232329 2021-10-26 13:46:19 -0700 [macOS][GPUP] Remove access to sysctl properties 2021-11-10 12:30:14 -0800 1 1 1 Unclassified WebKit WebKit Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 pvollan pvollan bfulgham darin gavin.p mazander webkit-bug-importer oldest_to_newest 1809010 0 pvollan 2021-10-26 13:46:19 -0700 Based on telemetry, remove access to unused sysctl properties in the GPU process' sandbox on macOS. 1809011 1 webkit-bug-importer 2021-10-26 13:46:53 -0700 <rdar://problem/84679628> 1809013 2 442527 pvollan 2021-10-26 13:48:36 -0700 Created attachment 442527 Patch 1809017 3 442527 darin 2021-10-26 13:56:14 -0700 Comment on attachment 442527 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=442527&action=review > Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:173 > -(deny sysctl*) > +(deny sysctl* (with telemetry)) This change is not mentioned in the change log. What’s the rationale? 1809018 4 pvollan 2021-10-26 14:04:02 -0700 (In reply to Darin Adler from comment #3) > Comment on attachment 442527 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=442527&action=review > > > Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:173 > > -(deny sysctl*) > > +(deny sysctl* (with telemetry)) > > This change is not mentioned in the change log. What’s the rationale? This is to get telemetry for sysctl properties we might need to add in the future when new features being are added to the GPU process. Thanks for reviewing! 1813752 5 442527 pvollan 2021-11-10 12:26:31 -0800 Comment on attachment 442527 Patch Thanks for reviewing! 1813755 6 ews-feeder 2021-11-10 12:30:13 -0800 Committed r285606 (244110@main): <https://commits.webkit.org/244110@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 442527. 442527 2021-10-26 13:48:36 -0700 2021-11-10 12:30:13 -0800 Patch bug-232329-20211026134834.patch text/plain 3870 pvollan SW5kZXg6IFNvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJL aXQvQ2hhbmdlTG9nCShyZXZpc2lvbiAyODQ4OTIpCisrKyBTb3VyY2UvV2ViS2l0L0NoYW5nZUxv Zwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBACisyMDIxLTEwLTI2ICBQZXIgQXJuZSBW b2xsYW4gPHB2b2xsYW5AYXBwbGUuY29tPgorCisgICAgICAgIFttYWNPU11bR1BVUF0gUmVtb3Zl IGFjY2VzcyB0byBzeXNjdGwgcHJvcGVydGllcworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0 Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjMyMzI5CisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS84NDY3 OTYyOD4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBC YXNlZCBvbiB0ZWxlbWV0cnksIHJlbW92ZSBhY2Nlc3MgdG8gdW51c2VkIHN5c2N0bCBwcm9wZXJ0 aWVzIGluIHRoZSBHUFUgcHJvY2Vzcycgc2FuZGJveCBvbiBtYWNPUy4KKworICAgICAgICAqIEdQ VVByb2Nlc3MvbWFjL2NvbS5hcHBsZS5XZWJLaXQuR1BVUHJvY2Vzcy5zYi5pbjoKKwogMjAyMS0x MC0yNiAgV2Vuc29uIEhzaWVoICA8d2Vuc29uX2hzaWVoQGFwcGxlLmNvbT4KIAogICAgICAgICBS RUdSRVNTSU9OIChyMjgxMDU0KTogW2lPU10gQ29udGV4dCBtZW51IHByZXNlbnRzIGZyb20gd3Jv bmcgbG9jYXRpb24gd2hlbiBsb25nIHByZXNzaW5nIGEgbGluayBpbiBNYWlsCkluZGV4OiBTb3Vy Y2UvV2ViS2l0L0dQVVByb2Nlc3MvbWFjL2NvbS5hcHBsZS5XZWJLaXQuR1BVUHJvY2Vzcy5zYi5p bgo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViS2l0L0dQVVByb2Nlc3MvbWFjL2NvbS5hcHBsZS5X ZWJLaXQuR1BVUHJvY2Vzcy5zYi5pbgkocmV2aXNpb24gMjg0NzgzKQorKysgU291cmNlL1dlYktp dC9HUFVQcm9jZXNzL21hYy9jb20uYXBwbGUuV2ViS2l0LkdQVVByb2Nlc3Muc2IuaW4JKHdvcmtp bmcgY29weSkKQEAgLTE3MCw2OCArMTcwLDMzIEBACiAoYWxsb3cgcHJvY2Vzcy1pbmZvLXNldGNv bnRyb2wgKHRhcmdldCBzZWxmKSkKIChhbGxvdyBwcm9jZXNzLWNvZGVzaWduaW5nLXN0YXR1cyop CiAKLShkZW55IHN5c2N0bCopCisoZGVueSBzeXNjdGwqICh3aXRoIHRlbGVtZXRyeSkpCiAoYWxs b3cgc3lzY3RsLXJlYWQgKHdpdGggdGVsZW1ldHJ5KQogICAgIChzeXNjdGwtbmFtZQotICAgICAg ICAiaHcuYWN0aXZlY3B1IiA7OyA8cmRhcjovL3Byb2JsZW0vNTY3OTU1NzU+Ci0gICAgICAgICJo dy5hdmFpbGNwdSIKLSAgICAgICAgImh3LmJ5dGVvcmRlciIKLSAgICAgICAgImh3LmJ1c2ZyZXF1 ZW5jeSIKLSAgICAgICAgImh3LmJ1c2ZyZXF1ZW5jeV9tYXgiCi0gICAgICAgICJody5jYWNoZWNv bmZpZyIgOzsgPHJkYXI6Ly9wcm9ibGVtLzc4MjEzNTYzPgotICAgICAgICAiaHcuY2FjaGVsaW5l c2l6ZSIgOzsgPHJkYXI6Ly9wcm9ibGVtLzU2Nzk1NTc1PgotICAgICAgICAiaHcuY2FjaGVzaXpl IiA7OyA8cmRhcjovL3Byb2JsZW0vNzgyMTM1NjM+Ci0gICAgICAgICJody5jcHVmYW1pbHkiIDs7 IDxyZGFyOi8vcHJvYmxlbS81ODQxNjQ3NT4KLSAgICAgICAgImh3LmNwdWZyZXF1ZW5jeSIKLSAg ICAgICAgImh3LmNwdWZyZXF1ZW5jeV9tYXgiCisgICAgICAgICJody5hY3RpdmVjcHUiCisgICAg ICAgICJody5jYWNoZWxpbmVzaXplIgorICAgICAgICAiaHcuY3B1ZmFtaWx5IgogICAgICAgICAi aHcuY3B1c3ViZmFtaWx5IgogICAgICAgICAiaHcuY3B1dGhyZWFkdHlwZSIKICAgICAgICAgImh3 LmNwdXR5cGUiCi0gICAgICAgICJody5sMWRjYWNoZXNpemUiIDs7IDxyZGFyOi8vcHJvYmxlbS81 Njc5NTU3NT4KLSAgICAgICAgImh3LmwxaWNhY2hlc2l6ZSIgOzsgPHJkYXI6Ly9wcm9ibGVtLzU2 Nzk1NTc1PgotICAgICAgICAiaHcubDJjYWNoZXNpemUiIDs7IDxyZGFyOi8vcHJvYmxlbS81Njc5 NTU3NT4KLSAgICAgICAgImh3LmwzY2FjaGVzaXplIiA7OyA8cmRhcjovL3Byb2JsZW0vNTY3OTU1 NzU+Ci0gICAgICAgICJody5sb2dpY2FsY3B1IiA7OyA8cmRhcjovL3Byb2JsZW0vNTY3OTU1NzU+ Ci0gICAgICAgICJody5sb2dpY2FsY3B1X21heCIgOzsgPHJkYXI6Ly9wcm9ibGVtLzU2Nzk1NTc1 PgotICAgICAgICAiaHcubWFjaGluZSIKKyAgICAgICAgImh3LmwyY2FjaGVzaXplIgorICAgICAg ICAiaHcubG9naWNhbGNwdSIKKyAgICAgICAgImh3LmxvZ2ljYWxjcHVfbWF4IgogICAgICAgICAi aHcubWVtc2l6ZSIKICAgICAgICAgImh3Lm1vZGVsIgogICAgICAgICAiaHcubmNwdSIKLSAgICAg ICAgImh3Lm5wZXJmbGV2ZWxzIiA7OyA8cmRhcjovL3Byb2JsZW0vNzY3ODM1OTY+Ci0gICAgICAg ICJody5wYWdlc2l6ZSIgOzsgPHJkYXI6Ly9wcm9ibGVtLzc2NzgzNTk2PgotICAgICAgICAiaHcu cGFnZXNpemVfY29tcGF0IiA7OyA8cmRhcjovL3Byb2JsZW0vNzY3ODM1OTY+Ci0gICAgICAgICJo dy5waHlzaWNhbGNwdSIgOzsgPHJkYXI6Ly9wcm9ibGVtLzU4NDE2NDc1PgotICAgICAgICAiaHcu cGh5c2ljYWxjcHVfbWF4IiA7OyA8cmRhcjovL3Byb2JsZW0vNTg0MTY0NzU+Ci0gICAgICAgICJo dy50YmZyZXF1ZW5jeSIKLSAgICAgICAgImh3LnRiZnJlcXVlbmN5X2NvbXBhdCIKKyAgICAgICAg Imh3LnBoeXNpY2FsY3B1IgorICAgICAgICAiaHcucGh5c2ljYWxjcHVfbWF4IgogICAgICAgICAi aHcudmVjdG9ydW5pdCIKLSAgICAgICAgImtlcm4uYm9vdGFyZ3MiIDs7IDxyZGFyOi8vcHJvYmxl bS80NzczODAxNT4KICAgICAgICAgImtlcm4uaG9zdG5hbWUiCiAgICAgICAgICJrZXJuLmh2X3Zt bV9wcmVzZW50IgogICAgICAgICAia2Vybi5tYXhmaWxlc3BlcnByb2MiCi0gICAgICAgICJrZXJu Lm1lbW9yeXN0YXR1c19sZXZlbCIKLSAgICAgICAgImtlcm4ub3Nwcm9kdWN0dmVyc2lvbiIgOzsg PHJkYXI6Ly9wcm9ibGVtLzUxNzU2NzM5PgotICAgICAgICAia2Vybi5vc3JlbGVhc2UiCi0gICAg ICAgICJrZXJuLm9zdHlwZSIKLSAgICAgICAgImtlcm4ub3N2YXJpYW50X3N0YXR1cyIKLSAgICAg ICAgImtlcm4ub3N2ZXJzaW9uIgotICAgICAgICAia2Vybi5zYWZlYm9vdCIKLSAgICAgICAgImtl cm4udmVyc2lvbiIKLSAgICAgICAgIm1hY2hkZXAuY3B1LmJyYW5kX3N0cmluZyIKLSAgICAgICAg InNlY3VyaXR5Lm1hYy5zYW5kYm94LnNlbnRpbmVsIgotICAgICAgICAic3lzY3RsLm5hbWUyb2lk IgotICAgICAgICAia2Vybi50Y3NtX2VuYWJsZSIKLSAgICAgICAgImtlcm4udGNzbV9hdmFpbGFi bGUiCi0gICAgICAgICJ2bS5mb290cHJpbnRfc3VzcGVuZCIpCi0gICAgKHN5c2N0bC1uYW1lLXBy ZWZpeCAibmV0LnJvdXRldGFibGUiKQorICAgICAgICAia2Vybi5vc3Byb2R1Y3R2ZXJzaW9uIgor ICAgICAgICAia2Vybi5vc3JlbGVhc2UiKQogICAgIChzeXNjdGwtbmFtZS1wcmVmaXggImh3Lm9w dGlvbmFsLiIpIDs7IDxyZGFyOi8vcHJvYmxlbS83MTQ2Mjc5MD4KICAgICAoc3lzY3RsLW5hbWUt cHJlZml4ICJody5wZXJmbGV2ZWwiKSA7OyA8cmRhcjovL3Byb2JsZW0vNzY3ODM1OTY+CiApCiAK LShhbGxvdyBzeXNjdGwtd3JpdGUgKHdpdGggdGVsZW1ldHJ5KQotICAgIChzeXNjdGwtbmFtZQot ICAgICAgICAia2Vybi50Y3NtX2VuYWJsZSIpKQotCiAoZGVueSBpb2tpdC1nZXQtcHJvcGVydGll cykKIChhbGxvdyBpb2tpdC1nZXQtcHJvcGVydGllcwogICAgIChpb2tpdC1wcm9wZXJ0eSAiQUFQ TCxMQ0QtUG93ZXJTdGF0ZS1PTiIpIDs7IDxyZGFyOi8vcHJvYmxlbS80NzczODAxNT4K