New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 752128 link

Starred by 1 user
Status: Fixed
Owner:
rsesek@chromium.org
Closed: Aug 2017
Cc:
sdy@chromium.org
jialiul@chromium.org
thakis@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug-Regression



Sign in to add a comment

crdmg does not work (says it "Requires 10.10 or higher" on 10.12)

Project Member Reported by rsesek@chromium.org, Aug 3 2017 
Chrome Version: 621a79eab22d443b16b9f6160e747ce6dbbbf832
OS: macOS 10.12.6

What steps will reproduce the problem?
(1) ninja -C out/release crdmg
(2) ./out/release/crdmg ~/Downloads/whatever.crdmg
(3) Exits with "[0802/201229.250732:ERROR:crdmg.cc(99)] Requires 10.10 or higher"

What is the expected result?
crdmg should run on 10.12.

What happens instead?
It says my OS is not supported, but it totally is.

I determined that this is because crdmg enables its sandbox before the first call to __builtin_available, which triggers a sandbox violation:

SandboxViolation: crdmg(15489) deny file-read-data /System/Library/CoreServices/SystemVersion.plist
Violation:       deny file-read-data /System/Library/CoreServices/SystemVersion.plist 
Process:         crdmg [15489]
Path:            /Volumes/Build/src/./out/release/crdmg

Thread 0 (id: 421251):
0   libsystem_kernel.dylib        	0x00007fffe94a1a86 __open_nocancel + 10
1   crdmg                         	0x000000010444be98 parseSystemVersionPList + 360
2                                 	0xec83485354415541

This was caused by https://chromium-review.googlesource.com/566956.

Please use labels and text to provide additional information.


For graphics-related bugs, please copy/paste the contents of the about:gpu
page at the end of this report.

Comment 1 by thakis@chromium.org, Aug 3 2017

Owner: rsesek@chromium.org
I think the fix is to call __builtin_available() once before enabling the sandbox.

I'm following up with Apple to make sure they're aware of this.

Comment 2 by thakis@chromium.org, Aug 3 2017 

Standalone:

thakis-macpro:src thakis$ cat foo.cc
#include <sandbox.h>
int main() {
  const char sbox[] = "(version 1) (deny default)";
  char* err;
  ::sandbox_init(sbox, 0, &err);
  if (__builtin_available(macos 10.10, *))
    return 32;
  else
    return 14;
}
thakis-macpro:src thakis$ third_party/llvm-build/Release+Asserts/bin/clang -o foo foo.cc -isysroot $(xcrun -show-sdk-path) -mmacosx-version-min=10.9 -w && ./foo
thakis-macpro:src thakis$ echo $?
14

Comment 3 by thakis@chromium.org, Aug 3 2017 

Upstream discussion on https://reviews.llvm.org/D27827
Project Member

Comment 4 by bugdroid1@chromium.org, Aug 3 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4b9d7f365a7b47cee99b3d4a45ff6df44f1b83a1

commit 4b9d7f365a7b47cee99b3d4a45ff6df44f1b83a1
Author: Robert Sesek <rsesek@chromium.org>
Date: Thu Aug 03 16:23:25 2017

Fix crdmg so that it actually works.

After changing to the __builtin_available() syntax in
51938fff0607fee07eb38e896fcca6b262acf19e, crdmg's sandbox blocked
reading the SystemVersion.plist, which caused crdmg to not properly
detect the OS version.

Bug:  752128 
Change-Id: I2d1035c4de8c2f0559ccabc06eaf046da2f6522b
Reviewed-on: https://chromium-review.googlesource.com/600129
Reviewed-by: Nico Weber <thakis@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#491759}
[modify] https://crrev.com/4b9d7f365a7b47cee99b3d4a45ff6df44f1b83a1/chrome/utility/safe_browsing/mac/crdmg.cc

Comment 5 by rsesek@chromium.org, Aug 3 2017

Status: Fixed (was: Assigned)

Sign in to add a comment