197924 2019-05-15 13:28:35 -0700 Revise sandbox to allow IOKit properties needed by Metal and LaunchServices 2019-05-15 15:27:26 -0700 1 1 1 Unclassified WebKit WebKit Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 bfulgham bfulgham achristensen bfulgham eric.carlson pvollan webkit-bug-importer oldest_to_newest 1536561 0 bfulgham 2019-05-15 13:28:35 -0700 Review of test logs have shown the following sandbox violations that could result in reduced performance or slower launch times: Sandbox: com.apple.WebKit() deny(1) iokit-get-properties od-server-name Sandbox: com.apple.WebKit() deny(1) iokit-get-properties image-path Sandbox: com.apple.WebKit() deny(1) iokit-get-properties filevault-image Sandbox: com.apple.WebKit() deny(1) iokit-get-properties ATY,FamilyName Sandbox: com.apple.WebKit() deny(1) iokit-get-properties ATY,DeviceName We should allow these accesses. 1536563 1 webkit-bug-importer 2019-05-15 13:29:17 -0700 <rdar://problem/50823976> 1536566 2 369988 bfulgham 2019-05-15 13:30:36 -0700 Created attachment 369988 Patch 1536568 3 369988 pvollan 2019-05-15 13:40:10 -0700 Comment on attachment 369988 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=369988&action=review Looks good! R=me. > Source/WebKit/ChangeLog:5 > + Revise sandbox to allow IOKit properties needed by Metal and LaunchServices > + https://bugs.webkit.org/show_bug.cgi?id=197924 > + Do we have a Radar? 1536622 4 bfulgham 2019-05-15 15:27:26 -0700 Committed r245360: <https://trac.webkit.org/changeset/245360> 369988 2019-05-15 13:30:36 -0700 2019-05-15 15:26:22 -0700 Patch bug-197924-20190515133035.patch text/plain 2664 bfulgham U3VidmVyc2lvbiBSZXZpc2lvbjogMjQ1Mjg0CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IDViYTUzM2ZkNDYyYWFmN2E3 OGYwMWEzOTNlYTgzOGRkNzI3M2U2NDUuLjZhYzU3MzhiZDg4NzYzZWVkYmUwZDc4NjZmYjY4YWFi NmY2MThiNWQgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTUgQEAKKzIwMTktMDUtMTUgIEJyZW50IEZ1 bGdoYW0gIDxiZnVsZ2hhbUBhcHBsZS5jb20+CisKKyAgICAgICAgUmV2aXNlIHNhbmRib3ggdG8g YWxsb3cgSU9LaXQgcHJvcGVydGllcyBuZWVkZWQgYnkgTWV0YWwgYW5kIExhdW5jaFNlcnZpY2Vz CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xOTc5MjQK KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBVcGRhdGUg c2FuZGJveCB0byBhbGxvdyBhY2Nlc3MgdG8gc29tZSBJT0tpdCBwcm9wZXJ0aWVzIHRvIGF2b2lk IHNhbmRib3ggdmlvbGF0aW9ucyB0aGF0IGNvdWxkCisgICAgICAgIGxvd2VyIHBlcmZvcm1hbmNl IG9yIGluY3JlYXNlIGxhdW5jaCB0aW1lczoKKworICAgICAgICAqIFdlYlByb2Nlc3MvY29tLmFw cGxlLldlYlByb2Nlc3Muc2IuaW46CisKIDIwMTktMDUtMTQgIEJyZW50IEZ1bGdoYW0gIDxiZnVs Z2hhbUBhcHBsZS5jb20+CiAKICAgICAgICAgUHJvdGVjdCBjdXJyZW50IFdlYkZyYW1lIGR1cmlu ZyBmb3JtIHN1Ym1pc3Npb24KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQvV2ViUHJvY2Vzcy9j b20uYXBwbGUuV2ViUHJvY2Vzcy5zYi5pbiBiL1NvdXJjZS9XZWJLaXQvV2ViUHJvY2Vzcy9jb20u YXBwbGUuV2ViUHJvY2Vzcy5zYi5pbgppbmRleCBlYWIyNTRlZGMwMThmMzMxNzBjZjkyMzA3NzYy ZTNjZTliNGU0OGI2Li4yYzZjYTU1Y2Q1YjczZmNjZmZhNWNiMTk5NTg0ODQxYTgzNDg1MzQ3IDEw MDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0L1dlYlByb2Nlc3MvY29tLmFwcGxlLldlYlByb2Nlc3Mu c2IuaW4KKysrIGIvU291cmNlL1dlYktpdC9XZWJQcm9jZXNzL2NvbS5hcHBsZS5XZWJQcm9jZXNz LnNiLmluCkBAIC0yMTEsNiArMjExLDggQEAKICAgICAoaW9raXQtcHJvcGVydHktcmVnZXggIyJB cHBsZShHVkFLZXlEb2VzTm90RXhpc3R8SW50ZWxNRVZBQnVuZGxlTmFtZSkiKQogICAgIChpb2tp dC1wcm9wZXJ0eS1yZWdleCAjIl5BQVBMLChEaXNwbGF5UGlwZXxPcGVuQ0xkaXNhYmxlZHxJT0dy YXBoaWNzX0xFUih8X1JlZ1RhZ18xfF9SZWdUYWdfMHxfQnVzeV8yKXxhbGlhcy1wb2xpY3l8Ym9v dC1kaXNwbGF5fGRpc3BsYXktYWxpYXN8bXV4LXN3aXRjaC1zdGF0ZXxuZHJ2LWRldnxwcmltYXJ5 LWRpc3BsYXl8c2xvdC1uYW1lKSIpCiAgICAgKGlva2l0LXByb3BlcnR5LXJlZ2V4ICMiXkFUWSwo Y2JpdHN8ZmJfKGxpbmVieXRlc3xvZmZzZXR8c2l6ZSl8aW50cmV2KSIpCisgICAgKGlva2l0LXBy b3BlcnR5ICJBVFksRGV2aWNlTmFtZSIpIDs7IE5lZWRlZCBieSBNZXRhbCBjb21waWxlcnMKKyAg ICAoaW9raXQtcHJvcGVydHkgIkFUWSxGYW1pbHlOYW1lIikgOzsgRGl0dG8KICAgICAoaW9raXQt cHJvcGVydHkgIkFWQ1N1cHBvcnRlZCIpCiAgICAgKGlva2l0LXByb3BlcnR5ICJCYWNrbGlnaHRI YW5kbGUiKQogICAgIChpb2tpdC1wcm9wZXJ0eSAiQmxvY2tTaXplIikKQEAgLTM1MywxNiArMzU1 LDE5IEBACiAgICAgKGlva2l0LXByb3BlcnR5ICJkZXZpY2VfdHlwZSIpCiAgICAgKGlva2l0LXBy b3BlcnR5ICJkcG0iKQogICAgIChpb2tpdC1wcm9wZXJ0eSAiZXJyb3JkYiIpIDs7IE5lZWRlZCBm b3IgT3BlbkdMIG9uIG9sZGVyIGhhcmR3YXJlCisgICAgKGlva2l0LXByb3BlcnR5ICJmaWxldmF1 bHQtaW1hZ2UiKSA7OyBOZWVkZWQgYnkgTGF1bmNoU2VydmljZXMKICAgICAoaW9raXQtcHJvcGVy dHkgImdyYXBoaWMtb3B0aW9ucyIpCiAgICAgKGlva2l0LXByb3BlcnR5ICJoZGEtZ2Z4IikKICAg ICAoaW9raXQtcHJvcGVydHktcmVnZXggIyJeaWQoUHJvZHVjdHxWZW5kb3IpIikKICAgICAoaW9r aXQtcHJvcGVydHkgImlvZmJfdmVyc2lvbiIpCiAgICAgKGlva2l0LXByb3BlcnR5ICJpbWFnZS1l bmNyeXB0ZWQiKQorICAgIChpb2tpdC1wcm9wZXJ0eSAiaW1hZ2UtcGF0aCIpIDs7IE5lZWRlZCBi eSBMYXVuY2hTZXJ2aWNlcwogICAgIChpb2tpdC1wcm9wZXJ0eSAibG9jYXRpb25JRCIpIDs7IE5l ZWRlZCBmb3IgQXVkaW8gc3VwcG9ydCBvbiBvbGRlciBoYXJkd2FyZQogICAgIChpb2tpdC1wcm9w ZXJ0eSAibW9kZWwiKQogICAgIChpb2tpdC1wcm9wZXJ0eSAibXQtZGV2aWNlLWlkIikKICAgICAo aW9raXQtcHJvcGVydHkgIm5hbWUiKQogICAgIChpb2tpdC1wcm9wZXJ0eSAibnYtc3RhdHMiKQor ICAgIChpb2tpdC1wcm9wZXJ0eSAib2Qtc2VydmVyLW5hbWUiKSA7OyBOZWVkZWQgYnkgTGF1bmNo U2VydmljZXMKICAgICAoaW9raXQtcHJvcGVydHktcmVnZXggIyJecGFyc2VyLShvcHRpb25zfHR5 cGUpIikKICAgICAoaW9raXQtcHJvcGVydHktcmVnZXggIyJecGNpKC1hc3BtLWRlZmF1bHR8ZGVi dWcpIikKICAgICAoaW9raXQtcHJvcGVydHkgInBvcnQtbnVtYmVyIikK