Bug 203915 - [iOS] The UI process should issue mach sandbox extension to "com.apple.AGXCompilerService"
Summary: [iOS] The UI process should issue mach sandbox extension to "com.apple.AGXCom...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: iPhone / iPad Unspecified
: P2 Normal
Assignee: Per Arne Vollan
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-11-06 13:20 PST by Per Arne Vollan
Modified: 2021-04-23 15:45 PDT (History)
4 users (show)

See Also:

Attachments
Patch (6.72 KB, patch)
2019-11-06 13:24 PST, Per Arne Vollan 		no flags Details | Formatted Diff | Diff
Patch (6.82 KB, patch)
2019-11-06 13:43 PST, Per Arne Vollan 		no flags Details | Formatted Diff | Diff
Patch (6.80 KB, patch)
2019-11-06 13:46 PST, Per Arne Vollan 		no flags Details | Formatted Diff | Diff
Patch (6.83 KB, patch)
2019-12-04 15:14 PST, Per Arne Vollan 		no flags Details | Formatted Diff | Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Per Arne Vollan 2019-11-06 13:20:15 PST 
Only a few iPad models need access to "com.apple.AGXCompilerService” in the WebContent process. The UI process should issue this mach extension for these iPad models.
Comment 1 Per Arne Vollan 2019-11-06 13:20:37 PST 
rdar://problem/56921370
Comment 2 Per Arne Vollan 2019-11-06 13:24:16 PST 
Created attachment 382954 [details]
Patch
Comment 3 Per Arne Vollan 2019-11-06 13:43:19 PST 
Created attachment 382957 [details]
Patch
Comment 4 Per Arne Vollan 2019-11-06 13:46:03 PST 
Created attachment 382958 [details]
Patch
Comment 5 Per Arne Vollan 2019-12-04 15:14:52 PST 
Created attachment 384852 [details]
Patch
Comment 6 Per Arne Vollan 2019-12-04 15:15:18 PST 
(In reply to Per Arne Vollan from comment #5)
> Created attachment 384852 [details]
> Patch

Rebased.
Comment 7 Brent Fulgham 2019-12-04 15:19:30 PST 
Comment on attachment 384852 [details]
Patch

Looks good. r=me
Comment 8 Per Arne Vollan 2019-12-04 15:24:03 PST 
(In reply to Brent Fulgham from comment #7)
> Comment on attachment 384852 [details]
> Patch
> 
> Looks good. r=me

Thanks for reviewing :)
Comment 9 WebKit Commit Bot 2019-12-04 16:07:46 PST 
Comment on attachment 384852 [details]
Patch

Clearing flags on attachment: 384852

Committed r253127: <https://trac.webkit.org/changeset/253127>
Comment 10 WebKit Commit Bot 2019-12-04 16:07:48 PST 
All reviewed patches have been landed.  Closing bug.
Comment 11 Brent Fulgham 2019-12-12 16:49:19 PST 
Comment on attachment 384852 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=384852&action=review

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:969
> +        (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.AGXCompilerService")))

I think this might be wrong. AGXCompilerService is an xpc-service-name-prefix, so it won't be found in the global-name namespace.

This might create problems on hardware that needs AGXCompilerService.

We should probably have a second allow-mach-lookup section that uses 'xpc-service-name', and another that uses 'xpc-service-name-prefix'.
Comment 12 Per Arne Vollan 2019-12-12 16:52:21 PST 
(In reply to Brent Fulgham from comment #11)
> Comment on attachment 384852 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=384852&action=review
> 
> > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:969
> > +        (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.AGXCompilerService")))
> 
> I think this might be wrong. AGXCompilerService is an
> xpc-service-name-prefix, so it won't be found in the global-name namespace.
> 
> This might create problems on hardware that needs AGXCompilerService.
> 
> We should probably have a second allow-mach-lookup section that uses
> 'xpc-service-name', and another that uses 'xpc-service-name-prefix'.

Oh, that's a good point. Great catch!