Unreviewed, rolling out r243008.
[WebKit-https.git] / Source / WebKit / Resources / SandboxProfiles / ios / com.apple.WebKit.WebContent.sb
1 ; Copyright (C) 2010-2019 Apple Inc. All rights reserved.
2 ;
3 ; Redistribution and use in source and binary forms, with or without
4 ; modification, are permitted provided that the following conditions
5 ; are met:
6 ; 1. Redistributions of source code must retain the above copyright
7 ; notice, this list of conditions and the following disclaimer.
8 ; 2. Redistributions in binary form must reproduce the above copyright
9 ; notice, this list of conditions and the following disclaimer in the
10 ; documentation and/or other materials provided with the distribution.
11 ;
12 ; THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
13 ; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
14 ; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15 ; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
16 ; BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
17 ; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
18 ; SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
19 ; INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
20 ; CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
21 ; ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
22 ; THE POSSIBILITY OF SUCH DAMAGE.
23
24 (version 1)
25 (deny default (with partial-symbolication))
26 (allow system-audit file-read-metadata)
27
28 (import "common.sb")
29
30 (deny mach-lookup (xpc-service-name-prefix ""))
31
32 (deny lsopen)
33
34 ;;;
35 ;;; The following rules were originally contained in 'UIKit-apps.sb'. We are duplicating them here so we can
36 ;;; remove unneeded sandbox extensions.
37 ;;;
38
39 ;;; <rdar://problem/29959382> Allow UIKit apps access to com.apple.TextInput.preferences mach service
40 (allow mach-lookup
41     (global-name "com.apple.TextInput.preferences"))
42
43 (allow mach-lookup
44     (xpc-service-name "com.apple.siri.context.service"))
45
46 (allow mach-lookup
47     (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
48     (global-name-regex #"^com\.apple\.uikit\.viewservice\..+"))
49
50 ;; Any app could use ubiquity.
51 (ubiquity-client)
52
53 ;; Any app can play audio & movies.
54 (play-audio)
55 (play-media)
56
57 ;; Access to media controls
58 (media-remote)
59
60 (url-translation)
61
62 ;; For <rdar://problem/20812377> All applications need to be able to access the com.apple.UIKit.KeyboardManagement running in backboardd
63 ;; renamed in <rdar://problem/20909914> Rename com.apple.UIKit.KeyboardManagement
64 (allow mach-lookup
65     (global-name "com.apple.UIKit.KeyboardManagement")
66     (global-name "com.apple.UIKit.KeyboardManagement.hosted"))
67
68 ;; TextInput framework
69 (allow mach-lookup
70     (global-name "com.apple.TextInput")
71     (global-name "com.apple.TextInput.emoji")
72     (global-name "com.apple.TextInput.image-cache-server")
73     (global-name "com.apple.TextInput.lexicon-server")
74     (global-name "com.apple.TextInput.rdt")
75     (global-name "com.apple.TextInput.shortcuts"))
76 (mobile-preferences-read "com.apple.da")
77
78 ;; Various Accessibility services.
79 (allow mach-lookup
80     (xpc-service-name "com.apple.accessibility.AccessibilityUIServer")) ; Needed for Zoom focus updates
81
82 ;; ZoomTouch
83 ;; <rdar://problem/11823957>
84 (allow mach-lookup
85     (global-name "com.apple.accessibility.AXBackBoardServer"))
86
87 ;; Speak Selection & VoiceOver
88 ;; <rdar://problem/12030530> AX: Sandbox violation with changing Language while VO is on
89 ;; and <rdar://problem/13071747>
90 (mobile-preferences-read
91     "com.apple.SpeakSelection" ; Needed for WebSpeech
92     "com.apple.VoiceOverTouch" ; Needed for non-US english language synthesis
93     "com.apple.voiceservices") ; Ditto
94
95 (allow mach-lookup
96     (global-name "com.apple.audio.AudioComponentPrefs")
97     (global-name "com.apple.audio.AudioComponentRegistrar")
98     (global-name "com.apple.audio.AudioQueueServer"))
99
100 (allow mach-register
101     (local-name "com.apple.iphone.axserver")) ; Needed for Application Accessibility
102
103 ;; <rdar://problem/14555119> Access to high quality speech voices
104 ;; Needed for WebSpeech
105 (allow file-read*
106     (home-subpath "/Library/VoiceServices/Assets")
107     (home-subpath "/Library/Assets/com_apple_MobileAsset_VoiceServicesVocalizerVoice"))
108
109 ;; HearingAidSupport
110 (allow mach-lookup
111     (xpc-service-name "com.apple.accessibility.heard"))
112
113 ;; MediaAccessibility (captions)
114 ;; <rdar://problem/12801477>
115 (mobile-preferences-read "com.apple.mediaaccessibility")
116 (allow mach-lookup (global-name "com.apple.accessibility.mediaaccessibilityd"))
117
118 ;; Permit reading assets via MobileAsset framework.
119 (asset-access 'with-media-playback)
120
121 ;; Network Extensions / VPN helper.
122 (allow mach-lookup
123     (global-name "com.apple.nehelper")
124     (global-name "com.apple.nesessionmanager.content-filter") ;; <rdar://problem/48442387>
125     (global-name "com.apple.nesessionmanager"))
126
127 ;; allow 3rd party applications to access nsurlstoraged's top level domain data cache
128 (allow-well-known-system-group-container-literal-read
129     "/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
130
131 ;; Access the keyboards
132 (allow file-read*
133     (home-subpath "/Library/Caches/com.apple.keyboards"))
134
135 ;; NSExtension helper for supplying information not provided by PlugInKit
136 (allow mach-lookup
137     (xpc-service-name "com.apple.uifoundation-bundle-helper"))
138
139 ;; <rdar://problem/19525887>
140 (allow mach-lookup (xpc-service-name-regex #"\.apple-extension-service$"))
141 ;; <rdar://problem/31252371>
142 (allow mach-lookup (xpc-service-name-regex #"\.viewservice$"))
143
144 ;; Power logging
145 (allow mach-lookup
146     (global-name "com.apple.powerlog.plxpclogger.xpc")) ;;  <rdar://problem/36442803>
147
148 (mobile-preferences-read
149     "com.apple.EmojiPreferences"
150     ; <rdar://problem/8477596> com.apple.InputModePreferences
151     "com.apple.InputModePreferences"
152     ; <rdar://problem/8206632> Weather(1038) deny file-read-data ~/Library/Preferences/com.apple.keyboard.plist
153     "com.apple.keyboard"
154     ; <rdar://problem/9384085>
155     "com.apple.Preferences"
156     "com.apple.lookup.shared" ; Needed for DataDetector (Spotlight) support
157 )
158
159 ;; Silently deny unnecessary accesses caused by MessageUI framework.
160 ;; This can be removed once <rdar://problem/47038102> is resolved.
161 (deny file-read*
162     (home-literal "/Library/Preferences/com.apple.mobilemail.plist")
163     (with no-log))
164
165 ;; <rdar://problem/12985925> Need read access to /var/mobile/Library/Fonts to all apps
166 (allow file-read*
167     (home-subpath "/Library/Fonts"))
168
169 ;; <rdar://problem/7344719&26323449> LaunchServices app icons
170 (allow file-read*
171     (well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
172 (allow mach-lookup
173     (xpc-service-name "com.apple.lsdiconservice") ;; Remove this line after <rdar://problem/47151295> is fixed.
174     (xpc-service-name "com.apple.iconservices")
175     (global-name "com.apple.iconservices"))
176
177 ;; Common mach services needed by UIKit.
178 (allow mach-lookup
179     (global-name "com.apple.CARenderServer")
180     (global-name "com.apple.KeyboardServices.TextReplacementService")
181     (global-name "com.apple.assertiond.applicationstateconnection")
182     (global-name "com.apple.assertiond.expiration")
183     (global-name "com.apple.assertiond.processinfoservice")
184     (global-name "com.apple.audio.SystemSoundServer-iOS")
185     (global-name "com.apple.backboard.TouchDeliveryPolicyServer")
186     (global-name "com.apple.backboard.animation-fence-arbiter")
187     (global-name "com.apple.backboard.display.services")
188     (global-name "com.apple.backboard.hid.focus")
189     (global-name "com.apple.backboard.hid.services")
190     (global-name "com.apple.iohideventsystem")
191     (global-name "com.apple.iphone.axserver-systemwide")
192     (global-name "com.apple.frontboard.workspace")
193     (global-name "com.apple.frontboard.systemappservices"))
194
195 ;; <rdar://problem/47268166>
196 (allow mach-lookup (xpc-service-name "com.apple.MTLCompilerService"))
197
198 (allow-preferences-common)
199
200 ;; CoreMotion
201 (mobile-preferences-read "com.apple.CoreMotion")
202
203 ;; CoreMotion’s deviceMotion API
204 (with-filter
205     (require-any
206         (iokit-registry-entry-class "AppleOscarNub")
207         (iokit-registry-entry-class "AppleSPUHIDInterface"))
208     (allow iokit-get-properties
209         (iokit-property "gyro-interrupt-calibration")))
210 (with-filter
211     (iokit-registry-entry-class "IOHIDEventServiceFastPathUserClient")
212     (allow iokit-open)
213     (allow iokit-get-properties iokit-set-properties
214         (iokit-property "interval"
215                         "mode"
216                         "QueueSize"
217                         "useMag"))
218     (allow iokit-get-properties
219         (iokit-property "client")))
220
221 ;; Home Button
222 (with-filter (iokit-registry-entry-class "IOPlatformDevice")
223     (allow iokit-get-properties
224         (iokit-property "home-button-type")))
225
226 ;; Common preferences read by UIKit.
227 (mobile-preferences-read "com.apple.Accessibility"
228     "com.apple.UIKit"
229     "com.apple.WebUI"
230     "com.apple.airplay"
231     "com.apple.avkit"
232     "com.apple.coreanimation"
233     "com.apple.mt"
234     "com.apple.preferences.sounds")
235
236 ;; Silence sandbox violations from apps trying to create the empty plist if it doesn't exist.
237 ;; <rdar://problem/13796537>
238 (deny file-write-create
239     (home-prefix "/Library/Preferences/com.apple.UIKit.plist")
240     (with no-report))
241
242 ;; <rdar://problem/10809394>
243 (deny file-write-create
244     (home-prefix "/Library/Preferences/com.apple.Accessibility.plist")
245     (with no-report))
246
247 ;; <rdar://problem/9404009>
248 (mobile-preferences-read "kCFPreferencesAnyApplication")
249
250 ;; <rdar://problem/12250145>
251 (mobile-preferences-read "com.apple.mediaaccessibility")
252
253 ; Dictionary Services used by UITextFields.
254 ; <rdar://problem/9386926>
255 (allow-create-directory
256     (home-literal "/Library/Caches/com.apple.DictionaryServices"))
257
258 ; <rdar://problem/8548856> Sub-TLF: Sandbox change for apps for read-only access to the dictionary directory/data
259 (allow file-read*
260     ; XXX - /Library ought to be allowed in all UI profiles but isn't (CF, MobileSafari)
261     (subpath "/Library/Dictionaries")
262     (home-subpath "/Library/Dictionaries"))
263
264 ; <rdar://problem/8440231>
265 (allow file-read*
266     (home-literal "/Library/Caches/DateFormats.plist"))
267 ; Silently deny writes when CFData attempts to write to the cache directory.
268 (deny file-write*
269     (home-literal "/Library/Caches/DateFormats.plist")
270     (with no-log))
271
272 ; UIKit-required IOKit nodes.
273 (allow iokit-open
274     (iokit-user-client-class "AppleJPEGDriverUserClient")
275     (iokit-user-client-class "IOSurfaceAcceleratorClient")
276     (iokit-user-client-class "IOSurfaceSendRight")
277     ;; Requires by UIView -> UITextMagnifierRenderer -> UIWindow
278     (iokit-user-client-class "IOSurfaceRootUserClient"))
279
280 (framebuffer-access)
281
282 ;; <rdar://problem/7822790>
283 (mobile-keybag-access)
284
285 ; <rdar://problem/7595408> , <rdar://problem/7643881>
286 (opengl)
287
288 (location-services)
289
290 ; CRCopyRestrictionsDictionary periodically tries to CFPreferencesAppSynchronize com.apple.springboard.plist
291 ; which will attempt to create the plist if it doesn't exist -- from any application.  Only SpringBoard is
292 ; allowed to write its plist; ignore all others, they don't know what they are doing.
293 ; See <rdar://problem/9375027> for sample backtraces.
294 (deny file-write*
295     (home-prefix "/Library/Preferences/com.apple.springboard.plist")
296     (with no-log))
297
298 ;; <rdar://problem/34092690>
299 (allow mach-lookup
300     (xpc-service-name "com.apple.avkit.SharedPreferences"))
301
302 ;; <rdar://problem/34986314>
303 (mobile-preferences-read "com.apple.indigo")
304
305 ;; <rdar://problem/35417382>, <rdar://problem/35518557>
306 (allow mach-lookup
307     (global-name "com.apple.corespotlightservice"))
308
309 ;; <rdar://problem/35446577>
310 (allow mach-lookup
311     (global-name "com.apple.coremedia.endpointplaybacksession.xpc"))
312
313 ;; <rdar://problem/35509194>
314 (allow mach-lookup
315     (global-name "com.apple.coremedia.endpointremotecontrolsession.xpc"))
316
317 ;;;
318 ;;; End UIKit-apps.sb content
319 ;;;
320
321 (deny sysctl*)
322 (allow sysctl-read
323     (sysctl-name
324         "hw.availcpu"
325         "hw.ncpu"
326         "hw.model"
327         "kern.memorystatus_level"
328         "vm.footprint_suspend"))
329
330 (deny iokit-get-properties (with partial-symbolication))
331 (allow iokit-get-properties
332     (iokit-property-regex #"^AAPL,(DisplayPipe|OpenCLdisabled|IOGraphics_LER(|_RegTag_1|_RegTag_0|_Busy_2)|alias-policy|boot-display|display-alias|mux-switch-state|ndrv-dev|primary-display|slot-name)")
333     (iokit-property "APTDevice")
334     (iokit-property "AVCSupported")
335     (iokit-property-regex #"^AppleJPEG(NumCores|Supports(AppleInterchangeFormats|MissingEOI|RSTLogging))")
336     (iokit-property "BaseAddressAlignmentRequirement")
337     (iokit-property-regex #"^DisplayPipe(PlaneBaseAlignment|StrideRequirements)")
338     (iokit-property "HEVCSupported")
339     (iokit-property-regex #"^IOGL(|ES(|Metal))BundleName")
340     (iokit-property "IOGLESDefaultUseMetal")
341     (iokit-property-regex #"IOGVA(BGRAEnc|Codec|EncoderRestricted|Scaler)")
342     (iokit-property "IOClassNameOverride")
343     (iokit-property "IOPlatformUUID")
344     (iokit-property "IOSurfaceAcceleratorCapabilitiesDict")
345     (iokit-property-regex #"^MetalPlugin(Name|ClassName)")
346     (iokit-property "Protocol Characteristics")
347     (iokit-property "artwork-device-subtype")
348     (iokit-property-regex #"(canvas-height|canvas-width)")
349     (iokit-property "class-code")
350     (iokit-property "color-accuracy-index")
351     (iokit-property "device-id")
352     (iokit-property "device-perf-memory-class")
353     (iokit-property "emu")
354     (iokit-property "hdcp-hoover-protocol")
355     (iokit-property "iommu-present")
356     (iokit-property "product-id")
357     (iokit-property "software-behavior")
358     (iokit-property "vendor-id")
359 )
360
361 ;; Read-only preferences and data
362 (mobile-preferences-read
363     "com.apple.LaunchServices"
364     "com.apple.WebFoundation"
365     "com.apple.mobileipod"
366     "com.apple.avfoundation.frecents" ;; <rdar://problem/33137029>
367     "com.apple.avfoundation.videoperformancehud" ;; <rdar://problem/31594568>
368     "com.apple.voiceservices.logging")
369
370 ;; Sandbox extensions
371 (define (apply-read-and-issue-extension op path-filter)
372     (op file-read* path-filter)
373     (op file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read") path-filter)))
374 (define (apply-write-and-issue-extension op path-filter)
375     (op file-write* path-filter)
376     (op file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read-write") path-filter)))
377 (define (read-only-and-issue-extensions path-filter)
378     (apply-read-and-issue-extension allow path-filter))
379 (define (read-write-and-issue-extensions path-filter)
380     (apply-read-and-issue-extension allow path-filter)
381     (apply-write-and-issue-extension allow path-filter))
382 (read-only-and-issue-extensions (extension "com.apple.app-sandbox.read"))
383 (read-write-and-issue-extensions (extension "com.apple.app-sandbox.read-write"))
384
385 ;; Access to client's cache folder & re-vending to CFNetwork.
386 ;; FIXME: Remove the webkti specific extension classes <rdar://problem/17755931>
387 (allow file-issue-extension (require-all
388     (extension "com.apple.app-sandbox.read-write")
389     (extension-class "com.apple.nsurlstorage.extension-cache")))
390
391 ;; MediaAccessibility
392 (mobile-preferences-read "com.apple.mediaaccessibility")
393 (mobile-preferences-read-write "com.apple.mediaaccessibility.public")
394
395 ;; Remote Web Inspector
396 (allow mach-lookup
397        (global-name "com.apple.webinspector"))
398
399 ;; Various services required by CFNetwork and other frameworks
400 (allow mach-lookup
401     (global-name "com.apple.PowerManagement.control")
402     (global-name "com.apple.accountsd.accountmanager")
403     (global-name "com.apple.analyticsd")
404     (global-name "com.apple.coremedia.audiodeviceclock"))
405
406 (deny file-write-create (vnode-type SYMLINK))
407 (deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))
408
409 ;; Allow loading injected bundles.
410 (allow file-map-executable)
411
412 ;; AWD logging
413 (awd-log-directory "com.apple.WebKit.WebContent")
414
415 ;; Allow ManagedPreference access
416 (allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
417
418 (allow file-read-data
419     (literal "/usr/local/lib/log") ; <rdar://problem/36629495>
420 )
421
422 ;; Allow mediaserverd to issue file extensions for the purposes of reading media
423 (allow file-issue-extension (require-all
424     (extension "com.apple.app-sandbox.read")
425     (extension-class "com.apple.mediaserverd.read")))
426
427 ;; Allow CoreMedia to communicate with mediaserverd in order to implement custom media loading
428 (allow mach-lookup
429     (global-name "com.apple.coremedia.customurlloader.xpc"))
430
431 ;; Media capture, microphone access
432 (with-filter (extension "com.apple.webkit.microphone")
433     (allow device-microphone))
434
435 ;; Media capture, camera access
436 (with-filter (extension "com.apple.webkit.camera")
437     (allow user-preference-read
438         (preference-domain "com.apple.coremedia"))
439     (allow file-read* (subpath "/Library/CoreMediaIO/Plug-Ins/DAL"))
440     (allow mach-lookup (extension "com.apple.app-sandbox.mach"))
441     (allow device-camera))
442
443 ;; Support incoming video connections
444 (allow mach-lookup
445     (global-name "com.apple.audio.audiohald")
446     (global-name "com.apple.coremedia.compressionsession")
447     (global-name "com.apple.coremedia.decompressionsession")
448     (global-name "com.apple.coremedia.videoqueue"))
449
450 ;; FIXME: remove the send-signal when this rule is no longer generating crashes.
451 (deny mach-lookup (with send-signal SIGKILL)
452     (global-name "com.apple.backboard.hid.services"))
453
454 ;; These services have been identified as unused during living-on.
455 ;; This list overrides some definitions above and in common.sb.
456 ;; FIXME: remove overridden rules once the final list has been
457 ;; established, see https://bugs.webkit.org/show_bug.cgi?id=193840
458 (deny mach-lookup
459     (global-name "com.apple.AGXCompilerService")
460     (global-name "com.apple.CoreAuthentication.daemon.libxpc")
461     (global-name "com.apple.FileCoordination")
462     (global-name "com.apple.FileProvider")
463     (global-name "com.apple.Honeybee.event-notify")
464     (global-name "com.apple.KeyboardServices.TextReplacementService")
465     (global-name "com.apple.MediaPlayer.RemotePlayerService")
466     (global-name "com.apple.ReportCrash.SimulateCrash")
467     (global-name "com.apple.TextInput.emoji")
468     (global-name "com.apple.TextInput.image-cache-server")
469     (global-name "com.apple.TextInput.lexicon-server")
470     (global-name "com.apple.TextInput.preferences")
471     (global-name "com.apple.TextInput.rdt")
472     (global-name "com.apple.TextInput.shortcuts")
473     (global-name "com.apple.UIKit.KeyboardManagement")
474     (global-name "com.apple.UIKit.KeyboardManagement.hosted")
475     (global-name "com.apple.accessibility.AXBackBoardServer")
476     (global-name "com.apple.accessibility.AccessibilityUIServer")
477     (global-name "com.apple.accessibility.heard")
478     (global-name "com.apple.accountsd.accountmanager")
479     (global-name "com.apple.app-sandbox.mach")
480     (global-name "com.apple.appsupport.cplogd")
481     (global-name "com.apple.assertiond.applicationstateconnection")
482     (global-name "com.apple.assertiond.expiration")
483     (global-name "com.apple.assertiond.processassertionconnection")
484     (global-name "com.apple.assertiond.processinfoservice")
485     (global-name "com.apple.audio.AudioComponentPrefs")
486     (global-name "com.apple.audio.AudioQueueServer")
487     (global-name "com.apple.audio.SystemSoundServer-iOS")
488     (global-name "com.apple.audio.audiohald")
489     (global-name "com.apple.audio.reporting.xpc")
490     (global-name "com.apple.avkit.SharedPreferences")
491     (global-name "com.apple.backboard.TouchDeliveryPolicyServer")
492     (global-name "com.apple.backboard.animation-fence-arbiter")
493     (global-name "com.apple.backboard.display.services")
494     (global-name "com.apple.backboard.hid.focus")
495     (global-name "com.apple.bird")
496     (global-name "com.apple.bird.token")
497     (global-name "com.apple.cfprefsd.agent")
498     (global-name "com.apple.containermanagerd")
499     (global-name "com.apple.coremedia.assetcacheinspector")
500     (global-name "com.apple.coremedia.audiodeviceclock")
501     (global-name "com.apple.coremedia.audioprocessingtap.xpc")
502     (global-name "com.apple.coremedia.endpointplaybacksession.xpc")
503     (global-name "com.apple.coremedia.endpointremotecontrolsession.xpc")
504     (global-name "com.apple.coremedia.sandboxserver")
505     (global-name "com.apple.coremedia.videocompositor")
506     (global-name "com.apple.coremedia.visualcontext.xpc")
507     (global-name "com.apple.coreservices.lsuseractivitymanager.xpc")
508     (global-name "com.apple.corespotlightservice")
509     (global-name "com.apple.ctkd.token-client")
510     (global-name "com.apple.cvmsServ")
511     (global-name "com.apple.duetknowledged.activity")
512     (global-name "com.apple.dyld.closured")
513     (global-name "com.apple.frontboard.workspace")
514     (global-name "com.apple.gpumemd.source")
515     (global-name "com.apple.hangtracerd")
516     (global-name "com.apple.itunescloudd.xpc")
517     (global-name "com.apple.itunesstored.xpc")
518     (global-name "com.apple.librariand")
519     (global-name "com.apple.locationd.spi")
520     (global-name "com.apple.locationd.synchronous")
521     (global-name "com.apple.lsd")
522     (global-name "com.apple.lsd.advertisingidentifiers")
523     (global-name "com.apple.lsd.icons")
524     (global-name "com.apple.lsd.openurl")
525     (global-name "com.apple.lsdiconservice")
526     (global-name "com.apple.managedconfiguration.profiled.public")
527     (global-name "com.apple.marco")
528     (global-name "com.apple.mediaserverd")
529     (global-name "com.apple.mobile.usermanagerd.xpc")
530     (global-name "com.apple.nesessionmanager")
531     (global-name "com.apple.pegasus")
532     (global-name "com.apple.pluginkit.pkd")
533     (global-name "com.apple.pluginkit.plugin-service")
534     (global-name "com.apple.quicklook.ThumbnailsAgent")
535     (global-name "com.apple.revisiond")
536     (global-name "com.apple.siri.context.service")
537     (global-name "com.apple.springboard.backgroundappservices")
538     (global-name "com.apple.system.libinfo.muser")
539     (global-name "com.apple.uifoundation-bundle-helper")
540     (global-name "com.apple.webkit.camera")
541 )
542
543 (when (defined? 'syscall-unix)
544     (deny syscall-unix (with send-signal SIGKILL))
545     (allow syscall-unix
546         (syscall-number SYS_exit)
547         (syscall-number SYS_read)
548         (syscall-number SYS_write)
549         (syscall-number SYS_open)
550         (syscall-number SYS_close)
551         (syscall-number SYS_unlink)
552         (syscall-number SYS_chmod)
553         (syscall-number SYS_getuid)
554         (syscall-number SYS_geteuid)
555         (syscall-number SYS_recvfrom)
556         (syscall-number SYS_getpeername)
557         (syscall-number SYS_access)
558         (syscall-number SYS_dup)
559         (syscall-number SYS_pipe)
560         (syscall-number SYS_getegid)
561         (syscall-number SYS_getgid)
562         (syscall-number SYS_sigprocmask)
563         (syscall-number SYS_sigaltstack)
564         (syscall-number SYS_ioctl)
565         (syscall-number SYS_readlink)
566         (syscall-number SYS_umask)
567         (syscall-number SYS_msync)
568         (syscall-number SYS_munmap)
569         (syscall-number SYS_mprotect)
570         (syscall-number SYS_madvise)
571         (syscall-number SYS_fcntl)
572         (syscall-number SYS_select)
573         (syscall-number SYS_fsync)
574         (syscall-number SYS_setpriority)
575         (syscall-number SYS_socket)
576         (syscall-number SYS_connect)
577         (syscall-number SYS_setsockopt)
578         (syscall-number SYS_gettimeofday)
579         (syscall-number SYS_getrusage)
580         (syscall-number SYS_getsockopt)
581         (syscall-number SYS_writev)
582         (syscall-number SYS_fchmod)
583         (syscall-number SYS_rename)
584         (syscall-number SYS_flock)
585         (syscall-number SYS_sendto)
586         (syscall-number SYS_shutdown)
587         (syscall-number SYS_socketpair)
588         (syscall-number SYS_mkdir)
589         (syscall-number SYS_rmdir)
590         (syscall-number SYS_pread)
591         (syscall-number SYS_pwrite)
592         (syscall-number SYS_csops)
593         (syscall-number SYS_csops_audittoken)
594         (syscall-number SYS_kdebug_trace64)
595         (syscall-number SYS_kdebug_trace)
596         (syscall-number SYS_sigreturn)
597         (syscall-number SYS_pathconf)
598         (syscall-number SYS_getrlimit)
599         (syscall-number SYS_setrlimit)
600         (syscall-number SYS_mmap)
601         (syscall-number SYS_lseek)
602         (syscall-number SYS_ftruncate)
603         (syscall-number SYS_sysctl)
604         (syscall-number SYS_mlock)
605         (syscall-number SYS_munlock)
606         (syscall-number SYS_getattrlist)
607         (syscall-number SYS_getxattr)
608         (syscall-number SYS_fgetxattr)
609         (syscall-number SYS_listxattr)
610         (syscall-number SYS_shm_open)
611         (syscall-number SYS_sem_wait)
612         (syscall-number SYS_sem_post)
613         (syscall-number SYS_sysctlbyname)
614         (syscall-number SYS_psynch_mutexwait)
615         (syscall-number SYS_psynch_mutexdrop)
616         (syscall-number SYS_psynch_cvbroad)
617         (syscall-number SYS_psynch_cvsignal)
618         (syscall-number SYS_psynch_cvwait)
619         (syscall-number SYS_psynch_rw_wrlock)
620         (syscall-number SYS_psynch_rw_unlock)
621         (syscall-number SYS_psynch_cvclrprepost)
622         (syscall-number SYS_process_policy)
623         (syscall-number SYS_issetugid)
624         (syscall-number SYS___pthread_kill)
625         (syscall-number SYS___pthread_sigmask)
626         (syscall-number SYS___disable_threadsignal)
627         (syscall-number SYS___semwait_signal)
628         (syscall-number SYS_proc_info)
629         (syscall-number SYS_stat64)
630         (syscall-number SYS_fstat64)
631         (syscall-number SYS_lstat64)
632         (syscall-number SYS_getdirentries64)
633         (syscall-number SYS_statfs64)
634         (syscall-number SYS_fstatfs64)
635         (syscall-number SYS_getfsstat64)
636         (syscall-number SYS_getaudit_addr)
637         (syscall-number SYS_bsdthread_create)
638         (syscall-number SYS_bsdthread_terminate)
639         (syscall-number SYS_workq_kernreturn)
640         (syscall-number SYS_thread_selfid)
641         (syscall-number SYS_kevent_qos)
642         (syscall-number SYS_kevent_id)
643         (syscall-number SYS___mac_syscall)
644         (syscall-number SYS_read_nocancel)
645         (syscall-number SYS_write_nocancel)
646         (syscall-number SYS_open_nocancel)
647         (syscall-number SYS_close_nocancel)
648         (syscall-number SYS_sendmsg_nocancel)
649         (syscall-number SYS_recvfrom_nocancel)
650         (syscall-number SYS_fcntl_nocancel)
651         (syscall-number SYS_select_nocancel)
652         (syscall-number SYS_connect_nocancel)
653         (syscall-number SYS_sendto_nocancel)
654         (syscall-number SYS_fsgetpath)
655         (syscall-number SYS_fileport_makeport)
656         (syscall-number SYS_guarded_open_np)
657         (syscall-number SYS_guarded_close_np)
658         (syscall-number SYS_change_fdguard_np)
659         (syscall-number SYS_proc_rlimit_control)
660         (syscall-number SYS_connectx)
661         (syscall-number SYS_getattrlistbulk)
662         (syscall-number SYS_openat)
663         (syscall-number SYS_openat_nocancel)
664         (syscall-number SYS_fstatat64)
665         (syscall-number SYS_mkdirat)
666         (syscall-number SYS_bsdthread_ctl)
667         (syscall-number SYS_csrctl)
668         (syscall-number SYS_guarded_pwrite_np)
669         (syscall-number SYS_getentropy)
670         (syscall-number SYS_necp_open)
671         (syscall-number SYS_necp_client_action)
672         (syscall-number SYS_ulock_wait)
673         (syscall-number SYS_ulock_wake)
674         (syscall-number SYS_kdebug_typefilter)
675         (syscall-number SYS_shared_region_check_np)
676         (syscall-number SYS_getpid)
677         (syscall-number SYS_bsdthread_register)
678         (syscall-number SYS_sigaction)
679         (syscall-number SYS_gettid)
680         (syscall-number SYS_workq_open)
681         (syscall-number SYS_chdir)
682         (syscall-number SYS_memorystatus_control)
683         (syscall-number SYS_sem_open)
684         (syscall-number SYS_sem_close)
685         (syscall-number SYS_fsetattrlist)
686         (syscall-number SYS_guarded_open_dprotected_np) ; <rdar://problem/48166729>
687         (syscall-number SYS_mremap_encrypted)
688         (syscall-number SYS_dup2)
689         (syscall-number SYS_fileport_makefd)
690         (syscall-number SYS_os_fault_with_payload)
691         (syscall-number SYS_persona)
692         (syscall-number SYS_work_interval_ctl)
693         (syscall-number SYS_open_dprotected_np)
694         (syscall-number SYS_pread_nocancel)
695         (syscall-number SYS___semwait_signal_nocancel)
696     )
697 )