The iOS web process needs access to the following Mach names in order to compress, decompress, and render audio and video for WebRTC: These are needed to decode video content delivered over WebRTC: com.apple.coremedia.videoqueue com.apple.audio.audiohald com.apple.coremedia.decompressionsession This is needed to encode video to ship over WebRTC: com.apple.coremedia.compressionsession
<rdar://problem/30844650>
Created attachment 303960 [details] Patch
Comment on attachment 303960 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=303960&action=review > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:116 > + (allow mach-lookup (global-name "com.apple.coremedia.compressionsession"))) We need compressionsession when doing exporting canvas through peer connection, not only for gum. I would add it next to decompressionsession. > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:141 > + (global-name "com.apple.audio.audiohald") I wonder whether we can put this one under com.apple.webkit.microphone?
Comment on attachment 303960 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=303960&action=review >> Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:116 >> + (allow mach-lookup (global-name "com.apple.coremedia.compressionsession"))) > > We need compressionsession when doing exporting canvas through peer connection, not only for gum. > I would add it next to decompressionsession. We need this for microphone OR camera, but not otherwise. So I think this is correct (it's safe to tell the Sandbox to allow a particular mach name more than once). >> Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:141 >> + (global-name "com.apple.audio.audiohald") > > I wonder whether we can put this one under com.apple.webkit.microphone? Eric said it was needed for incoming video streams (which I assume include audio?), so I put it here.
Comment on attachment 303960 [details] Patch Clearing flags on attachment: 303960 Committed r213665: <http://trac.webkit.org/changeset/213665>
All reviewed patches have been landed. Closing bug.
(In reply to comment #4) > Comment on attachment 303960 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=303960&action=review > > >> Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:116 > >> + (allow mach-lookup (global-name "com.apple.coremedia.compressionsession"))) > > > > We need compressionsession when doing exporting canvas through peer connection, not only for gum. > > I would add it next to decompressionsession. > > We need this for microphone OR camera, but not otherwise. So I think this is > correct (it's safe to tell the Sandbox to allow a particular mach name more > than once). We also need it when no microphone and no camera,: canvas is exported to a mediastream track which is then sent to peer connection. Can you update the patch? > > >> Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:141 > >> + (global-name "com.apple.audio.audiohald") > > > > I wonder whether we can put this one under com.apple.webkit.microphone? > > Eric said it was needed for incoming video streams (which I assume include > audio?), so I put it here.
See https://youennf.github.io/webrtc-tests/src/content/capture/canvas-pc2/ as an example