Bug 216042

Summary: [iOS] AGX compiler service sandbox violation
Product: WebKit Reporter: Per Arne Vollan <pvollan>
Component: WebKit Misc.Assignee: Per Arne Vollan <pvollan>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, bfulgham, cdumez, cmarcelo, ews-watchlist, matt, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=203915
Attachments:
Description Flags
Patch
none
Patch none

Description Per Arne Vollan 2020-09-01 10:04:33 PDT 
For a set of devices, mach-lookup sandbox violations have been observed for an AGX compiler service. For these devices, we currently issue an extension for one AGX compiler service, but this is not sufficient since this is an exact match. The extension should match the prefix of the service name provided.
Comment 1 Per Arne Vollan 2020-09-01 10:06:25 PDT 
<rdar://problem/68111667>
Comment 2 Per Arne Vollan 2020-09-01 10:28:40 PDT 
Created attachment 407693 [details]
Patch
Comment 3 Brent Fulgham 2020-09-01 11:43:32 PDT 
Comment on attachment 407693 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=407693&action=review

r=me

> Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:97
> +            extensionFlags |= SANDBOX_EXTENSION_PREFIXMATCH;

Can you double-check we do not have any other "xpc-service-prefix" rules that aren't set with this flag?
Comment 4 Brent Fulgham 2020-09-01 11:47:19 PDT 
(In reply to Brent Fulgham from comment #3)
> Comment on attachment 407693 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=407693&action=review
> 
> r=me
> 
> > Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:97
> > +            extensionFlags |= SANDBOX_EXTENSION_PREFIXMATCH;
> 
> Can you double-check we do not have any other "xpc-service-prefix" rules
> that aren't set with this flag?

I just checked and don't see any others.
Comment 5 Per Arne Vollan 2020-09-01 13:02:11 PDT 
Created attachment 407706 [details]
Patch
Comment 6 Per Arne Vollan 2020-09-01 13:10:18 PDT 
(In reply to Brent Fulgham from comment #3)
> Comment on attachment 407693 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=407693&action=review
> 
> r=me
> 
> > Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:97
> > +            extensionFlags |= SANDBOX_EXTENSION_PREFIXMATCH;
> 
> Can you double-check we do not have any other "xpc-service-prefix" rules
> that aren't set with this flag?

I had to change the patch to issue an array of AGX extensions, since the prefix match did not work as expected.

Thanks for reviewing!
Comment 7 Brent Fulgham 2020-09-01 13:27:46 PDT 
Comment on attachment 407706 [details]
Patch

r=me. It's a shame we have to handle them individually, but this makes sense.
Comment 8 Per Arne Vollan 2020-09-01 13:30:17 PDT 
(In reply to Brent Fulgham from comment #7)
> Comment on attachment 407706 [details]
> Patch
> 
> r=me. It's a shame we have to handle them individually, but this makes sense.

Thanks for reviewing!
Comment 9 EWS 2020-09-01 14:25:48 PDT 
Committed r266411: <https://trac.webkit.org/changeset/266411>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 407706 [details].
Comment 10 Jon Lee 2020-09-01 16:22:46 PDT 
*** Bug 216033 has been marked as a duplicate of this bug. ***
Comment 11 Matt Hutchinson 2020-10-07 02:40:58 PDT 
Hi I have seen that this issue has reappeared in iPasOS 14.2

Thanks