RESOLVED FIXED 217733
[iOS] Allow additional sysctl reads needed by image decoding 
https://bugs.webkit.org/show_bug.cgi?id=217733
Summary [iOS] Allow additional sysctl reads needed by image decoding
Brent Fulgham
Reported 2020-10-14 15:02:18 PDT
Telemetry on iOS 14 shows that we are hitting some sandbox violations during image decoding: hw.byteorder hw.cachelinesize_compat hw.vectorunit We also see that this is being read, but not used, so we can just silence the warning: hw.cpufrequency_compat
Attachments
Patch (2.26 KB, patch)
2020-10-14 15:09 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2020-10-14 15:02:48 PDT
<rdar://problem/68649171>
Brent Fulgham
Comment 2 2020-10-14 15:09:10 PDT
Created attachment 411377 [details] Patch
Per Arne Vollan
Comment 3 2020-10-14 15:11:09 PDT
Comment on attachment 411377 [details] Patch R=me.
Alexey Proskuryakov
Comment 4 2020-10-14 17:54:05 PDT
Comment on attachment 411377 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=411377&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:647 > + "hw.cpufrequency_compat" > + "sysctl.proc_native")) It would be useful to have comments with radar numbers that track removing the need for these. It's not great to have deny-with-no-report rules. We add them for cases that we know is benign, but once they are in the profile, they start affecting all future scenarios, some of which can result in hard to diagnose bugs.
EWS
Comment 5 2020-10-14 20:24:24 PDT
Committed r268507: <https://trac.webkit.org/changeset/268507> All reviewed patches have been landed. Closing bug and clearing flags on attachment 411377 [details].
Note You need to log in before you can comment on or make changes to this bug.