Bug 217733

Summary: [iOS] Allow additional sysctl reads needed by image decoding
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: pvollan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Brent Fulgham 2020-10-14 15:02:18 PDT
Telemetry on iOS 14 shows that we are hitting some sandbox violations during image decoding:

    hw.byteorder
    hw.cachelinesize_compat
    hw.vectorunit

We also see that this is being read, but not used, so we can just silence the warning:

    hw.cpufrequency_compat
Comment 1 Brent Fulgham 2020-10-14 15:02:48 PDT
<rdar://problem/68649171>
Comment 2 Brent Fulgham 2020-10-14 15:09:10 PDT
Created attachment 411377 [details]
Patch
Comment 3 Per Arne Vollan 2020-10-14 15:11:09 PDT
Comment on attachment 411377 [details]
Patch

R=me.
Comment 4 Alexey Proskuryakov 2020-10-14 17:54:05 PDT
Comment on attachment 411377 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=411377&action=review

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:647
> +          "hw.cpufrequency_compat"
> +          "sysctl.proc_native"))

It would be useful to have comments with radar numbers that track removing the need for these. It's not great to have deny-with-no-report rules. We add them for cases that we know is benign, but once they are in the profile, they start affecting all future scenarios, some of which can result in hard to diagnose bugs.
Comment 5 EWS 2020-10-14 20:24:24 PDT
Committed r268507: <https://trac.webkit.org/changeset/268507>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 411377 [details].