In Bug 211188 we added message filter protections to the IOMobileFramebufferUserClient. These were not retained when the GPU Process sandbox was constructed, and need to be. <rdar://problem/68227590>
Created attachment 426863 [details] Patch
Comment on attachment 426863 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=426863&action=review R=me. > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:96 > + (allow (with telemetry) (with message "IOMobileFramebufferUserClient") Is the telemetry needed on the allow rule? Sometimes telemetry for frequently hit rules can cause a perf regression.
(In reply to Per Arne Vollan from comment #2) > Comment on attachment 426863 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=426863&action=review > > R=me. > > > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:96 > > + (allow (with telemetry) (with message "IOMobileFramebufferUserClient") > > Is the telemetry needed on the allow rule? Sometimes telemetry for > frequently hit rules can cause a perf regression. Good point -- I'll remove it. This telemetry is in the WebContent version of this (perhaps not used anymore). Maybe we should remove it there, too?
Created attachment 426875 [details] Patch
Comment on attachment 426875 [details] Patch R=me.
Comment on attachment 426875 [details] Patch Patch was also validated in manual testing on device.
Committed r276515 (236971@main): <https://commits.webkit.org/236971@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 426875 [details].