From be3196b98ce1c9a6c9268731832dcb15743d1f02 Mon Sep 17 00:00:00 2001
From: Adin Cebic <cebic.ad@gmail.com>
Date: Wed, 22 May 2024 17:37:03 +0200
Subject: [PATCH 1/4] Add a SWIFT_FEATURE to disable Swift sandbox

Signed-off-by: Adin Cebic <cebic.ad@gmail.com>
---
 swift/internal/compiling.bzl             | 14 ++++++++++++++
 swift/internal/feature_names.bzl         |  4 ++++
 swift/internal/xcode_swift_toolchain.bzl |  4 ++++
 3 files changed, 22 insertions(+)

diff --git a/swift/internal/compiling.bzl b/swift/internal/compiling.bzl
index a9e2fb121..25589bdff 100644
--- a/swift/internal/compiling.bzl
+++ b/swift/internal/compiling.bzl
@@ -83,6 +83,7 @@ load(
     "SWIFT_FEATURE_USE_OLD_DRIVER",
     "SWIFT_FEATURE_USE_PCH_OUTPUT_DIR",
     "SWIFT_FEATURE_VFSOVERLAY",
+    "SWIFT_FEATURE__DISABLE_SWIFT_SANDBOX",
     "SWIFT_FEATURE__NUM_THREADS_0_IN_SWIFTCOPTS",
     "SWIFT_FEATURE__SUPPORTS_CONST_VALUE_EXTRACTION",
     "SWIFT_FEATURE__SUPPORTS_MACROS",
@@ -564,6 +565,19 @@ def compile_action_configs(
             features = [SWIFT_FEATURE_TREAT_WARNINGS_AS_ERRORS],
         ),
 
+        # Disable Swift sandbox.
+        swift_toolchain_config.action_config(
+            actions = [
+                swift_action_names.COMPILE,
+                swift_action_names.DERIVE_FILES,
+                swift_action_names.DUMP_AST,
+            ],
+            configurators = [
+                swift_toolchain_config.add_arg("-disable-sandbox"),
+            ],
+            features = [SWIFT_FEATURE__DISABLE_SWIFT_SANDBOX],
+        ),
+
         # Set Developer Framework search paths
         swift_toolchain_config.action_config(
             actions = [
diff --git a/swift/internal/feature_names.bzl b/swift/internal/feature_names.bzl
index 642353440..dc84b9353 100644
--- a/swift/internal/feature_names.bzl
+++ b/swift/internal/feature_names.bzl
@@ -341,6 +341,10 @@ SWIFT_FEATURE__FORCE_ALWAYSLINK_TRUE = "swift._force_alwayslink_true"
 # feature.
 SWIFT_FEATURE__SUPPORTS_MACROS = "swift._supports_macros"
 
+# Disables Swift sandbox which prevents issues with nested sandboxing when Swift code contains system-provided macros.
+# If enabled '#Preview' macro provided by SwiftUI fails to build and probably other system-provided macros.
+SWIFT_FEATURE__DISABLE_SWIFT_SANDBOX = "swift._disable_swift_sandbox"
+
 # Pass -warnings-as-errors to the compiler.
 SWIFT_FEATURE_TREAT_WARNINGS_AS_ERRORS = "swift.treat_warnings_as_errors"
 
diff --git a/swift/internal/xcode_swift_toolchain.bzl b/swift/internal/xcode_swift_toolchain.bzl
index 974778e54..932a0bf3c 100644
--- a/swift/internal/xcode_swift_toolchain.bzl
+++ b/swift/internal/xcode_swift_toolchain.bzl
@@ -50,6 +50,7 @@ load(
     "SWIFT_FEATURE_SUPPORTS_SYSTEM_MODULE_FLAG",
     "SWIFT_FEATURE_USE_GLOBAL_MODULE_CACHE",
     "SWIFT_FEATURE_USE_RESPONSE_FILES",
+    "SWIFT_FEATURE__DISABLE_SWIFT_SANDBOX",
     "SWIFT_FEATURE__FORCE_ALWAYSLINK_TRUE",
     "SWIFT_FEATURE__SUPPORTS_CONST_VALUE_EXTRACTION",
     "SWIFT_FEATURE__SUPPORTS_MACROS",
@@ -640,6 +641,9 @@ def _xcode_swift_toolchain_impl(ctx):
         requested_features.append(SWIFT_FEATURE__SUPPORTS_MACROS)
         requested_features.append(SWIFT_FEATURE__SUPPORTS_CONST_VALUE_EXTRACTION)
 
+    if _is_xcode_at_least_version(xcode_config, "15.3"):
+        requested_features.append(SWIFT_FEATURE__DISABLE_SWIFT_SANDBOX)
+
     env = _xcode_env(target_triple = target_triple, xcode_config = xcode_config)
     execution_requirements = xcode_config.execution_info()
     generated_header_rewriter = ctx.executable.generated_header_rewriter

From 39a1847ed558d6ced92826571e297106b6db0bdf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adin=20=C4=86ebi=C4=87?= <cebic.ad@gmail.com>
Date: Wed, 22 May 2024 18:40:41 +0200
Subject: [PATCH 2/4] Update feature_names.bzl

Co-authored-by: Brentley Jones <github@brentleyjones.com>
---
 swift/internal/feature_names.bzl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/swift/internal/feature_names.bzl b/swift/internal/feature_names.bzl
index dc84b9353..d8f35d94c 100644
--- a/swift/internal/feature_names.bzl
+++ b/swift/internal/feature_names.bzl
@@ -343,6 +343,7 @@ SWIFT_FEATURE__SUPPORTS_MACROS = "swift._supports_macros"
 
 # Disables Swift sandbox which prevents issues with nested sandboxing when Swift code contains system-provided macros.
 # If enabled '#Preview' macro provided by SwiftUI fails to build and probably other system-provided macros.
+# Enabled by default for Swift 5.10+ on macOS.
 SWIFT_FEATURE__DISABLE_SWIFT_SANDBOX = "swift._disable_swift_sandbox"
 
 # Pass -warnings-as-errors to the compiler.

From 5cecaded075114e8343529c570c10a06c4367746 Mon Sep 17 00:00:00 2001
From: Adin Cebic <cebic.ad@gmail.com>
Date: Wed, 22 May 2024 19:21:21 +0200
Subject: [PATCH 3/4] Drop underscore from
 'SWIFT_FEATURE__DISABLE_SWIFT_SANDBOX'

Signed-off-by: Adin Cebic <cebic.ad@gmail.com>
---
 swift/internal/compiling.bzl             | 4 ++--
 swift/internal/feature_names.bzl         | 2 +-
 swift/internal/xcode_swift_toolchain.bzl | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/swift/internal/compiling.bzl b/swift/internal/compiling.bzl
index 25589bdff..d5b5234ed 100644
--- a/swift/internal/compiling.bzl
+++ b/swift/internal/compiling.bzl
@@ -45,6 +45,7 @@ load(
     "SWIFT_FEATURE_COVERAGE_PREFIX_MAP",
     "SWIFT_FEATURE_DBG",
     "SWIFT_FEATURE_DEBUG_PREFIX_MAP",
+    "SWIFT_FEATURE_DISABLE_SWIFT_SANDBOX",
     "SWIFT_FEATURE_DISABLE_SYSTEM_INDEX",
     "SWIFT_FEATURE_EMIT_BC",
     "SWIFT_FEATURE_EMIT_C_MODULE",
@@ -83,7 +84,6 @@ load(
     "SWIFT_FEATURE_USE_OLD_DRIVER",
     "SWIFT_FEATURE_USE_PCH_OUTPUT_DIR",
     "SWIFT_FEATURE_VFSOVERLAY",
-    "SWIFT_FEATURE__DISABLE_SWIFT_SANDBOX",
     "SWIFT_FEATURE__NUM_THREADS_0_IN_SWIFTCOPTS",
     "SWIFT_FEATURE__SUPPORTS_CONST_VALUE_EXTRACTION",
     "SWIFT_FEATURE__SUPPORTS_MACROS",
@@ -575,7 +575,7 @@ def compile_action_configs(
             configurators = [
                 swift_toolchain_config.add_arg("-disable-sandbox"),
             ],
-            features = [SWIFT_FEATURE__DISABLE_SWIFT_SANDBOX],
+            features = [SWIFT_FEATURE_DISABLE_SWIFT_SANDBOX],
         ),
 
         # Set Developer Framework search paths
diff --git a/swift/internal/feature_names.bzl b/swift/internal/feature_names.bzl
index d8f35d94c..f867b1d44 100644
--- a/swift/internal/feature_names.bzl
+++ b/swift/internal/feature_names.bzl
@@ -344,7 +344,7 @@ SWIFT_FEATURE__SUPPORTS_MACROS = "swift._supports_macros"
 # Disables Swift sandbox which prevents issues with nested sandboxing when Swift code contains system-provided macros.
 # If enabled '#Preview' macro provided by SwiftUI fails to build and probably other system-provided macros.
 # Enabled by default for Swift 5.10+ on macOS.
-SWIFT_FEATURE__DISABLE_SWIFT_SANDBOX = "swift._disable_swift_sandbox"
+SWIFT_FEATURE_DISABLE_SWIFT_SANDBOX = "swift.disable_swift_sandbox"
 
 # Pass -warnings-as-errors to the compiler.
 SWIFT_FEATURE_TREAT_WARNINGS_AS_ERRORS = "swift.treat_warnings_as_errors"
diff --git a/swift/internal/xcode_swift_toolchain.bzl b/swift/internal/xcode_swift_toolchain.bzl
index 932a0bf3c..1069297b6 100644
--- a/swift/internal/xcode_swift_toolchain.bzl
+++ b/swift/internal/xcode_swift_toolchain.bzl
@@ -35,6 +35,7 @@ load(
     "SWIFT_FEATURE_COVERAGE",
     "SWIFT_FEATURE_COVERAGE_PREFIX_MAP",
     "SWIFT_FEATURE_DEBUG_PREFIX_MAP",
+    "SWIFT_FEATURE_DISABLE_SWIFT_SANDBOX",
     "SWIFT_FEATURE_EMIT_SWIFTDOC",
     "SWIFT_FEATURE_EMIT_SWIFTSOURCEINFO",
     "SWIFT_FEATURE_ENABLE_BATCH_MODE",
@@ -50,7 +51,6 @@ load(
     "SWIFT_FEATURE_SUPPORTS_SYSTEM_MODULE_FLAG",
     "SWIFT_FEATURE_USE_GLOBAL_MODULE_CACHE",
     "SWIFT_FEATURE_USE_RESPONSE_FILES",
-    "SWIFT_FEATURE__DISABLE_SWIFT_SANDBOX",
     "SWIFT_FEATURE__FORCE_ALWAYSLINK_TRUE",
     "SWIFT_FEATURE__SUPPORTS_CONST_VALUE_EXTRACTION",
     "SWIFT_FEATURE__SUPPORTS_MACROS",
@@ -642,7 +642,7 @@ def _xcode_swift_toolchain_impl(ctx):
         requested_features.append(SWIFT_FEATURE__SUPPORTS_CONST_VALUE_EXTRACTION)
 
     if _is_xcode_at_least_version(xcode_config, "15.3"):
-        requested_features.append(SWIFT_FEATURE__DISABLE_SWIFT_SANDBOX)
+        requested_features.append(SWIFT_FEATURE_DISABLE_SWIFT_SANDBOX)
 
     env = _xcode_env(target_triple = target_triple, xcode_config = xcode_config)
     execution_requirements = xcode_config.execution_info()

From 64a369e87da243687dcf3a1645499626eb7e2513 Mon Sep 17 00:00:00 2001
From: Adin Cebic <cebic.ad@gmail.com>
Date: Wed, 22 May 2024 20:00:48 +0200
Subject: [PATCH 4/4] Add test

Signed-off-by: Adin Cebic <cebic.ad@gmail.com>
---
 test/features_tests.bzl | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/test/features_tests.bzl b/test/features_tests.bzl
index 62b691b26..75d7a1fc9 100644
--- a/test/features_tests.bzl
+++ b/test/features_tests.bzl
@@ -60,6 +60,14 @@ use_global_index_store_index_while_building_test = make_action_command_line_test
     },
 )
 
+disable_swift_sandbox_test = make_action_command_line_test_rule(
+    config_settings = {
+        "//command_line_option:features": [
+            "swift.disable_swift_sandbox",
+        ],
+    },
+)
+
 vfsoverlay_test = make_action_command_line_test_rule(
     config_settings = {
         "//command_line_option:features": [
@@ -179,6 +187,17 @@ def features_test_suite(name):
         target_under_test = "@build_bazel_rules_swift//test/fixtures/debug_settings:simple",
     )
 
+    disable_swift_sandbox_test(
+        name = "{}_disable_swift_sandbox_test".format(name),
+        tags = [name],
+        expected_argv = [
+            "-disable-sandbox",
+        ],
+        mnemonic = "SwiftCompile",
+        target_compatible_with = ["@platforms//os:macos"],
+        target_under_test = "@build_bazel_rules_swift//test/fixtures/debug_settings:simple",
+    )
+
     default_opt_test(
         name = "{}_default_opt_test".format(name),
         tags = [name],