RESOLVED FIXED205463
Log telemetry for IOUserClient lookups 
https://bugs.webkit.org/show_bug.cgi?id=205463
Summary Log telemetry for IOUserClient lookups
Brent Fulgham
Reported 2019-12-19 11:41:55 PST
We should use telemetry to make sure that every instance of an IOKit class we allow in our sandbox is actually needed by something for valid purposes. Ideally, we would move as many of these out of the WebContent process as possible. This telemetry will be a good first step in seeing if there is any low-hanging fruit.
Attachments
Patch (6.33 KB, patch)
2019-12-19 11:44 PST, Brent Fulgham 		pvollan: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2019-12-19 11:42:10 PST
<rdar://problem/57987372>
Brent Fulgham
Comment 2 2019-12-19 11:44:59 PST
Created attachment 386127 [details] Patch
Per Arne Vollan
Comment 3 2019-12-19 12:30:57 PST
Comment on attachment 386127 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=386127&action=review R=me. > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:451 > (iokit-user-client-class "AppleJPEGDriverUserClient") > (iokit-user-client-class "IOSurfaceAcceleratorClient") No telemetry for these? > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:564 > (iokit-user-client-class "AppleMultitouchDeviceUserClient") > (iokit-user-client-class "AppleUpstreamUserClient") Ditto.
Brent Fulgham
Comment 4 2019-12-19 13:24:05 PST
Comment on attachment 386127 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=386127&action=review >> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:451 >> (iokit-user-client-class "IOSurfaceAcceleratorClient") > > No telemetry for these? I think we expect to be using these, so telemetry won't be that useful (everyone will always have these). But if we move these features to the GPU Process we should add telemetry, too, and consider removing them. >> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:564 >> (iokit-user-client-class "AppleUpstreamUserClient") > > Ditto. Actually, I'm not sure if we use these. I'll add them.
Brent Fulgham
Comment 5 2019-12-19 16:04:06 PST
Committed r253798: <https://trac.webkit.org/changeset/253798>
Note You need to log in before you can comment on or make changes to this bug.