Bug 224956

Summary: [iOS] GPU Process sandbox lacks IOMobileFramebufferUserClient method filter
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: pvollan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=211188
Attachments:
Description Flags
Patch
none
Patch none

Description Brent Fulgham 2021-04-22 16:15:05 PDT 
In Bug 211188 we added message filter protections to the IOMobileFramebufferUserClient. These were not retained when the GPU Process sandbox was constructed, and need to be.

<rdar://problem/68227590>
Comment 1 Brent Fulgham 2021-04-22 16:25:08 PDT 
Created attachment 426863 [details]
Patch
Comment 2 Per Arne Vollan 2021-04-22 16:31:35 PDT 
Comment on attachment 426863 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=426863&action=review

R=me.

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:96
> +                   (allow (with telemetry) (with message "IOMobileFramebufferUserClient")

Is the telemetry needed on the allow rule? Sometimes telemetry for frequently hit rules can cause a perf regression.
Comment 3 Brent Fulgham 2021-04-22 17:08:57 PDT 
(In reply to Per Arne Vollan from comment #2)
> Comment on attachment 426863 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=426863&action=review
> 
> R=me.
> 
> > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:96
> > +                   (allow (with telemetry) (with message "IOMobileFramebufferUserClient")
> 
> Is the telemetry needed on the allow rule? Sometimes telemetry for
> frequently hit rules can cause a perf regression.

Good point -- I'll remove it.

This telemetry is in the WebContent version of this (perhaps not used anymore). Maybe we should remove it there, too?
Comment 4 Brent Fulgham 2021-04-22 17:27:38 PDT 
Created attachment 426875 [details]
Patch
Comment 5 Per Arne Vollan 2021-04-22 17:39:14 PDT 
Comment on attachment 426875 [details]
Patch

R=me.
Comment 6 Brent Fulgham 2021-04-23 12:59:26 PDT 
Comment on attachment 426875 [details]
Patch

Patch was also validated in manual testing on device.
Comment 7 EWS 2021-04-23 13:11:47 PDT 
Committed r276515 (236971@main): <https://commits.webkit.org/236971@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 426875 [details].