WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
Bug 216042
[iOS] AGX compiler service sandbox violation
https://bugs.webkit.org/show_bug.cgi?id=216042
Summary
[iOS] AGX compiler service sandbox violation
Per Arne Vollan
Reported
2020-09-01 10:04:33 PDT
For a set of devices, mach-lookup sandbox violations have been observed for an AGX compiler service. For these devices, we currently issue an extension for one AGX compiler service, but this is not sufficient since this is an exact match. The extension should match the prefix of the service name provided.
Attachments
Patch
(4.40 KB, patch)
2020-09-01 10:28 PDT
,
Per Arne Vollan
no flags
Details
Formatted Diff
Diff
Patch
(5.30 KB, patch)
2020-09-01 13:02 PDT
,
Per Arne Vollan
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Per Arne Vollan
Comment 1
2020-09-01 10:06:25 PDT
<
rdar://problem/68111667
>
Per Arne Vollan
Comment 2
2020-09-01 10:28:40 PDT
Created
attachment 407693
[details]
Patch
Brent Fulgham
Comment 3
2020-09-01 11:43:32 PDT
Comment on
attachment 407693
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=407693&action=review
r=me
> Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:97 > + extensionFlags |= SANDBOX_EXTENSION_PREFIXMATCH;
Can you double-check we do not have any other "xpc-service-prefix" rules that aren't set with this flag?
Brent Fulgham
Comment 4
2020-09-01 11:47:19 PDT
(In reply to Brent Fulgham from
comment #3
)
> Comment on
attachment 407693
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=407693&action=review
> > r=me > > > Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:97 > > + extensionFlags |= SANDBOX_EXTENSION_PREFIXMATCH; > > Can you double-check we do not have any other "xpc-service-prefix" rules > that aren't set with this flag?
I just checked and don't see any others.
Per Arne Vollan
Comment 5
2020-09-01 13:02:11 PDT
Created
attachment 407706
[details]
Patch
Per Arne Vollan
Comment 6
2020-09-01 13:10:18 PDT
(In reply to Brent Fulgham from
comment #3
)
> Comment on
attachment 407693
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=407693&action=review
> > r=me > > > Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:97 > > + extensionFlags |= SANDBOX_EXTENSION_PREFIXMATCH; > > Can you double-check we do not have any other "xpc-service-prefix" rules > that aren't set with this flag?
I had to change the patch to issue an array of AGX extensions, since the prefix match did not work as expected. Thanks for reviewing!
Brent Fulgham
Comment 7
2020-09-01 13:27:46 PDT
Comment on
attachment 407706
[details]
Patch r=me. It's a shame we have to handle them individually, but this makes sense.
Per Arne Vollan
Comment 8
2020-09-01 13:30:17 PDT
(In reply to Brent Fulgham from
comment #7
)
> Comment on
attachment 407706
[details]
> Patch > > r=me. It's a shame we have to handle them individually, but this makes sense.
Thanks for reviewing!
EWS
Comment 9
2020-09-01 14:25:48 PDT
Committed
r266411
: <
https://trac.webkit.org/changeset/266411
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 407706
[details]
.
Jon Lee
Comment 10
2020-09-01 16:22:46 PDT
***
Bug 216033
has been marked as a duplicate of this bug. ***
Matt Hutchinson
Comment 11
2020-10-07 02:40:58 PDT
Hi I have seen that this issue has reappeared in iPasOS 14.2 Thanks
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug