RESOLVED FIXED224956
[iOS] GPU Process sandbox lacks IOMobileFramebufferUserClient method filter 
https://bugs.webkit.org/show_bug.cgi?id=224956
Summary [iOS] GPU Process sandbox lacks IOMobileFramebufferUserClient method filter
Brent Fulgham
Reported 2021-04-22 16:15:05 PDT
In Bug 211188 we added message filter protections to the IOMobileFramebufferUserClient. These were not retained when the GPU Process sandbox was constructed, and need to be. <rdar://problem/68227590>
Attachments
Patch (2.17 KB, patch)
2021-04-22 16:25 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch (3.02 KB, patch)
2021-04-22 17:27 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2021-04-22 16:25:08 PDT
Created attachment 426863 [details] Patch
Per Arne Vollan
Comment 2 2021-04-22 16:31:35 PDT
Comment on attachment 426863 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=426863&action=review R=me. > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:96 > + (allow (with telemetry) (with message "IOMobileFramebufferUserClient") Is the telemetry needed on the allow rule? Sometimes telemetry for frequently hit rules can cause a perf regression.
Brent Fulgham
Comment 3 2021-04-22 17:08:57 PDT
(In reply to Per Arne Vollan from comment #2) > Comment on attachment 426863 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=426863&action=review > > R=me. > > > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:96 > > + (allow (with telemetry) (with message "IOMobileFramebufferUserClient") > > Is the telemetry needed on the allow rule? Sometimes telemetry for > frequently hit rules can cause a perf regression. Good point -- I'll remove it. This telemetry is in the WebContent version of this (perhaps not used anymore). Maybe we should remove it there, too?
Brent Fulgham
Comment 4 2021-04-22 17:27:38 PDT
Created attachment 426875 [details] Patch
Per Arne Vollan
Comment 5 2021-04-22 17:39:14 PDT
Comment on attachment 426875 [details] Patch R=me.
Brent Fulgham
Comment 6 2021-04-23 12:59:26 PDT
Comment on attachment 426875 [details] Patch Patch was also validated in manual testing on device.
EWS
Comment 7 2021-04-23 13:11:47 PDT
Committed r276515 (236971@main): <https://commits.webkit.org/236971@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 426875 [details].
Note You need to log in before you can comment on or make changes to this bug.