Bug 216042 - [iOS] AGX compiler service sandbox violation
Summary: [iOS] AGX compiler service sandbox violation
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Per Arne Vollan
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-09-01 10:04 PDT by Per Arne Vollan
Modified: 2020-10-07 02:40 PDT (History)
7 users (show)

See Also:

Attachments
Patch (4.40 KB, patch)
2020-09-01 10:28 PDT, Per Arne Vollan 		no flags Details | Formatted Diff | Diff
Patch (5.30 KB, patch)
2020-09-01 13:02 PDT, Per Arne Vollan 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Per Arne Vollan 2020-09-01 10:04:33 PDT 
For a set of devices, mach-lookup sandbox violations have been observed for an AGX compiler service. For these devices, we currently issue an extension for one AGX compiler service, but this is not sufficient since this is an exact match. The extension should match the prefix of the service name provided.
Comment 1 Per Arne Vollan 2020-09-01 10:06:25 PDT 
<rdar://problem/68111667>
Comment 2 Per Arne Vollan 2020-09-01 10:28:40 PDT 
Created attachment 407693 [details]
Patch
Comment 3 Brent Fulgham 2020-09-01 11:43:32 PDT 
Comment on attachment 407693 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=407693&action=review

r=me

> Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:97
> +            extensionFlags |= SANDBOX_EXTENSION_PREFIXMATCH;

Can you double-check we do not have any other "xpc-service-prefix" rules that aren't set with this flag?
Comment 4 Brent Fulgham 2020-09-01 11:47:19 PDT 
(In reply to Brent Fulgham from comment #3)
> Comment on attachment 407693 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=407693&action=review
> 
> r=me
> 
> > Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:97
> > +            extensionFlags |= SANDBOX_EXTENSION_PREFIXMATCH;
> 
> Can you double-check we do not have any other "xpc-service-prefix" rules
> that aren't set with this flag?

I just checked and don't see any others.
Comment 5 Per Arne Vollan 2020-09-01 13:02:11 PDT 
Created attachment 407706 [details]
Patch
Comment 6 Per Arne Vollan 2020-09-01 13:10:18 PDT 
(In reply to Brent Fulgham from comment #3)
> Comment on attachment 407693 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=407693&action=review
> 
> r=me
> 
> > Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:97
> > +            extensionFlags |= SANDBOX_EXTENSION_PREFIXMATCH;
> 
> Can you double-check we do not have any other "xpc-service-prefix" rules
> that aren't set with this flag?

I had to change the patch to issue an array of AGX extensions, since the prefix match did not work as expected.

Thanks for reviewing!
Comment 7 Brent Fulgham 2020-09-01 13:27:46 PDT 
Comment on attachment 407706 [details]
Patch

r=me. It's a shame we have to handle them individually, but this makes sense.
Comment 8 Per Arne Vollan 2020-09-01 13:30:17 PDT 
(In reply to Brent Fulgham from comment #7)
> Comment on attachment 407706 [details]
> Patch
> 
> r=me. It's a shame we have to handle them individually, but this makes sense.

Thanks for reviewing!
Comment 9 EWS 2020-09-01 14:25:48 PDT 
Committed r266411: <https://trac.webkit.org/changeset/266411>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 407706 [details].
Comment 10 Jon Lee 2020-09-01 16:22:46 PDT 
*** Bug 216033 has been marked as a duplicate of this bug. ***
Comment 11 Matt Hutchinson 2020-10-07 02:40:58 PDT 
Hi I have seen that this issue has reappeared in iPasOS 14.2

Thanks