Bug 203915

Summary: [iOS] The UI process should issue mach sandbox extension to "com.apple.AGXCompilerService"
Product: WebKit Reporter: Per Arne Vollan <pvollan>
Component: WebKit Misc.Assignee: Per Arne Vollan <pvollan>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, ggaren, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: iPhone / iPad   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=216042
https://bugs.webkit.org/show_bug.cgi?id=225004
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch none

Description Per Arne Vollan 2019-11-06 13:20:15 PST 
Only a few iPad models need access to "com.apple.AGXCompilerService” in the WebContent process. The UI process should issue this mach extension for these iPad models.
Comment 1 Per Arne Vollan 2019-11-06 13:20:37 PST 
rdar://problem/56921370
Comment 2 Per Arne Vollan 2019-11-06 13:24:16 PST 
Created attachment 382954 [details]
Patch
Comment 3 Per Arne Vollan 2019-11-06 13:43:19 PST 
Created attachment 382957 [details]
Patch
Comment 4 Per Arne Vollan 2019-11-06 13:46:03 PST 
Created attachment 382958 [details]
Patch
Comment 5 Per Arne Vollan 2019-12-04 15:14:52 PST 
Created attachment 384852 [details]
Patch
Comment 6 Per Arne Vollan 2019-12-04 15:15:18 PST 
(In reply to Per Arne Vollan from comment #5)
> Created attachment 384852 [details]
> Patch

Rebased.
Comment 7 Brent Fulgham 2019-12-04 15:19:30 PST 
Comment on attachment 384852 [details]
Patch

Looks good. r=me
Comment 8 Per Arne Vollan 2019-12-04 15:24:03 PST 
(In reply to Brent Fulgham from comment #7)
> Comment on attachment 384852 [details]
> Patch
> 
> Looks good. r=me

Thanks for reviewing :)
Comment 9 WebKit Commit Bot 2019-12-04 16:07:46 PST 
Comment on attachment 384852 [details]
Patch

Clearing flags on attachment: 384852

Committed r253127: <https://trac.webkit.org/changeset/253127>
Comment 10 WebKit Commit Bot 2019-12-04 16:07:48 PST 
All reviewed patches have been landed.  Closing bug.
Comment 11 Brent Fulgham 2019-12-12 16:49:19 PST 
Comment on attachment 384852 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=384852&action=review

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:969
> +        (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.AGXCompilerService")))

I think this might be wrong. AGXCompilerService is an xpc-service-name-prefix, so it won't be found in the global-name namespace.

This might create problems on hardware that needs AGXCompilerService.

We should probably have a second allow-mach-lookup section that uses 'xpc-service-name', and another that uses 'xpc-service-name-prefix'.
Comment 12 Per Arne Vollan 2019-12-12 16:52:21 PST 
(In reply to Brent Fulgham from comment #11)
> Comment on attachment 384852 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=384852&action=review
> 
> > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:969
> > +        (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.AGXCompilerService")))
> 
> I think this might be wrong. AGXCompilerService is an
> xpc-service-name-prefix, so it won't be found in the global-name namespace.
> 
> This might create problems on hardware that needs AGXCompilerService.
> 
> We should probably have a second allow-mach-lookup section that uses
> 'xpc-service-name', and another that uses 'xpc-service-name-prefix'.

Oh, that's a good point. Great catch!