217733 2020-10-14 15:02:18 -0700 [iOS] Allow additional sysctl reads needed by image decoding 2020-10-14 20:24:25 -0700 1 1 1 Unclassified WebKit WebKit Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 bfulgham bfulgham pvollan oldest_to_newest 1697900 0 bfulgham 2020-10-14 15:02:18 -0700 Telemetry on iOS 14 shows that we are hitting some sandbox violations during image decoding: hw.byteorder hw.cachelinesize_compat hw.vectorunit We also see that this is being read, but not used, so we can just silence the warning: hw.cpufrequency_compat 1697901 1 bfulgham 2020-10-14 15:02:48 -0700 <rdar://problem/68649171> 1697907 2 411377 bfulgham 2020-10-14 15:09:10 -0700 Created attachment 411377 Patch 1697909 3 411377 pvollan 2020-10-14 15:11:09 -0700 Comment on attachment 411377 Patch R=me. 1697980 4 411377 ap 2020-10-14 17:54:05 -0700 Comment on attachment 411377 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=411377&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:647 > + "hw.cpufrequency_compat" > + "sysctl.proc_native")) It would be useful to have comments with radar numbers that track removing the need for these. It's not great to have deny-with-no-report rules. We add them for cases that we know is benign, but once they are in the profile, they start affecting all future scenarios, some of which can result in hard to diagnose bugs. 1698010 5 ews-feeder 2020-10-14 20:24:24 -0700 Committed r268507: <https://trac.webkit.org/changeset/268507> All reviewed patches have been landed. Closing bug and clearing flags on attachment 411377. 411377 2020-10-14 15:09:10 -0700 2020-10-14 20:24:24 -0700 Patch bug-217733-20201014150909.patch text/plain 2313 bfulgham U3VidmVyc2lvbiBSZXZpc2lvbjogMjY4NDg1CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IDUyOTgyOGU5OWExYTFmMjEx NTFiMWYzMmYxZjBhZGFlMDQ5MzgxMWUuLmU3OGVhYzMzZmNmNWMxYTE5OGE3ZDgxYWY3ZDllOTk5 Zjk3MzExNWYgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcgQEAKKzIwMjAtMTAtMTQgIEJyZW50IEZ1 bGdoYW0gIDxiZnVsZ2hhbUBhcHBsZS5jb20+CisKKyAgICAgICAgW2lPU10gQWxsb3cgYWRkaXRp b25hbCBzeXNjdGwgcmVhZHMgbmVlZGVkIGJ5IGltYWdlIGRlY29kaW5nCisgICAgICAgIGh0dHBz Oi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yMTc3MzMKKyAgICAgICAgPHJkYXI6 Ly9wcm9ibGVtLzY4NjQ5MTcxPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEp LgorCisgICAgICAgIFRlbGVtZXRyeSBvbiBpT1MgMTQgc2hvd3MgdGhhdCB3ZSBhcmUgaGl0dGlu ZyBzb21lIHNhbmRib3ggdmlvbGF0aW9ucyBkdXJpbmcgaW1hZ2UgZGVjb2RpbmcuIFdlIHNob3Vs ZAorICAgICAgICBncmFudCBhY2Nlc3MgdG8gaHcuYnl0ZW9yZGVyLCBody5jYWNoZWxpbmVzaXpl X2NvbXBhdCwgYW5kIGh3LnZlY3RvcnVuaXQuIFdlIHNob3VsZCBzaWxlbmNlIHdhcm5pbmdzCisg ICAgICAgIGFib3V0IGh3LmNwdWZyZXF1ZW5jeV9jb21wYXQgc2luY2UgaXQgaXMgbm90IG5lZWRl ZCBpbiB3ZWItZmFjaW5nIHVzZSBjYXNlcy4KKworICAgICAgICAqIFJlc291cmNlcy9TYW5kYm94 UHJvZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuV2ViQ29udGVudC5zYjoKKwogMjAyMC0xMC0x NCAgRG9uIE9sbXN0ZWFkICA8ZG9uLm9sbXN0ZWFkQHNvbnkuY29tPgogCiAgICAgICAgIE5vbi11 bmlmaWVkIGJ1aWxkIGZpeGVzLCBtaWQgT2N0b2JlciAyMDIwCmRpZmYgLS1naXQgYS9Tb3VyY2Uv V2ViS2l0L1Jlc291cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuV2Vi Q29udGVudC5zYiBiL1NvdXJjZS9XZWJLaXQvUmVzb3VyY2VzL1NhbmRib3hQcm9maWxlcy9pb3Mv Y29tLmFwcGxlLldlYktpdC5XZWJDb250ZW50LnNiCmluZGV4IGIzMTYzYzEwM2VkZWVjZDM5Y2Ux ZmQzZjRhMTc0OTI2NTQyMzA2YzEuLjliNDM4YmNiY2MzY2YzZjEzN2RlMjg1ODQyZThkMWQ4ZTc3 Yzc5MTggMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvUmVzb3VyY2VzL1NhbmRib3hQcm9maWxl cy9pb3MvY29tLmFwcGxlLldlYktpdC5XZWJDb250ZW50LnNiCisrKyBiL1NvdXJjZS9XZWJLaXQv UmVzb3VyY2VzL1NhbmRib3hQcm9maWxlcy9pb3MvY29tLmFwcGxlLldlYktpdC5XZWJDb250ZW50 LnNiCkBAIC02NDIsNyArNjQyLDkgQEAKICAgICAgICAocmVxdWlyZS1lbnRpdGxlbWVudCAiY29t LmFwcGxlLnByaXZhdGUua2VybmVsLm92ZXJyaWRlLWNwdW1vbiIpKQogCiAoZGVueSBzeXNjdGwt cmVhZCAod2l0aCBuby1yZXBvcnQpCi0gICAgICAoc3lzY3RsLW5hbWUgInN5c2N0bC5wcm9jX25h dGl2ZSIpKQorICAgICAgKHN5c2N0bC1uYW1lCisgICAgICAgICAgImh3LmNwdWZyZXF1ZW5jeV9j b21wYXQiCisgICAgICAgICAgInN5c2N0bC5wcm9jX25hdGl2ZSIpKQogCiAod2l0aC1maWx0ZXIg KHN5c3RlbS1hdHRyaWJ1dGUgYXBwbGUtaW50ZXJuYWwpCiAgICAgKGFsbG93IHN5c2N0bC1yZWFk IHN5c2N0bC13cml0ZQpAQCAtODQwLDcgKzg0Miw5IEBACiAgICAgKHN5c2N0bC1uYW1lCiAgICAg ICAgICJody5hY3RpdmVjcHUiIDs7IE5lZWRlZCBieSBKU0MgZW5naW5lLgogICAgICAgICAiaHcu YXZhaWxjcHUiCisgICAgICAgICJody5ieXRlb3JkZXIiCiAgICAgICAgICJody5jYWNoZWxpbmVz aXplIgorICAgICAgICAiaHcuY2FjaGVsaW5lc2l6ZV9jb21wYXQiCiAgICAgICAgICJody5jcHVm YW1pbHkiIDs7IDxyZGFyOi8vcHJvYmxlbS81ODQxNjQ3NT4KICAgICAgICAgImh3LmNwdXR5cGUi CiAgICAgICAgICJody5sMmNhY2hlc2l6ZSIKQEAgLTg1NCw2ICs4NTgsNyBAQAogICAgICAgICAi aHcucGh5c2ljYWxjcHUiCiAgICAgICAgICJody5waHlzaWNhbGNwdV9tYXgiCiAgICAgICAgICJo dy5wcm9kdWN0IgorICAgICAgICAiaHcudmVjdG9ydW5pdCIKICAgICAgICAgImtlcm4uYm9vdGFy Z3MiCiAgICAgICAgICJrZXJuLmhvc3RuYW1lIgogICAgICAgICAia2Vybi5tYXhmaWxlc3BlcnBy b2MiIDs7IDxyZGFyOi8vcHJvYmxlbS82NTkwMDUxNz4K