video.currentTime is not being updated in iOS 13.4 Beta
[WebKit-https.git] / Source / WebKit / Resources / SandboxProfiles / ios / com.apple.WebKit.WebContent.sb
1 ; Copyright (C) 2010-2019 Apple Inc. All rights reserved.
2 ;
3 ; Redistribution and use in source and binary forms, with or without
4 ; modification, are permitted provided that the following conditions
5 ; are met:
6 ; 1. Redistributions of source code must retain the above copyright
7 ; notice, this list of conditions and the following disclaimer.
8 ; 2. Redistributions in binary form must reproduce the above copyright
9 ; notice, this list of conditions and the following disclaimer in the
10 ; documentation and/or other materials provided with the distribution.
11 ;
12 ; THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
13 ; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
14 ; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15 ; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
16 ; BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
17 ; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
18 ; SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
19 ; INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
20 ; CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
21 ; ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
22 ; THE POSSIBILITY OF SUCH DAMAGE.
23
24 (version 1)
25 (deny default (with partial-symbolication))
26 (allow system-audit file-read-metadata)
27
28 ;;;
29 ;;; The following rules were originally contained in 'common.sb'. We are duplicating them here so we can
30 ;;; remove unneeded sandbox extensions.
31 ;;;
32
33 (import "util.sb")
34
35 (define-once (allow-read-and-issue-generic-extensions . filters)
36     (allow file-read*
37            (apply require-any filters))
38     (allow file-issue-extension
39         (require-all
40             (extension-class "com.apple.app-sandbox.read")
41             (apply require-any filters))))
42
43 (define-once (allow-read-write-and-issue-generic-extensions . filters)
44     (allow file-read* file-write*
45            (apply require-any filters))
46     (allow file-read-metadata
47            (apply require-any filters))
48     (allow file-issue-extension
49         (require-all
50             (extension-class "com.apple.app-sandbox.read-write" "com.apple.app-sandbox.read")
51             (apply require-any filters))))
52
53 (define-once (managed-configuration-read-public)
54     (allow file-read*
55            (well-known-system-group-container-subpath "/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles/PublicInfo")
56            (front-user-home-subpath "/Library/ConfigurationProfiles/PublicInfo")
57            (front-user-home-subpath "/Library/UserConfigurationProfiles/PublicInfo")))
58
59 (define-once (managed-configuration-read . files)
60     (if (null? files)
61         (allow file-read*
62                (well-known-system-group-container-subpath "/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles")
63                (front-user-home-subpath "/Library/ConfigurationProfiles")
64                (front-user-home-subpath "/Library/UserConfigurationProfiles"))
65         (for-each
66             (lambda (file)
67                 (allow file-read*
68                     (well-known-system-group-container-literal
69                         (string-append "/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles/" file))
70                     (front-user-home-literal
71                         (string-append "/Library/ConfigurationProfiles/" file)
72                         (string-append "/Library/UserConfigurationProfiles/" file))))
73             files)))
74
75 (define-once (allow-preferences-common)
76     (allow file-read-metadata
77            (home-literal "")
78            (home-literal "/Library/Preferences")))
79
80 (define-once (mobile-preferences-read . domains)
81     (allow-preferences-common)
82     (allow user-preference-read (apply preference-domain domains)))
83
84 (define-once (mobile-preferences-read-write . domains)
85     (allow-preferences-common)
86     (allow user-preference-read user-preference-write (apply preference-domain domains)))
87
88 (define-once (framebuffer-access)
89     (allow iokit-open (with report) (with telemetry)
90            (iokit-user-client-class "IOMobileFramebufferUserClient"))
91
92     ; IOMobileFramebuffer
93     (with-filter (iokit-registry-entry-class "IOMobileFramebuffer")
94         (allow iokit-get-properties
95                (iokit-property "AppleTV"
96                                "DisplayPipePlaneBaseAlignment"
97                                "DisplayPipeStrideRequirements"
98                                "PerformanceStatistics"
99                                "appleTV-VID0"
100                                "appleTV-VID1"
101                                "hdcp-hoover-protocol")))
102
103     (mobile-preferences-read "com.apple.iokit.IOMobileGraphicsFamily")
104 )
105
106 (define-once (asset-access . options)
107     (let ((asset-access-filter
108             (require-all
109               (require-any
110                 (home-subpath "/Library/Assets")
111                 (subpath "/private/var/MobileAsset"))
112               (extension "com.apple.assets.read"))))
113         ;; <rdar://problem/10710883>
114         ;; <rdar://problem/11569106>
115         (allow file-read* asset-access-filter)
116         (if (memq 'with-media-playback options)
117             (play-media asset-access-filter))
118         (allow mach-lookup (with report) (with telemetry)
119                (global-name "com.apple.mobileassetd" "com.apple.mobileassetd.v2"))
120         (mobile-preferences-read "com.apple.MobileAsset")))
121
122 (define-once (mobile-keybag-access)
123     (allow iokit-open (with telemetry)
124         (iokit-user-client-class "AppleKeyStoreUserClient")  ;; Needed by NSURLCache
125 ))
126
127 (define-once (play-audio)
128     (allow mach-lookup
129            (global-name "com.apple.audio.AURemoteIOServer"))
130     (allow mach-lookup (with report) (with telemetry)
131            (xpc-service-name "com.apple.audio.toolbox.reporting.service")))
132
133 (define-once (play-media . filters)
134     (if (not (null? filters))
135         ;; <rdar://problem/9875794>
136         (allow file-issue-extension
137             (require-all
138                 (apply require-any filters)
139                 (extension-class "com.apple.mediaserverd.read"))))
140     (allow file-issue-extension
141         (require-all
142             (extension-class "com.apple.mediaserverd.read")
143             (extension "com.apple.security.exception.files.absolute-path.read-only"
144                        "com.apple.security.exception.files.absolute-path.read-write"
145                        "com.apple.security.exception.files.home-relative-path.read-only"
146                        "com.apple.security.exception.files.home-relative-path.read-write")))
147     (allow file-issue-extension
148         (require-all
149             (extension-class "com.apple.mediaserverd.read-write")
150             (extension "com.apple.security.exception.files.absolute-path.read-write"
151                        "com.apple.security.exception.files.home-relative-path.read-write")))
152     ;; CoreMedia framework.
153     (allow mach-lookup
154            (global-name "com.apple.coremedia.admin")
155            (global-name "com.apple.coremedia.asset.xpc")
156            (global-name "com.apple.coremedia.assetimagegenerator.xpc")
157            (global-name "com.apple.coremedia.audiodeviceclock.xpc") ; Needed for CMTimeBase
158            (global-name "com.apple.coremedia.audioprocessingtap.xpc")
159            (global-name "com.apple.coremedia.capturesession")      ; Actually for video capture
160            (global-name "com.apple.coremedia.capturesource")       ; Also for video capture (<rdar://problem/15794291>).
161            (global-name "com.apple.coremedia.cpe.xpc") ; Needed for HDR playback.
162            (global-name "com.apple.coremedia.customurlloader.xpc") ; Needed for custom media loading
163            (global-name "com.apple.coremedia.formatreader.xpc")
164            (global-name "com.apple.coremedia.player.xpc")
165            (global-name "com.apple.coremedia.remaker")
166            (global-name "com.apple.coremedia.remotequeue")
167            (global-name "com.apple.coremedia.routediscoverer.xpc")
168            (global-name "com.apple.coremedia.routingcontext.xpc")
169            (global-name "com.apple.coremedia.samplebufferaudiorenderer.xpc")
170            (global-name "com.apple.coremedia.samplebufferrendersynchronizer.xpc")
171            (global-name "com.apple.coremedia.sandboxserver.xpc")
172            (global-name "com.apple.coremedia.systemcontroller.xpc")
173            (global-name "com.apple.coremedia.volumecontroller.xpc"))
174
175     (allow mach-lookup (with report) (with telemetry)
176         (global-name "com.apple.coremedia.cpeprotector.xpc")
177         (global-name "com.apple.coremedia.endpoint.xpc")
178         (global-name "com.apple.coremedia.figcontentkeysession.xpc")
179         (global-name "com.apple.coremedia.figcpecryptor")
180         (global-name "com.apple.coremedia.routingsessionmanager.xpc")
181         (global-name "com.apple.coremedia.sts"))
182
183     (mobile-preferences-read
184         "com.apple.avfoundation"
185         "com.apple.coreaudio"
186         "com.apple.coremedia"
187         "com.apple.corevideo"
188         "com.apple.itunesstored" ; Needed by MediaPlayer framework
189         "com.apple.mobileipod" ; Ditto
190         "com.apple.audio.virtualaudio" ; <rdar://problem/57170333>
191     )
192
193     ;; AVF needs to see these network preferences:
194     (allow file-read*
195         (literal "/private/var/preferences/com.apple.networkd.plist"))
196
197     ;; Required by the MediaPlayer framework.
198     (allow mach-lookup
199         (global-name "com.apple.audio.AudioSession"))
200
201     (allow mach-lookup (with report) (with telemetry)
202         (global-name "com.apple.airplay.apsynccontroller.xpc"))
203
204     ;; Allow mediaserverd to issue file extensions for the purposes of reading media
205     (allow file-issue-extension (require-all
206         (extension "com.apple.app-sandbox.read")
207         (extension-class "com.apple.mediaserverd.read")))
208 )
209
210 (define-once (media-remote)
211     (mobile-preferences-read
212         "com.apple.mediaremote"
213         "com.apple.mobileipod")
214     (allow mach-lookup
215            (global-name "com.apple.mediaremoted.xpc"))
216     (allow mach-lookup (with report) (with telemetry)
217         (xpc-service-name "com.apple.MediaPlayer.RemotePlayerService"))
218 )
219
220 (define-once (media-capture-support)
221     ;; Media capture, microphone access
222     (with-filter (extension "com.apple.webkit.microphone")
223         (allow device-microphone))
224
225     ;; Media capture, camera access
226     (with-filter (extension "com.apple.webkit.camera")
227         (allow user-preference-read
228             (preference-domain "com.apple.coremedia"))
229         (allow file-read* (subpath "/Library/CoreMediaIO/Plug-Ins/DAL"))
230         (allow mach-lookup (extension "com.apple.app-sandbox.mach"))
231         (allow device-camera))
232
233     ;; Support incoming video connections
234     (allow mach-lookup
235         (global-name "com.apple.coremedia.compressionsession")
236         (global-name "com.apple.coremedia.decompressionsession")
237         (global-name "com.apple.coremedia.videoqueue"))
238 )
239
240 (define-once (accessibility-support)
241     (allow mach-register
242         (local-name "com.apple.iphone.axserver"))
243     (mobile-preferences-read "com.apple.Accessibility")
244     
245     ;; <rdar://problem/10809394>
246     (deny file-write-create
247         (home-prefix "/Library/Preferences/com.apple.Accessibility.plist")
248         (with no-report))
249 )
250
251 (define-once (media-accessibility-support)
252     ;; <rdar://problem/12801477>
253     (allow mach-lookup
254         (global-name "com.apple.accessibility.mediaaccessibilityd"))
255
256     ;; <rdar://problem/12250145>
257     (mobile-preferences-read "com.apple.mediaaccessibility")
258     (mobile-preferences-read-write "com.apple.mediaaccessibility.public")
259 )
260
261 (define-once (url-translation)
262     ;; For translating http:// & https:// URLs referencing itms:// URLs.
263     ;; <rdar://problem/11587338>
264     (allow file-read*
265            (home-literal "/Library/Caches/com.apple.itunesstored/url-resolution.plist")))
266
267 ;;;
268 ;;; Declare that the application uses the OpenGL, Metal, and CoreML hardware & frameworks.
269 ;;;
270 (define-once (opengl)
271     ;; Items not seen in testing
272     (allow iokit-open (with report) (with telemetry)
273            (iokit-connection "IOGPU")
274            (iokit-user-client-class
275                 "AGXCommandQueue"
276                 "AGXDevice"
277                 "AGXSharedUserClient"
278                 "IOAccelContext"
279                 "IOAccelDevice"
280                 "IOAccelSharedUserClient"
281                 "IOAccelSubmitter2"
282                 "IOAccelContext2"
283                 "IOAccelDevice2"
284                 "IOAccelSharedUserClient2"))
285
286     ;; Items with known uses
287     (allow iokit-open
288         (iokit-connection "IOGPU")
289         (iokit-user-client-class
290             "AGXDeviceUserClient" ;; Used by WebGL
291     ))
292
293     (allow iokit-get-properties
294         (iokit-property "IOGLBundleName")
295         (iokit-property "IOGLESBundleName")
296         (iokit-property "IOGLESDefaultUseMetal")
297         (iokit-property "IOGLESMetalBundleName")
298         (iokit-property "MetalPluginClassName")
299         (iokit-property "MetalPluginName")
300     )
301
302     (allow sysctl-read
303            (sysctl-name #"kern.bootsessionuuid"))
304
305     (allow mach-lookup
306        ;; <rdar://problem/47268166>
307        (xpc-service-name "com.apple.MTLCompilerService"))
308     
309     (mobile-preferences-read
310         "com.apple.Metal" ;; <rdar://problem/25535471>
311         "com.apple.opengl" ;; <rdar://problem/23321675>
312     )
313 )
314
315 (define-once (debugging-support)
316         (allow file-read* file-map-executable
317                (subpath "/Developer"))
318
319         (allow ipc-posix-shm
320                (ipc-posix-name-regex #"^stack-logs")
321                (ipc-posix-name-regex #"^OA-")
322                (ipc-posix-name-regex #"^/FSM-"))
323
324         (allow ipc-posix-shm-read* ipc-posix-shm-write-data ipc-posix-shm-write-unlink
325                (ipc-posix-name-regex #"^gdt-[A-Za-z0-9]+-(c|s)$"))
326
327         (with-filter (system-attribute apple-internal)
328             ;; <rdar://problem/8565035>
329             ;; <rdar://problem/23857452>
330             (allow file-read* file-map-executable
331                    (subpath "/AppleInternal")
332                    (subpath "/usr/local/lib")))
333             (with-elevated-precedence
334                 (allow file-read* file-map-executable file-issue-extension
335                    (front-user-home-subpath "/XcodeBuiltProducts")))
336
337         ;; <rdar://problem/8107758>
338         (allow file-read* file-map-executable
339                (subpath "/System/Library/Frameworks")
340                (subpath "/System/Library/PrivateFrameworks"))
341
342         ;; <rdar://problem/32544921>
343         (mobile-preferences-read "com.apple.hangtracer"))
344
345 (define-once (device-access)
346     (deny file-read* file-write*
347           (vnode-type BLOCK-DEVICE CHARACTER-DEVICE))
348
349     (allow file-read* file-write-data
350            (literal "/dev/null")
351            (literal "/dev/zero"))
352
353     (allow file-read* file-write-data file-ioctl
354            (literal "/dev/dtracehelper"))
355
356     (allow file-read*
357            (literal "/dev/random")
358            (literal "/dev/urandom"))
359     ;; <rdar://problem/14215718>
360     (deny file-write-data (with no-report)
361           (literal "/dev/random")
362           (literal "/dev/urandom"))
363
364     (allow file-read* file-write-data file-ioctl
365            (literal "/dev/aes_0")))
366
367 (define-once (logd-diagnostic-paths)
368     (require-any
369         (subpath "/private/var/db/diagnostics")
370         (subpath "/private/var/db/timesync")
371         (subpath "/private/var/db/uuidtext")
372         (subpath "/private/var/userdata/diagnostics")))
373 (define-once (logd-diagnostic-client)
374     (with-filter
375         (require-all
376             (require-any
377                 (require-entitlement "com.apple.private.logging.diagnostic")
378                 (require-entitlement "com.apple.diagnosticd.diagnostic"))
379             (extension "com.apple.logd.read-only"))
380         (allow file-read*
381                (logd-diagnostic-paths))))
382
383 (define required-etc-files
384   (literal "/private/etc/fstab"
385            "/private/etc/hosts"
386            "/private/etc/group"
387            "/private/etc/passwd"
388            "/private/etc/protocols"
389            "/private/etc/services"))
390
391 (define-once (speech-synthesis-and-voiceover)
392     ;; Speak Selection & VoiceOver
393     ;; <rdar://problem/12030530> AX: Sandbox violation with changing Language while VO is on
394     ;; and <rdar://problem/13071747>
395     (mobile-preferences-read
396         "com.apple.SpeakSelection" ; Needed for WebSpeech
397         "com.apple.VoiceOverTouch" ; Needed for non-US english language synthesis
398         "com.apple.voiceservices") ; Ditto
399
400     ;; <rdar://problem/14555119> Access to high quality speech voices
401     ;; Needed for WebSpeech
402     (allow file-read*
403         (home-subpath "/Library/VoiceServices/Assets")
404         (home-subpath "/Library/Assets/com_apple_MobileAsset_VoiceServicesVocalizerVoice"))
405 )
406
407 ;; Things required by UIKit
408 (define-once (uikit-requirements)
409     (mobile-preferences-read
410         "com.apple.UIKit"
411         "com.apple.WebUI"
412         "com.apple.airplay"
413         "com.apple.avkit"
414         "com.apple.coreanimation"
415         "com.apple.mt"
416         "com.apple.preferences.sounds")
417
418     (allow mach-lookup (with report) (with telemetry)
419         (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
420     )
421
422     (allow mach-lookup
423         (global-name "com.apple.CARenderServer"))
424
425     (allow mach-lookup (with report) (with telemetry)
426         (global-name-regex #"^com\.apple\.uikit\.viewservice\..+")
427     )
428
429     ; UIKit-required IOKit nodes.
430     (allow iokit-open  (with report) (with telemetry)
431         (iokit-user-client-class "AppleJPEGDriverUserClient")
432         (iokit-user-client-class "IOSurfaceSendRight")
433     )
434
435     ; WebKit-required IOKit classes
436     (allow iokit-open
437         (iokit-user-client-class "IOSurfaceAcceleratorClient") ;; Media rendering into pixel buffers
438         (iokit-user-client-class "IOSurfaceRootUserClient") ;; Needed by Tiled Grid code.
439     )
440
441     ;; Silence sandbox violations from apps trying to create the empty plist if it doesn't exist.
442     ;; <rdar://problem/13796537>
443     (deny file-write-create
444         (home-prefix "/Library/Preferences/com.apple.UIKit.plist")
445         (with no-report))
446 )
447
448 (define-once (dictionary-support)
449     ; Dictionary Services used by UITextFields.
450     ; <rdar://problem/9386926>
451     (allow-create-directory
452         (home-literal "/Library/Caches/com.apple.DictionaryServices"))
453
454     ; <rdar://problem/8548856> Sub-TLF: Sandbox change for apps for read-only access to the dictionary directory/data
455     (allow file-read*
456         ; XXX - /Library ought to be allowed in all UI profiles but isn't (CF, MobileSafari)
457         (subpath "/Library/Dictionaries")
458         (home-subpath "/Library/Dictionaries"))
459 )
460
461 (deny file-map-executable)
462
463 (deny file-write-mount file-write-unmount)
464
465 (allow file-read-metadata (with no-times)
466        (vnode-type DIRECTORY))
467 (with-filter (apple-signed-executable?)
468   (allow file-read-metadata
469          (vnode-type DIRECTORY)))
470
471 (with-filter (apple-signed-executable?)
472   (managed-configuration-read "CloudConfigurationDetails.plist")
473   (managed-configuration-read "CloudConfigurationSetAsideDetails.plist")
474   (mobile-preferences-read "com.apple.security"))
475
476 (with-filter (system-attribute apple-internal)
477   (mobile-preferences-read "com.apple.PrototypeTools"))
478
479 (with-elevated-precedence
480     (allow file-read*
481            (subpath "/usr/lib"
482                     "/usr/share"
483                     "/private/var/db/timezone"))
484     (allow-read-and-issue-generic-extensions
485         (subpath "/Library/RegionFeatures"
486                  "/System/Library"))
487     (allow file-issue-extension
488         (require-all
489             (extension-class "com.apple.mediaserverd.read")
490             (subpath "/System/Library")))
491     (let ((hw-identifying-paths
492             (require-any
493                 (literal "/System/Library/Caches/apticket.der")
494                 (subpath "/System/Library/Caches/com.apple.kernelcaches")
495                 (subpath "/System/Library/Caches/com.apple.factorydata"))))
496         (deny file-issue-extension file-read* hw-identifying-paths))
497     
498     (allow file-map-executable
499            (subpath "/System/Library")
500            (subpath "/usr/lib"))
501     (allow file-read-metadata
502            (vnode-type SYMLINK))
503
504     ;;; <rdar://problem/24144418>
505     (allow file-read*
506            (subpath "/private/var/preferences/Logging"))
507
508     (mobile-preferences-read "kCFPreferencesAnyApplication")
509     (allow file-read*
510            (front-user-home-literal "/Library/Preferences/.GlobalPreferences.plist"))
511
512     (allow file-read*
513            (literal "/private/var/Managed Preferences/mobile/.GlobalPreferences.plist"))
514     (allow managed-preference-read (preference-domain "kCFPreferencesAnyApplication"))
515
516     (allow file-read-metadata
517            (home-literal "/Library/Caches/powerlog.launchd"))
518
519     (allow-read-and-issue-generic-extensions (executable-bundle))
520     (allow file-map-executable (executable-bundle))
521
522     ;; <rdar://problem/13963294>
523     (deny file-read-data file-issue-extension file-map-executable
524         (require-all
525             (executable-bundle)
526             (regex #"/[^/]+/SC_Info/")))
527
528     (unless (defined? 'restrictive-extension)
529         (with-filter
530             (extension
531                 "com.apple.app-sandbox.read"
532                 "com.apple.app-sandbox.read-write"
533                 "com.apple.quicklook.readonly"
534                 "com.apple.security.exception.files.absolute-path.read-only"
535                 "com.apple.security.exception.files.absolute-path.read-write"
536                 "com.apple.security.exception.files.home-relative-path.read-only"
537                 "com.apple.security.exception.files.home-relative-path.read-write"
538                 "com.apple.sharing.airdrop.readonly")
539             (allow file-read* file-read-metadata)
540             (allow file-issue-extension
541                    (extension-class "com.apple.app-sandbox.read"
542                                     "com.apple.mediaserverd.read"
543                                     "com.apple.quicklook.readonly"
544                                     "com.apple.sharing.airdrop.readonly")))
545         (with-filter
546             (extension
547                 "com.apple.app-sandbox.read-write"
548                 "com.apple.security.exception.files.absolute-path.read-write"
549                 "com.apple.security.exception.files.home-relative-path.read-write")
550             (allow file-write*)
551             (allow file-issue-extension
552                    (extension-class "com.apple.app-sandbox.read-write"
553                                     "com.apple.mediaserverd.read-write"))))
554
555     ;; <rdar://problem/16079361>
556     (with-filter (global-name-prefix "")
557         (allow mach-register
558                (extension "com.apple.security.exception.mach-register.global-name")))
559     (with-filter (local-name-prefix "")
560         (allow mach-register
561                (extension "com.apple.security.exception.mach-register.local-name")))
562     (allow-read-and-issue-generic-extensions
563            (extension "com.apple.security.exception.files.absolute-path.read-only")
564            (extension "com.apple.security.exception.files.home-relative-path.read-only"))
565     (allow-read-write-and-issue-generic-extensions
566            (extension "com.apple.security.exception.files.absolute-path.read-write")
567            (extension "com.apple.security.exception.files.home-relative-path.read-write"))
568     (allow iokit-open
569            (extension "com.apple.security.exception.iokit-user-client-class"))
570     (allow managed-preference-read
571            (extension "com.apple.security.exception.managed-preference.read-only"))
572     (allow user-preference-read
573            (extension "com.apple.security.exception.shared-preference.read-only"))
574     (allow user-preference-read user-preference-write
575            (extension "com.apple.security.exception.shared-preference.read-write"))
576
577     (allow file-issue-extension
578           (require-all
579               (extension-class "com.apple.nsurlstorage.extension-cache")
580               (extension "com.apple.security.exception.files.home-relative-path.read-write")
581               (require-any
582                   (prefix "/private/var/root/Library/Caches/")
583                   (front-user-home-prefix "/Library/Caches/"))))
584 )
585
586 (debugging-support)
587
588 (allow file-read*
589     required-etc-files
590     (literal "/"))
591
592 (allow file-read*
593        (subpath "/private/var/MobileAsset/PreinstalledAssetsV2/InstallWithOs"))
594
595 (device-access)
596
597 (allow file-issue-extension
598     (require-all
599         (extension-class "com.apple.app-sandbox.read-write" "com.apple.app-sandbox.read")
600         (extension "com.apple.fileprovider.read-write")))
601
602 (allow mach-lookup
603     (global-name "com.apple.logd")
604     (global-name "com.apple.logd.events")
605     (global-name "com.apple.cfprefsd.daemon"))
606
607 (allow mach-lookup (with report) (with telemetry)
608     (global-name "com.apple.distributed_notifications@1v3")
609     (global-name "com.apple.tccd"))
610
611 (allow ipc-posix-shm-read*
612        (ipc-posix-name-prefix "apple.cfprefs."))
613  
614 (allow mach-lookup (with report) (with telemetry)
615     (global-name "com.apple.lsd.open")
616     (global-name "com.apple.lsd.mapdb"))
617
618 ;; <rdar://problem/12413942>
619 (allow file-read*
620        (well-known-system-group-container-literal "/systemgroup.com.apple.mobilegestaltcache/Library/Caches/com.apple.MobileGestalt.plist"))
621 (allow iokit-get-properties
622        (iokit-property "IORegistryEntryPropertyKeys"))
623
624 (allow ipc-posix-sem-open
625        (ipc-posix-name "containermanagerd.fb_check"))
626
627 (with-filter (ipc-posix-name "purplebuddy.sentinel")
628     (deny ipc-posix-sem-create ipc-posix-sem-post ipc-posix-sem-unlink ipc-posix-sem-wait)
629     (allow ipc-posix-sem-open))
630
631 (allow mach-lookup (with telemetry)
632     (global-name "com.apple.runningboard") ;; Needed by process assertion code (ProcessTaskStateObserver).
633 )
634
635 (allow system-sched
636        (require-entitlement "com.apple.private.kernel.override-cpumon"))
637
638 (deny sysctl-read (with no-report)
639       (sysctl-name "sysctl.proc_native"))
640
641 (with-filter (system-attribute apple-internal)
642     (allow sysctl-read sysctl-write
643            (sysctl-name "vm.footprint_suspend")))
644
645 (allow file-read-metadata network-outbound
646        (literal "/private/var/run/syslog"))
647
648 (allow mach-lookup
649        (global-name "com.apple.system.notification_center"))
650 (allow ipc-posix-shm-read*
651        (ipc-posix-name "apple.shm.notification_center"))
652
653 (logd-diagnostic-client)
654
655 (managed-configuration-read-public)
656
657 (deny system-info (with no-report)
658       (info-type "net.link.addr"))
659
660 (allow file-read*
661        (subpath "/private/var/db/datadetectors/sys"))
662
663 (allow-well-known-system-group-container-subpath-read
664        "/systemgroup.com.apple.icloud.findmydevice.managed/Library")
665
666 (allow mach-task-name (target self))
667
668 (allow process-info-pidinfo (target self))
669 (allow process-info-pidfdinfo (target self))
670 (allow process-info-pidfileportinfo (target self))
671 (allow process-info-setcontrol (target self))
672 (allow process-info-dirtycontrol (target self))
673 (allow process-info-rusage (target self))
674 (allow process-info-codesignature (target self))
675
676 (with-filter (apple-signed-executable?)
677     (mobile-preferences-read "com.apple.demo-settings"))
678
679 ;;;
680 ;;; End common.sb content
681 ;;;
682
683 (deny mach-lookup (xpc-service-name-prefix ""))
684 (deny iokit-get-properties (with partial-symbolication))
685 (deny lsopen)
686
687 ;;;
688 ;;; The following rules were originally contained in 'UIKit-apps.sb'. We are duplicating them here so we can
689 ;;; remove unneeded sandbox extensions.
690 ;;;
691
692 ;; Any app can play audio & movies.
693 (play-audio)
694 (play-media)
695
696 ;; Access to media controls
697 (media-remote)
698
699 (url-translation)
700
701 (mobile-preferences-read "com.apple.da")
702
703 (speech-synthesis-and-voiceover)
704
705 (allow mach-lookup (with report) (with telemetry)
706     (global-name "com.apple.audio.AudioComponentRegistrar"))
707
708 ;; Permit reading assets via MobileAsset framework.
709 (asset-access 'with-media-playback)
710
711 ;; allow 3rd party applications to access nsurlstoraged's top level domain data cache
712 (allow-well-known-system-group-container-literal-read
713     "/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
714
715 ;; Access the keyboards
716 (allow file-read*
717     (home-subpath "/Library/Caches/com.apple.keyboards"))
718
719 (mobile-preferences-read
720     "com.apple.EmojiPreferences"
721     ; <rdar://problem/8477596> com.apple.InputModePreferences
722     "com.apple.InputModePreferences"
723     ; <rdar://problem/8206632> Weather(1038) deny file-read-data ~/Library/Preferences/com.apple.keyboard.plist
724     "com.apple.keyboard"
725     ; <rdar://problem/9384085>
726     "com.apple.Preferences"
727     "com.apple.lookup.shared" ; Needed for DataDetector (Spotlight) support
728 )
729
730 ;; Silently deny unnecessary accesses caused by MessageUI framework.
731 ;; This can be removed once <rdar://problem/47038102> is resolved.
732 (deny file-read*
733     (home-literal "/Library/Preferences/com.apple.mobilemail.plist")
734     (with no-log))
735
736 ;; <rdar://problem/12985925> Need read access to /var/mobile/Library/Fonts to all apps
737 (allow file-read*
738     (home-subpath "/Library/Fonts"))
739
740 ;; <rdar://problem/7344719&26323449> LaunchServices app icons
741 (allow file-read*
742     (well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
743 (allow mach-lookup (with report) (with telemetry)
744     (xpc-service-name "com.apple.iconservices")
745     (global-name "com.apple.iconservices"))
746
747 (allow-preferences-common)
748
749 ;; Home Button
750 (with-filter (iokit-registry-entry-class "IOPlatformDevice")
751     (allow iokit-get-properties
752         (iokit-property "home-button-type")))
753
754 (uikit-requirements)
755
756 ;; <rdar://problem/9404009>
757 (mobile-preferences-read "kCFPreferencesAnyApplication")
758
759 (dictionary-support)
760
761 ; <rdar://problem/8440231>
762 (allow file-read*
763     (home-literal "/Library/Caches/DateFormats.plist"))
764 ; Silently deny writes when CFData attempts to write to the cache directory.
765 (deny file-write*
766     (home-literal "/Library/Caches/DateFormats.plist")
767     (with no-log))
768
769 (framebuffer-access)
770
771 ;; <rdar://problem/7822790>
772 (mobile-keybag-access)
773
774 ; <rdar://problem/7595408> , <rdar://problem/7643881>
775 (opengl)
776
777 ; CRCopyRestrictionsDictionary periodically tries to CFPreferencesAppSynchronize com.apple.springboard.plist
778 ; which will attempt to create the plist if it doesn't exist -- from any application.  Only SpringBoard is
779 ; allowed to write its plist; ignore all others, they don't know what they are doing.
780 ; See <rdar://problem/9375027> for sample backtraces.
781 (deny file-write*
782     (home-prefix "/Library/Preferences/com.apple.springboard.plist")
783     (with no-log))
784
785 ;; <rdar://problem/34986314>
786 (mobile-preferences-read "com.apple.indigo")
787
788 ;;;
789 ;;; End UIKit-apps.sb content
790 ;;;
791
792 (deny sysctl*)
793 (allow sysctl-read
794     (sysctl-name
795         "hw.activecpu" ;; Needed by JSC engine.
796         "hw.availcpu"
797         "hw.cachelinesize"
798         "hw.cpufamily" ;; <rdar://problem/58416475>
799         "hw.cputype"
800         "hw.l2cachesize"
801         "hw.logicalcpu"
802         "hw.logicalcpu_max"
803         "hw.ncpu"
804         "hw.machine"
805         "hw.memsize"
806         "hw.model"
807         "hw.pagesize_compat"
808         "hw.physicalcpu"
809         "hw.physicalcpu_max"
810         "kern.bootargs"
811         "kern.hostname"
812         "kern.memorystatus_level"
813         "kern.osproductversion"
814         "kern.osrelease"
815         "kern.osvariant_status"
816         "kern.secure_kernel" ;; Needed by XPC bundle resolution
817         "kern.version"
818         "vm.footprint_suspend")
819     (sysctl-name-regex #"^net.routetable") ;; <rdar://problem/57665153>
820 )
821
822 (allow iokit-get-properties
823     (iokit-property-regex #"^AAPL,(DisplayPipe|OpenCLdisabled|IOGraphics_LER(|_RegTag_1|_RegTag_0|_Busy_2)|alias-policy|boot-display|display-alias|mux-switch-state|ndrv-dev|primary-display|slot-name)")
824     (iokit-property "APTDevice")
825     (iokit-property "AVCSupported")
826     (iokit-property-regex #"^AppleJPEG(NumCores|Supports(AppleInterchangeFormats|MissingEOI|RSTLogging))")
827     (iokit-property "BaseAddressAlignmentRequirement")
828     (iokit-property-regex #"^DisplayPipe(PlaneBaseAlignment|StrideRequirements)")
829     (iokit-property "HEVCSupported")
830     (iokit-property-regex #"IOGVA(BGRAEnc|Codec|EncoderRestricted|Scaler)")
831     (iokit-property "IOClassNameOverride")
832     (iokit-property "IOPlatformUUID")
833     (iokit-property "IOSurfaceAcceleratorCapabilitiesDict")
834     (iokit-property "LGHSupported")
835     (iokit-property "Protocol Characteristics")
836     (iokit-property "als-colorCfg") ;; <rdar://problem/52903475>
837     (iokit-property "artwork-device-idiom") ;; <rdar://problem/49497720>
838     (iokit-property "artwork-device-subtype")
839     (iokit-property "artwork-display-gamut") ;; <rdar://problem/49497788>
840     (iokit-property "artwork-dynamic-displaymode") ;; <rdar://problem/49497720>
841     (iokit-property "artwork-scale-factor") ;; <rdar://problem/49497788>
842     (iokit-property-regex #"(canvas-height|canvas-width)")
843     (iokit-property "chip-id") ;; <rdar://problem/52903477>
844     (iokit-property "class-code")
845     (iokit-property "color-accuracy-index")
846     (iokit-property "compatible") ;; <rdar://problem/47523516>
847     (iokit-property "compatible-device-fallback") ;; <rdar://problem/49497720>
848     (iokit-property "device-colors") ;; <rdar://problem/51322072>
849     (iokit-property "device-id")
850     (iokit-property "device-perf-memory-class")
851     (iokit-property "display-corner-radius") ;; <rdar://problem/50602737>
852     (iokit-property "emu")
853     (iokit-property "graphics-featureset-class") ;; <rdar://problem/49497720>
854     (iokit-property "graphics-featureset-fallbacks") ;; <rdar://problem/51322072>
855     (iokit-property "hdcp-hoover-protocol")
856     (iokit-property "iommu-present")
857     (iokit-property "oled-display") ;; <rdar://problem/51322072>
858     (iokit-property "product-description") ;; <rdar://problem/49497788>
859     (iokit-property "product-id")
860     (iokit-property "region-info") ;; <rdar://problem/52903475>
861     (iokit-property "regulatory-model-number") ;; <rdar://problem/52903475>
862     (iokit-property "soc-generation") ;; <rdar://problem/52903476>
863     (iokit-property "software-behavior")
864     (iokit-property "vendor-id")
865     (iokit-property "udid-version") ;; <rdar://problem/52903475>
866     (iokit-property "ui-pip") ;; <rdar://problem/48867037>
867 )
868
869 ;; Read-only preferences and data
870 (mobile-preferences-read
871     "com.apple.LaunchServices"
872     "com.apple.WebFoundation"
873     "com.apple.avfoundation.frecents" ;; <rdar://problem/33137029>
874     "com.apple.avfoundation.videoperformancehud" ;; <rdar://problem/31594568>
875     "com.apple.voiceservices.logging")
876
877 ;; Sandbox extensions
878 (define (apply-read-and-issue-extension op path-filter)
879     (op file-read* path-filter)
880     (op file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read") path-filter)))
881 (define (apply-write-and-issue-extension op path-filter)
882     (op file-write* path-filter)
883     (op file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read-write") path-filter)))
884 (define (read-only-and-issue-extensions path-filter)
885     (apply-read-and-issue-extension allow path-filter))
886 (define (read-write-and-issue-extensions path-filter)
887     (apply-read-and-issue-extension allow path-filter)
888     (apply-write-and-issue-extension allow path-filter))
889 (read-only-and-issue-extensions (extension "com.apple.app-sandbox.read"))
890 (read-write-and-issue-extensions (extension "com.apple.app-sandbox.read-write"))
891
892 ;; Access to client's cache folder & re-vending to CFNetwork.
893 (allow file-issue-extension (require-all
894     (extension "com.apple.app-sandbox.read-write")
895     (extension-class "com.apple.nsurlstorage.extension-cache")))
896
897 (accessibility-support)
898
899 (media-accessibility-support)
900
901 ;; Remote Web Inspector
902 (allow mach-lookup
903        (global-name "com.apple.webinspector"))
904
905 ;; Various services required by CFNetwork and other frameworks
906 (allow mach-lookup
907     (global-name "com.apple.analyticsd"))
908
909 (allow mach-lookup (with report) (with telemetry)
910     (global-name "com.apple.PowerManagement.control"))
911
912 (deny file-write-create (vnode-type SYMLINK))
913 (deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))
914
915 ;; Allow loading injected bundles.
916 (allow file-map-executable)
917
918 ;; Allow ManagedPreference access
919 (allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
920
921 (allow file-read-data
922     (literal "/usr/local/lib/log") ; <rdar://problem/36629495>
923 )
924
925 (allow mach-lookup
926     (require-all
927         (extension "com.apple.webkit.extension.mach")
928         (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.nehelper" "com.apple.nesessionmanager.content-filter" "com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI" "com.apple.diagnosticd" "com.apple.lsd.open" "com.apple.mobileassetd" "com.apple.mobileassetd.v2" "com.apple.frontboard.systemappservices" "com.apple.iconservices")))
929
930 (allow mach-lookup
931     (require-all
932         (extension "com.apple.webkit.extension.mach")
933         (xpc-service-name-prefix "com.apple.AGXCompilerService")))
934
935 (media-capture-support)
936
937 ;; These services have been identified as unused during living-on.
938 ;; This list overrides some definitions above and in common.sb.
939 ;; FIXME: remove overridden rules once the final list has been
940 ;; established, see https://bugs.webkit.org/show_bug.cgi?id=193840
941 (deny mach-lookup
942     (global-name "com.apple.webkit.camera")
943 )
944
945 (when (defined? 'syscall-unix)
946     (deny syscall-unix (with send-signal SIGKILL))
947     (allow syscall-unix
948         (syscall-number SYS_exit)
949         (syscall-number SYS_read)
950         (syscall-number SYS_write)
951         (syscall-number SYS_open)
952         (syscall-number SYS_close)
953         (syscall-number SYS_unlink)
954         (syscall-number SYS_chmod)
955         (syscall-number SYS_getuid)
956         (syscall-number SYS_geteuid)
957         (syscall-number SYS_recvfrom)
958         (syscall-number SYS_getpeername)
959         (syscall-number SYS_access)
960         (syscall-number SYS_dup)
961         (syscall-number SYS_pipe)
962         (syscall-number SYS_getegid)
963         (syscall-number SYS_getgid)
964         (syscall-number SYS_sigprocmask)
965         (syscall-number SYS_sigaltstack)
966         (syscall-number SYS_ioctl)
967         (syscall-number SYS_readlink)
968         (syscall-number SYS_umask)
969         (syscall-number SYS_msync)
970         (syscall-number SYS_munmap)
971         (syscall-number SYS_mprotect)
972         (syscall-number SYS_madvise)
973         (syscall-number SYS_fcntl)
974         (syscall-number SYS_select)
975         (syscall-number SYS_fsync)
976         (syscall-number SYS_setpriority)
977         (syscall-number SYS_socket)
978         (syscall-number SYS_connect)
979         (syscall-number SYS_setsockopt)
980         (syscall-number SYS_gettimeofday)
981         (syscall-number SYS_getrusage)
982         (syscall-number SYS_getsockopt)
983         (syscall-number SYS_writev)
984         (syscall-number SYS_fchmod)
985         (syscall-number SYS_rename)
986         (syscall-number SYS_flock)
987         (syscall-number SYS_sendto)
988         (syscall-number SYS_shutdown)
989         (syscall-number SYS_socketpair)
990         (syscall-number SYS_mkdir)
991         (syscall-number SYS_rmdir)
992         (syscall-number SYS_pread)
993         (syscall-number SYS_pwrite)
994         (syscall-number SYS_csops)
995         (syscall-number SYS_csops_audittoken)
996         (syscall-number SYS_kdebug_trace64)
997         (syscall-number SYS_kdebug_trace)
998         (syscall-number SYS_sigreturn)
999         (syscall-number SYS_pathconf)
1000         (syscall-number SYS_getrlimit)
1001         (syscall-number SYS_setrlimit)
1002         (syscall-number SYS_mmap)
1003         (syscall-number SYS_lseek)
1004         (syscall-number SYS_ftruncate)
1005         (syscall-number SYS_sysctl)
1006         (syscall-number SYS_mlock)
1007         (syscall-number SYS_munlock)
1008         (syscall-number SYS_getattrlist)
1009         (syscall-number SYS_getxattr)
1010         (syscall-number SYS_fgetxattr)
1011         (syscall-number SYS_listxattr)
1012         (syscall-number SYS_shm_open)
1013         (syscall-number SYS_sem_wait)
1014         (syscall-number SYS_sem_post)
1015         (syscall-number SYS_sysctlbyname)
1016         (syscall-number SYS_psynch_mutexwait)
1017         (syscall-number SYS_psynch_mutexdrop)
1018         (syscall-number SYS_psynch_cvbroad)
1019         (syscall-number SYS_psynch_cvsignal)
1020         (syscall-number SYS_psynch_cvwait)
1021         (syscall-number SYS_psynch_rw_wrlock)
1022         (syscall-number SYS_psynch_rw_unlock)
1023         (syscall-number SYS_psynch_cvclrprepost)
1024         (syscall-number SYS_process_policy)
1025         (syscall-number SYS_issetugid)
1026         (syscall-number SYS___pthread_kill)
1027         (syscall-number SYS___pthread_markcancel)
1028         (syscall-number SYS___pthread_sigmask)
1029         (syscall-number SYS___disable_threadsignal)
1030         (syscall-number SYS___semwait_signal)
1031         (syscall-number SYS_proc_info)
1032         (syscall-number SYS_stat64)
1033         (syscall-number SYS_fstat64)
1034         (syscall-number SYS_lstat64)
1035         (syscall-number SYS_getdirentries64)
1036         (syscall-number SYS_statfs64)
1037         (syscall-number SYS_fstatfs64)
1038         (syscall-number SYS_getfsstat64)
1039         (syscall-number SYS_getaudit_addr)
1040         (syscall-number SYS_bsdthread_create)
1041         (syscall-number SYS_bsdthread_terminate)
1042         (syscall-number SYS_workq_kernreturn)
1043         (syscall-number SYS_thread_selfid)
1044         (syscall-number SYS_kevent_qos)
1045         (syscall-number SYS_kevent_id)
1046         (syscall-number SYS___mac_syscall)
1047         (syscall-number SYS_read_nocancel)
1048         (syscall-number SYS_write_nocancel)
1049         (syscall-number SYS_open_nocancel)
1050         (syscall-number SYS_close_nocancel)
1051         (syscall-number SYS_sendmsg_nocancel)
1052         (syscall-number SYS_recvfrom_nocancel)
1053         (syscall-number SYS_fcntl_nocancel)
1054         (syscall-number SYS_select_nocancel)
1055         (syscall-number SYS_connect_nocancel)
1056         (syscall-number SYS_sendto_nocancel)
1057         (syscall-number SYS_fsgetpath)
1058         (syscall-number SYS_fileport_makeport)
1059         (syscall-number SYS_guarded_open_np)
1060         (syscall-number SYS_guarded_close_np)
1061         (syscall-number SYS_change_fdguard_np)
1062         (syscall-number SYS_proc_rlimit_control)
1063         (syscall-number SYS_connectx)
1064         (syscall-number SYS_getattrlistbulk)
1065         (syscall-number SYS_openat)
1066         (syscall-number SYS_openat_nocancel)
1067         (syscall-number SYS_fstatat64)
1068         (syscall-number SYS_mkdirat)
1069         (syscall-number SYS_bsdthread_ctl)
1070         (syscall-number SYS_csrctl)
1071         (syscall-number SYS_guarded_pwrite_np)
1072         (syscall-number SYS_getentropy)
1073         (syscall-number SYS_necp_open)
1074         (syscall-number SYS_necp_client_action)
1075         (syscall-number SYS_ulock_wait)
1076         (syscall-number SYS_ulock_wake)
1077         (syscall-number SYS_kdebug_typefilter)
1078         (syscall-number SYS_shared_region_check_np)
1079         (syscall-number SYS_getpid)
1080         (syscall-number SYS_bsdthread_register)
1081         (syscall-number SYS_sigaction)
1082         (syscall-number SYS_gettid)
1083         (syscall-number SYS_workq_open)
1084         (syscall-number SYS_chdir)
1085         (syscall-number SYS_memorystatus_control)
1086         (syscall-number SYS_sem_open)
1087         (syscall-number SYS_sem_close)
1088         (syscall-number SYS_fsetattrlist)
1089         (syscall-number SYS_guarded_open_dprotected_np) ; <rdar://problem/48166729>
1090         (syscall-number SYS_mremap_encrypted)
1091         (syscall-number SYS_dup2)
1092         (syscall-number SYS_fileport_makefd)
1093         (syscall-number SYS_os_fault_with_payload)
1094         (syscall-number SYS_persona)
1095         (syscall-number SYS_work_interval_ctl)
1096         (syscall-number SYS_open_dprotected_np)
1097         (syscall-number SYS_pread_nocancel)
1098         (syscall-number SYS___semwait_signal_nocancel)
1099         (syscall-number SYS_kdebug_trace_string) ;; Needed for performance sampling, see <rdar://problem/48829655>.
1100         (syscall-number SYS_fgetattrlist) ;; <rdar://problem/50266257>
1101         (syscall-number SYS_fsetxattr) ;; <rdar://problem/49795964>
1102         (syscall-number SYS_abort_with_payload) ;; <rdar://problem/50967271>
1103         (syscall-number SYS_kqueue) ;; <rdar://problem/49609201>
1104         (syscall-number SYS_kqueue_workloop_ctl) ;; <rdar://problem/50999499>
1105         (syscall-number SYS_psynch_rw_rdlock) ;; <rdar://problem/51134351>
1106         (syscall-number SYS_faccessat) ;; <rdar://problem/56998930>
1107     )
1108 )