham <bfulgham>
Status: NEW    
Severity: Normal CC: bfulgham, fyffes411, jonlee, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: macOS 10.12   
Bug Depends on: 168010    
Bug Blocks:    
Attachments:
Description Flags
Patch achristensen: review+

Brent Fulgham
Reported 2017-02-13 12:10:36 PST
In Bug 168010 we added the ability for the UIProcess to extend the NetworkProcess sandbox to include WebRTC connections. Currently, we grant access whenever the NetworkProcess requests to expand the sandbox for a new connection. For a final shipping product, however, we need to validate that the user actually intended a WebRTC connection to be established before expanding the sandbox. This bug tracks that task.
Attachments
Patch (15.73 KB, patch)
2017-02-16 12:30 PST, Brent Fulgham 		achristensen: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2017-02-13 12:12:11 PST
<rdar://problem/30496382>
Brent Fulgham
Comment 2 2017-02-16 12:30:18 PST
Created attachment 301799 [details] Patch
Alex Christensen
Comment 3 2017-02-16 14:24:56 PST
Comment on attachment 301799 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=301799&action=review Looks good with a few comments. > Source/WebKit2/NetworkProcess/mac/NetworkProcessMac.mm:152 > +void NetworkProcess::didGrantRTCConnection(uint64_t requestID) These should be in NetworkProcessCocoa.mm > Source/WebKit2/NetworkProcess/webrtc/NetworkRTCProvider.cpp:107 > + NetworkProcess::singleton().grantRTCConnectionForClient("tcp", localAddress, remoteAddress, ASCIILiteral with the protocols.
Note You need to log in before you can comment on or make changes to this bug.