Skip to content

Entitlements for NetworkProcess to enable automatic memgraph diagnostics#51026

Merged
webkit-commit-queue merged 1 commit intoWebKit:mainfrom
nakulbajaj:eng/Entitlements-for-NetworkProcess-to-enable-automatic-memgraph-diagnostics
Sep 30, 2025
Merged

Entitlements for NetworkProcess to enable automatic memgraph diagnostics#51026
webkit-commit-queue merged 1 commit intoWebKit:mainfrom
nakulbajaj:eng/Entitlements-for-NetworkProcess-to-enable-automatic-memgraph-diagnostics

Conversation

@nakulbajaj
Copy link
Contributor

@nakulbajaj nakulbajaj commented Sep 19, 2025
edited by webkit-early-warning-system
Loading

b5c5c88

Entitlements for NetworkProcess to enable automatic memgraph diagnostics
https://bugs.webkit.org/show_bug.cgi?id=299196
rdar://160955078

Reviewed by Per Arne Vollan and Ryan Reno.

Allows NetworkProcess to use ReportMemoryException to diagnose memory-related crashes.

* Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
* Source/WebKit/Scripts/process-entitlements.sh:

Canonical link: https://commits.webkit.org/300774@main

e5b53a7

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 webkitpy ✅ 🧪 ios-wk2-wpt ✅ 🛠 wpe-cairo
✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🛠 🧪 merge ✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 🛠 playstation
✅ 🛠 tv ✅ 🛠 mac-safer-cpp
✅ 🛠 tv-sim
✅ 🛠 watch
✅ 🛠 watch-sim

@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Sep 19, 2025
edited
Loading

EWS run on previous version of this PR (hash ce19436)

Details

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe 🛠 win
✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 webkitpy ✅ 🧪 ios-wk2-wpt ✅ 🛠 wpe-cairo
✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 🛠 playstation
✅ 🛠 tv ✅ 🛠 mac-safer-cpp
✅ 🛠 tv-sim
✅ 🛠 watch
✅ 🛠 watch-sim

pvollan
pvollan reviewed Sep 19, 2025
View reviewed changes
Source/WebKit/Scripts/process-entitlements.sh Outdated
Comment on lines +186 to +187
plistbuddy Add :com.apple.security.exception.mach-lookup.global-name array
plistbuddy Add :com.apple.security.exception.mach-lookup.global-name:0 string com.apple.ReportMemoryException
Copy link
Contributor

@pvollan pvollan Sep 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be good to add these to the Networking process sandbox, instead of using an entitlement. That way, we have the allowed mach lookups gathered in one place. It would also be good if we could only allow this on internal builds.

@nakulbajaj nakulbajaj force-pushed the eng/Entitlements-for-NetworkProcess-to-enable-automatic-memgraph-diagnostics branch from ce19436 to 759c3cb Compare September 19, 2025 21:49
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Sep 19, 2025
edited
Loading

EWS run on previous version of this PR (hash 759c3cb)

Details

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe 🛠 win
✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug 🧪 wpe-wk2 🧪 win-tests
✅ 🧪 webkitperl 🧪 ios-wk2 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 webkitpy 🧪 ios-wk2-wpt ✅ 🛠 wpe-cairo
🧪 api-ios 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 🧪 gtk-wk2
✅ 🛠 vision-sim 🧪 mac-wk2-stress 🧪 api-gtk
🧪 vision-wk2 🧪 mac-intel-wk2 🛠 playstation
✅ 🛠 tv 🛠 mac-safer-cpp
✅ 🛠 tv-sim
🛠 watch
✅ 🛠 watch-sim

@nakulbajaj
Copy link
Contributor Author

nakulbajaj commented Sep 19, 2025

As @pvollan alluded to, this is gated to internal builds only. Reversal of the additional entitlement and sandbox changes will occur as part of rdar://160965793 as soon as we're able to collect actionable memgraphs.

@nakulbajaj nakulbajaj force-pushed the eng/Entitlements-for-NetworkProcess-to-enable-automatic-memgraph-diagnostics branch from 759c3cb to c556662 Compare September 19, 2025 22:30
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Sep 19, 2025
edited
Loading

EWS run on previous version of this PR (hash c556662)

Details

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ✅ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 webkitpy ✅ 🧪 ios-wk2-wpt ✅ 🛠 wpe-cairo
✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 🛠 playstation
✅ 🛠 tv ✅ 🛠 mac-safer-cpp
✅ 🛠 tv-sim
✅ 🛠 watch
✅ 🛠 watch-sim

@aproskuryakov aproskuryakov requested a review from rreno September 20, 2025 01:56
@rreno
Copy link
Member

rreno commented Sep 20, 2025

Thanks. LGTM. Gating to internal builds makes sense.

You'll need to remove this line from the commit message for the bot to land this change.

No new tests (OOPS!).

@nakulbajaj nakulbajaj force-pushed the eng/Entitlements-for-NetworkProcess-to-enable-automatic-memgraph-diagnostics branch from c556662 to 13df5a3 Compare September 29, 2025 19:40
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Sep 29, 2025
edited
Loading

EWS run on previous version of this PR (hash 13df5a3)

Details

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ❌ 🧪 wpe-wk2 ✅ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 webkitpy ✅ 🧪 ios-wk2-wpt ✅ 🛠 wpe-cairo
✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 🛠 playstation
✅ 🛠 tv ✅ 🛠 mac-safer-cpp
✅ 🛠 tv-sim
✅ 🛠 watch
✅ 🛠 watch-sim

@webkit-ews-buildbot webkit-ews-buildbot added the merging-blocked Applied to prevent a change from being merged label Sep 29, 2025
@nakulbajaj nakulbajaj force-pushed the eng/Entitlements-for-NetworkProcess-to-enable-automatic-memgraph-diagnostics branch from 13df5a3 to e5b53a7 Compare September 30, 2025 15:04
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Sep 30, 2025
edited
Loading

EWS run on current version of this PR (hash e5b53a7)

Details

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 webkitpy ✅ 🧪 ios-wk2-wpt ✅ 🛠 wpe-cairo
✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🛠 🧪 merge ✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 🛠 playstation
✅ 🛠 tv ✅ 🛠 mac-safer-cpp
✅ 🛠 tv-sim
✅ 🛠 watch
✅ 🛠 watch-sim

@rreno rreno removed the merging-blocked Applied to prevent a change from being merged label Sep 30, 2025
rreno
rreno reviewed Sep 30, 2025
View reviewed changes
Copy link
Member

@rreno rreno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rreno rreno added the merge-queue Applied to send a pull request to merge-queue label Sep 30, 2025
@nakulbajaj @rreno
Entitlements for NetworkProcess to enable automatic memgraph diagnostics
b5c5c88 
https://bugs.webkit.org/show_bug.cgi?id=299196
rdar://160955078

Reviewed by Per Arne Vollan and Ryan Reno.

Allows NetworkProcess to use ReportMemoryException to diagnose memory-related crashes.

* Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
* Source/WebKit/Scripts/process-entitlements.sh:

Canonical link: https://commits.webkit.org/300774@main
@webkit-commit-queue webkit-commit-queue force-pushed the eng/Entitlements-for-NetworkProcess-to-enable-automatic-memgraph-diagnostics branch from e5b53a7 to b5c5c88 Compare September 30, 2025 20:03
@webkit-commit-queue
Copy link
Collaborator

webkit-commit-queue commented Sep 30, 2025

Committed 300774@main (b5c5c88): https://commits.webkit.org/300774@main

Reviewed commits have been landed. Closing PR #51026 and removing active labels.

@webkit-commit-queue webkit-commit-queue merged commit b5c5c88 into WebKit:main Sep 30, 2025
@webkit-commit-queue webkit-commit-queue removed the merge-queue Applied to send a pull request to merge-queue label Sep 30, 2025
@nakulbajaj nakulbajaj deleted the eng/Entitlements-for-NetworkProcess-to-enable-automatic-memgraph-diagnostics branch January 9, 2026 22:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pvollan pvollan pvollan approved these changes

@rreno rreno rreno approved these changes

@brentfulgham brentfulgham Awaiting requested review from brentfulgham brentfulgham is a code owner

Assignees

@nakulbajaj nakulbajaj

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@nakulbajaj @webkit-early-warning-system @rreno @webkit-commit-queue @pvollan @webkit-ews-buildbot