Disable Swift compiler sandboxing in Xcode 15.3+ to fix nested sandboxing (#1206)

adincebic · brentleyjones · web-flow · commit 3e85693aba0c · 2024-05-22T15:13:03.000-07:00
This should solve #1202 and #1204 > There were issues with Swift compiler plugins (incl. macros) and nested sandboxes on macOS with Swift 5.9 that have been fixed with 5.10: > swift: [swiftlang/swift#70079](swiftlang/swift#70079) > swift-driver: [swiftlang/swift-driver#1493](swiftlang/swift-driver#1493) > swift-package-manager: [swiftlang/swift-package-manager#7167](swiftlang/swift-package-manager#7167) I am not sure whether this flag is required on Linux too. --------- Signed-off-by: Adin Cebic <cebic.ad@gmail.com> Co-authored-by: Brentley Jones <github@brentleyjones.com>
diff --git a/swift/internal/compiling.bzl b/swift/internal/compiling.bzl
@@ -45,6 +45,7 @@ load(
     "SWIFT_FEATURE_COVERAGE_PREFIX_MAP",
     "SWIFT_FEATURE_DBG",
     "SWIFT_FEATURE_DEBUG_PREFIX_MAP",
+    "SWIFT_FEATURE_DISABLE_SWIFT_SANDBOX",
     "SWIFT_FEATURE_DISABLE_SYSTEM_INDEX",
     "SWIFT_FEATURE_EMIT_BC",
     "SWIFT_FEATURE_EMIT_C_MODULE",
@@ -564,6 +565,19 @@ def compile_action_configs(
             features = [SWIFT_FEATURE_TREAT_WARNINGS_AS_ERRORS],
         ),
 
+        # Disable Swift sandbox.
+        swift_toolchain_config.action_config(
+            actions = [
+                swift_action_names.COMPILE,
+                swift_action_names.DERIVE_FILES,
+                swift_action_names.DUMP_AST,
+            ],
+            configurators = [
+                swift_toolchain_config.add_arg("-disable-sandbox"),
+            ],
+            features = [SWIFT_FEATURE_DISABLE_SWIFT_SANDBOX],
+        ),
+
         # Set Developer Framework search paths
         swift_toolchain_config.action_config(
             actions = [
diff --git a/swift/internal/feature_names.bzl b/swift/internal/feature_names.bzl
@@ -341,6 +341,11 @@ SWIFT_FEATURE__FORCE_ALWAYSLINK_TRUE = "swift._force_alwayslink_true"
 # feature.
 SWIFT_FEATURE__SUPPORTS_MACROS = "swift._supports_macros"
 
+# Disables Swift sandbox which prevents issues with nested sandboxing when Swift code contains system-provided macros.
+# If enabled '#Preview' macro provided by SwiftUI fails to build and probably other system-provided macros.
+# Enabled by default for Swift 5.10+ on macOS.
+SWIFT_FEATURE_DISABLE_SWIFT_SANDBOX = "swift.disable_swift_sandbox"
+
 # Pass -warnings-as-errors to the compiler.
 SWIFT_FEATURE_TREAT_WARNINGS_AS_ERRORS = "swift.treat_warnings_as_errors"
 
diff --git a/swift/internal/xcode_swift_toolchain.bzl b/swift/internal/xcode_swift_toolchain.bzl
@@ -35,6 +35,7 @@ load(
     "SWIFT_FEATURE_COVERAGE",
     "SWIFT_FEATURE_COVERAGE_PREFIX_MAP",
     "SWIFT_FEATURE_DEBUG_PREFIX_MAP",
+    "SWIFT_FEATURE_DISABLE_SWIFT_SANDBOX",
     "SWIFT_FEATURE_EMIT_SWIFTDOC",
     "SWIFT_FEATURE_EMIT_SWIFTSOURCEINFO",
     "SWIFT_FEATURE_ENABLE_BATCH_MODE",
@@ -640,6 +641,9 @@ def _xcode_swift_toolchain_impl(ctx):
         requested_features.append(SWIFT_FEATURE__SUPPORTS_MACROS)
         requested_features.append(SWIFT_FEATURE__SUPPORTS_CONST_VALUE_EXTRACTION)
 
+    if _is_xcode_at_least_version(xcode_config, "15.3"):
+        requested_features.append(SWIFT_FEATURE_DISABLE_SWIFT_SANDBOX)
+
     env = _xcode_env(target_triple = target_triple, xcode_config = xcode_config)
     execution_requirements = xcode_config.execution_info()
     generated_header_rewriter = ctx.executable.generated_header_rewriter
diff --git a/test/features_tests.bzl b/test/features_tests.bzl
@@ -60,6 +60,14 @@ use_global_index_store_index_while_building_test = make_action_command_line_test
     },
 )
 
+disable_swift_sandbox_test = make_action_command_line_test_rule(
+    config_settings = {
+        "//command_line_option:features": [
+            "swift.disable_swift_sandbox",
+        ],
+    },
+)
+
 vfsoverlay_test = make_action_command_line_test_rule(
     config_settings = {
         "//command_line_option:features": [
@@ -179,6 +187,17 @@ def features_test_suite(name):
         target_under_test = "@build_bazel_rules_swift//test/fixtures/debug_settings:simple",
     )
 
+    disable_swift_sandbox_test(
+        name = "{}_disable_swift_sandbox_test".format(name),
+        tags = [name],
+        expected_argv = [
+            "-disable-sandbox",
+        ],
+        mnemonic = "SwiftCompile",
+        target_compatible_with = ["@platforms//os:macos"],
+        target_under_test = "@build_bazel_rules_swift//test/fixtures/debug_settings:simple",
+    )
+
     default_opt_test(
         name = "{}_default_opt_test".format(name),
         tags = [name],
