Diff
Modified: trunk/Source/WebCore/ChangeLog (276643 => 276644)
--- trunk/Source/WebCore/ChangeLog 2021-04-27 16:40:45 UTC (rev 276643)
+++ trunk/Source/WebCore/ChangeLog 2021-04-27 17:08:25 UTC (rev 276644)
@@ -1,3 +1,24 @@
+2021-04-27 Brent Fulgham <[email protected]>
+
+ [iOS] [GPU] The UI process should issue the mach sandbox extension to 'com.apple.AGXCompilerService'
+ https://bugs.webkit.org/show_bug.cgi?id=225004
+ <rdar://problem/68362930>
+
+ Reviewed by Darin Adler.
+
+ In Bug 203915 and Bug 210616 we did work to only extend access to AGX-related graphics facilities on relevant hardware. This was
+ lost in the transition to the GPU Process and should be added back.
+
+ This change moves the definition of the AGX-related services and IOKit classes to the AGXCompilerService compilation unit so that
+ it can be shared by the WebContent and GPUProcess code paths.
+
+ Tested by existing graphics tests.
+
+ * platform/cocoa/AGXCompilerService.cpp:
+ (WebCore::agxCompilerServices):
+ (WebCore::agxCompilerClasses):
+ * platform/cocoa/AGXCompilerService.h:
+
2021-04-27 Antoine Quint <[email protected]>
Correctly interpolate stroke-dasharray in the discrete case
Modified: trunk/Source/WebCore/platform/cocoa/AGXCompilerService.cpp (276643 => 276644)
--- trunk/Source/WebCore/platform/cocoa/AGXCompilerService.cpp 2021-04-27 16:40:45 UTC (rev 276643)
+++ trunk/Source/WebCore/platform/cocoa/AGXCompilerService.cpp 2021-04-27 17:08:25 UTC (rev 276644)
@@ -1,5 +1,5 @@
/*
-* Copyright (C) 2020 Apple Inc. All rights reserved.
+* Copyright (C) 2020-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -29,7 +29,9 @@
#if PLATFORM(IOS_FAMILY)
#include <sys/utsname.h>
+#include <wtf/NeverDestroyed.h>
#include <wtf/Optional.h>
+#include <wtf/text/ASCIILiteral.h>
namespace WebCore {
@@ -57,6 +59,34 @@
return *hasAGXCompilerService;
}
+const Vector<ASCIILiteral>& agxCompilerServices()
+{
+ ASSERT(isMainRunLoop());
+ static const auto services = makeNeverDestroyed(Vector<ASCIILiteral> {
+ "com.apple.AGXCompilerService"_s,
+ "com.apple.AGXCompilerService-S2A8"_s
+ });
+ return services;
}
+const Vector<ASCIILiteral>& agxCompilerClasses()
+{
+ ASSERT(isMainRunLoop());
+ static const auto iokitClasses = makeNeverDestroyed(Vector<ASCIILiteral> {
+ "AGXCommandQueue"_s,
+ "AGXDevice"_s,
+ "AGXSharedUserClient"_s,
+ "IOAccelContext"_s,
+ "IOAccelContext2"_s,
+ "IOAccelDevice"_s,
+ "IOAccelDevice2"_s,
+ "IOAccelSharedUserClient"_s,
+ "IOAccelSharedUserClient2"_s,
+ "IOAccelSubmitter2"_s,
+ });
+ return iokitClasses;
+}
+
+}
+
#endif
Modified: trunk/Source/WebCore/platform/cocoa/AGXCompilerService.h (276643 => 276644)
--- trunk/Source/WebCore/platform/cocoa/AGXCompilerService.h 2021-04-27 16:40:45 UTC (rev 276643)
+++ trunk/Source/WebCore/platform/cocoa/AGXCompilerService.h 2021-04-27 17:08:25 UTC (rev 276644)
@@ -1,5 +1,5 @@
/*
-* Copyright (C) 2020 Apple Inc. All rights reserved.
+* Copyright (C) 2020-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -25,9 +25,17 @@
#pragma once
+#if PLATFORM(IOS_FAMILY)
+
+#include <wtf/Forward.h>
+
namespace WebCore {
WEBCORE_EXPORT bool deviceHasAGXCompilerService();
WEBCORE_EXPORT void setDeviceHasAGXCompilerServiceForTesting();
+WEBCORE_EXPORT const Vector<ASCIILiteral>& agxCompilerServices();
+WEBCORE_EXPORT const Vector<ASCIILiteral>& agxCompilerClasses();
}
+
+#endif
Modified: trunk/Source/WebKit/ChangeLog (276643 => 276644)
--- trunk/Source/WebKit/ChangeLog 2021-04-27 16:40:45 UTC (rev 276643)
+++ trunk/Source/WebKit/ChangeLog 2021-04-27 17:08:25 UTC (rev 276644)
@@ -1,3 +1,41 @@
+2021-04-27 Brent Fulgham <[email protected]>
+
+ [iOS] [GPU] The UI process should issue the mach sandbox extension to 'com.apple.AGXCompilerService'
+ https://bugs.webkit.org/show_bug.cgi?id=225004
+ <rdar://problem/68362930>
+
+ Reviewed by Darin Adler.
+
+ In Bug 203915 and Bug 210616 we did work to only extend access to AGX-related graphics facilities on relevant hardware. This was
+ lost in the transition to the GPU Process and should be added back.
+
+ This change does the following:
+ 1. Adds sandbox extension handles for the AGX-related compiler services and IOKit classes to the GPUProcess creation parameters.
+ 2. Updates the GPUProcessProxy to extend AGX features when warranted and add them to the creation parameter structure.
+ 3. Updates the GPUProcess to consume the extensions (when granted).
+ 4. Updates the WebProcessPool to use the WebCore version of the 'agxCompilerClasses' and 'agxCompilerServices' functions.
+ 5. Moves the 'agxCompilerClasses' and 'agxCompilerServices' functions to WebCore, alongside the other AGX functions.
+
+ It also corrects the sandbox rule for the AGXCompilerService in the GPU Process sandbox, which incorrectly called it a 'global-name',
+ when it is an xpc-service.
+
+ Tested by existing graphics tests.
+
+ * GPUProcess/GPUProcess.cpp:
+ (WebKit::GPUProcess::initializeGPUProcess):
+ * GPUProcess/GPUProcessCreationParameters.cpp:
+ (WebKit::GPUProcessCreationParameters::encode const):
+ (WebKit::GPUProcessCreationParameters::decode):
+ * GPUProcess/GPUProcessCreationParameters.h:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb: Correct AGX compiler service type.
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::nonBrowserServices):
+ (WebKit::WebProcessPool::platformInitializeWebProcess):
+ (WebKit::agxCompilerClasses): Deleted.
+ (WebKit::agxCompilerServices): Deleted.
+ * UIProcess/GPU/GPUProcessProxy.cpp:
+ (WebKit::GPUProcessProxy::GPUProcessProxy):
+
2021-04-27 Chris Fleizach <[email protected]>
AX: Smart invert>Safari>images & other colors improperly invert
Modified: trunk/Source/WebKit/GPUProcess/GPUProcess.cpp (276643 => 276644)
--- trunk/Source/WebKit/GPUProcess/GPUProcess.cpp 2021-04-27 16:40:45 UTC (rev 276643)
+++ trunk/Source/WebKit/GPUProcess/GPUProcess.cpp 2021-04-27 17:08:25 UTC (rev 276644)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2019-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -220,6 +220,10 @@
SandboxExtension::consumePermanently(parameters.containerCachesDirectoryExtensionHandle);
SandboxExtension::consumePermanently(parameters.containerTemporaryDirectoryExtensionHandle);
#endif
+#if PLATFORM(IOS_FAMILY)
+ SandboxExtension::consumePermanently(parameters.compilerServiceExtensionHandles);
+ SandboxExtension::consumePermanently(parameters.dynamicIOKitExtensionHandles);
+#endif
#if HAVE(CGIMAGESOURCE_WITH_SET_ALLOWABLE_TYPES)
auto emptyArray = adoptCF(CFArrayCreate(kCFAllocatorDefault, nullptr, 0, &kCFTypeArrayCallBacks));
Modified: trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp (276643 => 276644)
--- trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp 2021-04-27 16:40:45 UTC (rev 276643)
+++ trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp 2021-04-27 17:08:25 UTC (rev 276644)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2019-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -61,6 +61,10 @@
encoder << containerCachesDirectoryExtensionHandle;
encoder << containerTemporaryDirectoryExtensionHandle;
#endif
+#if PLATFORM(IOS_FAMILY)
+ encoder << compilerServiceExtensionHandles;
+ encoder << dynamicIOKitExtensionHandles;
+#endif
}
bool GPUProcessCreationParameters::decode(IPC::Decoder& decoder, GPUProcessCreationParameters& result)
@@ -101,7 +105,20 @@
return false;
result.containerTemporaryDirectoryExtensionHandle = WTFMove(*containerTemporaryDirectoryExtensionHandle);
#endif
+#if PLATFORM(IOS_FAMILY)
+ Optional<SandboxExtension::HandleArray> compilerServiceExtensionHandles;
+ decoder >> compilerServiceExtensionHandles;
+ if (!compilerServiceExtensionHandles)
+ return false;
+ result.compilerServiceExtensionHandles = WTFMove(*compilerServiceExtensionHandles);
+ Optional<SandboxExtension::HandleArray> dynamicIOKitExtensionHandles;
+ decoder >> dynamicIOKitExtensionHandles;
+ if (!dynamicIOKitExtensionHandles)
+ return false;
+ result.dynamicIOKitExtensionHandles = WTFMove(*dynamicIOKitExtensionHandles);
+#endif
+
return true;
}
Modified: trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.h (276643 => 276644)
--- trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.h 2021-04-27 16:40:45 UTC (rev 276643)
+++ trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.h 2021-04-27 17:08:25 UTC (rev 276644)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2019-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -59,6 +59,10 @@
SandboxExtension::Handle containerCachesDirectoryExtensionHandle;
SandboxExtension::Handle containerTemporaryDirectoryExtensionHandle;
#endif
+#if PLATFORM(IOS_FAMILY)
+ SandboxExtension::HandleArray compilerServiceExtensionHandles;
+ SandboxExtension::HandleArray dynamicIOKitExtensionHandles;
+#endif
void encode(IPC::Encoder&) const;
static WARN_UNUSED_RETURN bool decode(IPC::Decoder&, GPUProcessCreationParameters&);
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (276643 => 276644)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2021-04-27 16:40:45 UTC (rev 276643)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2021-04-27 17:08:25 UTC (rev 276644)
@@ -1,4 +1,4 @@
-; Copyright (C) 2010-2019 Apple Inc. All rights reserved.
+; Copyright (C) 2010-2021 Apple Inc. All rights reserved.
;
; Redistribution and use in source and binary forms, with or without
; modification, are permitted provided that the following conditions
@@ -257,12 +257,12 @@
;;; Declare that the application uses the OpenGL, Metal, and CoreML hardware & frameworks.
;;;
(define-once (opengl)
- (allow iokit-open
+ ;; Items not seen in testing
+ (deny iokit-open (with telemetry)
(iokit-connection "IOGPU")
(iokit-user-client-class
"AGXCommandQueue"
"AGXDevice"
- "AGXDeviceUserClient"
"AGXSharedUserClient"
"IOAccelContext"
"IOAccelDevice"
@@ -272,6 +272,11 @@
"IOAccelDevice2"
"IOAccelSharedUserClient2"))
+ (allow iokit-open
+ (iokit-connection "IOGPU")
+ (iokit-user-client-class
+ "AGXDeviceUserClient"))
+
(allow iokit-get-properties
(iokit-property "IOGLBundleName")
(iokit-property "IOGLESBundleName")
@@ -284,9 +289,6 @@
(allow sysctl-read
(sysctl-name #"kern.bootsessionuuid"))
- (allow mach-lookup (with report) (with telemetry)
- (xpc-service-name-prefix "com.apple.AGXCompilerService"))
-
(allow mach-lookup
;; <rdar://problem/47268166>
(xpc-service-name "com.apple.MTLCompilerService"))
@@ -940,6 +942,24 @@
(literal "/usr/local/lib/log") ; <rdar://problem/36629495>
)
+(allow iokit-open
+ (require-all
+ (extension "com.apple.webkit.extension.iokit")
+ (iokit-user-client-class
+ "AGXCommandQueue"
+ "AGXDevice"
+ "AGXSharedUserClient"
+ "IOAccelContext"
+ "IOAccelDevice"
+ "IOAccelSharedUserClient"
+ "IOAccelSubmitter2"
+ "IOAccelContext2"
+ "IOAccelDevice2"
+ "IOAccelSharedUserClient2"
+ )
+ )
+)
+
(deny mach-lookup (with no-log)
(xpc-service-name "com.apple.audio.toolbox.reporting.service")
)
@@ -947,8 +967,13 @@
(allow mach-lookup
(require-all
(extension "com.apple.webkit.extension.mach")
- (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.AGXCompilerService")))
+ (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd")))
+(allow mach-lookup
+ (require-all
+ (extension "com.apple.webkit.extension.mach")
+ (xpc-service-name-prefix "com.apple.AGXCompilerService")))
+
(media-capture-support)
(allow mach-lookup
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (276643 => 276644)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2021-04-27 16:40:45 UTC (rev 276643)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2021-04-27 17:08:25 UTC (rev 276644)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2020 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -234,38 +234,8 @@
});
return services;
}
-
-static const Vector<ASCIILiteral>& agxCompilerClasses()
-{
- ASSERT(isMainRunLoop());
- static const auto iokitClasses = makeNeverDestroyed(Vector<ASCIILiteral> {
- "AGXCommandQueue"_s,
- "AGXDevice"_s,
- "AGXSharedUserClient"_s,
- "IOAccelContext"_s,
- "IOAccelContext2"_s,
- "IOAccelDevice"_s,
- "IOAccelDevice2"_s,
- "IOAccelSharedUserClient"_s,
- "IOAccelSharedUserClient2"_s,
- "IOAccelSubmitter2"_s,
- });
- return iokitClasses;
-}
#endif
-#if PLATFORM(IOS)
-static const Vector<ASCIILiteral>& agxCompilerServices()
-{
- ASSERT(isMainRunLoop());
- static const auto services = makeNeverDestroyed(Vector<ASCIILiteral> {
- "com.apple.AGXCompilerService"_s,
- "com.apple.AGXCompilerService-S2A8"_s
- });
- return services;
-}
-#endif
-
static const Vector<ASCIILiteral>& diagnosticServices()
{
ASSERT(isMainRunLoop());
@@ -403,7 +373,7 @@
#if PLATFORM(IOS)
if (WebCore::deviceHasAGXCompilerService())
- parameters.compilerServiceExtensionHandles = SandboxExtension::createHandlesForMachLookup(agxCompilerServices(), WTF::nullopt);
+ parameters.compilerServiceExtensionHandles = SandboxExtension::createHandlesForMachLookup(WebCore::agxCompilerServices(), WTF::nullopt);
#endif
#if PLATFORM(IOS_FAMILY)
@@ -411,7 +381,7 @@
parameters.dynamicMachExtensionHandles = SandboxExtension::createHandlesForMachLookup(nonBrowserServices(), WTF::nullopt);
if (WebCore::deviceHasAGXCompilerService())
- parameters.dynamicIOKitExtensionHandles = SandboxExtension::createHandlesForIOKitClassExtensions(agxCompilerClasses(), WTF::nullopt);
+ parameters.dynamicIOKitExtensionHandles = SandboxExtension::createHandlesForIOKitClassExtensions(WebCore::agxCompilerClasses(), WTF::nullopt);
#endif
if (isInternalInstall())
Modified: trunk/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp (276643 => 276644)
--- trunk/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp 2021-04-27 16:40:45 UTC (rev 276643)
+++ trunk/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp 2021-04-27 17:08:25 UTC (rev 276644)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2019-2020 Apple Inc. All rights reserved.
+ * Copyright (C) 2019-2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -51,6 +51,7 @@
#include <wtf/TranslatedProcess.h>
#if PLATFORM(IOS_FAMILY)
+#include <WebCore/AGXCompilerService.h>
#include <wtf/spi/darwin/XPCSPI.h>
#endif
@@ -188,6 +189,12 @@
if (!containerTemporaryDirectory.isEmpty())
SandboxExtension::createHandleWithoutResolvingPath(containerTemporaryDirectory, SandboxExtension::Type::ReadWrite, parameters.containerTemporaryDirectoryExtensionHandle);
#endif
+#if PLATFORM(IOS_FAMILY)
+ if (WebCore::deviceHasAGXCompilerService()) {
+ parameters.compilerServiceExtensionHandles = SandboxExtension::createHandlesForMachLookup(WebCore::agxCompilerServices(), WTF::nullopt);
+ parameters.dynamicIOKitExtensionHandles = SandboxExtension::createHandlesForIOKitClassExtensions(WebCore::agxCompilerClasses(), WTF::nullopt);
+ }
+#endif
// Initialize the GPU process.
send(Messages::GPUProcess::InitializeGPUProcess(parameters), 0);
