Bug 218982

Summary: [macOS] The WebContent sandbox does not apply for open source builds
Product: WebKit Reporter: Per Arne Vollan <pvollan>
Component: WebKit Misc.Assignee: Per Arne Vollan <pvollan>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, benjamin, bfulgham, cdumez, cmarcelo, ews-watchlist, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
ap: review+
Patch
ews-feeder: commit-queue-
Patch none

Description Per Arne Vollan 2020-11-16 07:09:37 PST
The WebContent sandbox does not apply for open source builds on macOS, since it has enabled message filtering, which requires a private entitlement.
Comment 1 Per Arne Vollan 2020-11-16 07:12:18 PST
Created attachment 414232 [details]
Patch
Comment 2 Alexey Proskuryakov 2020-11-16 09:27:50 PST
Comment on attachment 414232 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=414232&action=review

> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:115
> +#if USE(APPLE_INTERNAL_SDK) && __MAC_OS_X_VERSION_MIN_REQUIRED > 110000

It may be nicer to add and use HAVE(SANDBOX_MESSAGE_FILTERING) instead of version checks everywhere.
Comment 3 Per Arne Vollan 2020-11-16 09:55:45 PST
(In reply to Alexey Proskuryakov from comment #2)
> Comment on attachment 414232 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=414232&action=review
> 
> > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:115
> > +#if USE(APPLE_INTERNAL_SDK) && __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
> 
> It may be nicer to add and use HAVE(SANDBOX_MESSAGE_FILTERING) instead of
> version checks everywhere.

Ah, good point, will fix.

Thanks for reviewing!
Comment 4 Per Arne Vollan 2020-11-16 10:16:30 PST
Created attachment 414247 [details]
Patch
Comment 5 Per Arne Vollan 2020-11-16 10:29:42 PST
Created attachment 414250 [details]
Patch
Comment 6 EWS 2020-11-16 11:53:06 PST
Committed r269867: <https://trac.webkit.org/changeset/269867>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 414250 [details].
Comment 7 Radar WebKit Bug Importer 2020-11-16 11:54:17 PST
<rdar://problem/71451891>