[PATCH] D27827: [ObjC] CodeGen support for @available on macOS

Nico Weber via cfe-commits cfe-commits at lists.llvm.org
Thu Aug 3 08:04:12 PDT 2017 

On Thu, Aug 3, 2017 at 4:13 AM, Alex Lorenz via Phabricator via cfe-commits
<cfe-commits at lists.llvm.org> wrote:

> arphaman added a comment.
>
> In https://reviews.llvm.org/D27827#829661, @thakis wrote:
>
> > We just noticed that if you call __builtin_available() for the first
> time after activating your app's sandbox, the function will fail:
> >
> > SandboxViolation: crdmg(15489) deny file-read-data
> /System/Library/CoreServices/SystemVersion.plist
> >  Violation:       deny file-read-data /System/Library/CoreServices/S
> ystemVersion.plist
> >  Process:         crdmg [15489]
> >  Path:            /Volumes/Build/src/./out/release/crdmg
> >
> > Thread 0 (id: 421251):
> >  0   libsystem_kernel.dylib           0x00007fffe94a1a86 __open_nocancel
> + 10
> >  1   crdmg                            0x000000010444be98
> parseSystemVersionPList + 360
> >  2                                    0xec83485354415541
>
>
> Hmm, never saw this before. Please post your exact configuration -
> clang/compiler-rt versions, OS version, toolchain & SDK. Is it possible to
> get a reproducer?
>

It's in this program, which is pretty stand-alone: https://cs.
chromium.org/chromium/src/chrome/utility/safe_browsing/
mac/crdmg.cc?q=crdmg&sq=package:chromium&l=95 EnableSandbox() is on line
134. clang, compiler-rt are trunk from 2 weeks ago, SDK is 10.12, os
10.12.5. I don't think the particular version numbers matter too much
though. Here's a standalone demo:

thakis-macpro:src thakis$ cat foo.cc
#include <sandbox.h>
int main() {
  const char sbox[] = "(version 1) (deny default)";
  char* err;
  ::sandbox_init(sbox, 0, &err);
  if (__builtin_available(macos 10.10, *))
    return 32;
  else
    return 14;
}
thakis-macpro:src thakis$ third_party/llvm-build/Release+Asserts/bin/clang
-o foo foo.cc -isysroot $(xcrun -show-sdk-path) -mmacosx-version-min=10.9
-w && ./foo
thakis-macpro:src thakis$ echo $?
14
thakis-macpro:src thakis$ sw_vers -productVersion
10.12.5

After running that, look for "sandbox" in console.app to find the "deny
file-read-data".


>
>
> Repository:
>   rL LLVM
>
> https://reviews.llvm.org/D27827
>
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20170803/9c3b919f/attachment.html>

More information about the cfe-commits mailing list