[iOS] Don't import 'UIKit-apps.sb' to the WebContent process sandbox
[WebKit-https.git] / Source / WebKit / Resources / SandboxProfiles / ios / com.apple.WebKit.WebContent.sb
1 ; Copyright (C) 2010-2017 Apple Inc. All rights reserved.
2 ;
3 ; Redistribution and use in source and binary forms, with or without
4 ; modification, are permitted provided that the following conditions
5 ; are met:
6 ; 1. Redistributions of source code must retain the above copyright
7 ; notice, this list of conditions and the following disclaimer.
8 ; 2. Redistributions in binary form must reproduce the above copyright
9 ; notice, this list of conditions and the following disclaimer in the
10 ; documentation and/or other materials provided with the distribution.
11 ;
12 ; THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
13 ; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
14 ; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15 ; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
16 ; BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
17 ; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
18 ; SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
19 ; INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
20 ; CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
21 ; ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
22 ; THE POSSIBILITY OF SUCH DAMAGE.
23
24 (version 1)
25 (deny default (with partial-symbolication))
26 (allow system-audit file-read-metadata)
27
28 (deny mach-lookup (xpc-service-name-prefix ""))
29
30 (import "common.sb")
31
32 ;;;
33 ;;; The following rules were originally contained in 'UIKit-apps.sb'. We are duplicating them here so we can
34 ;;; remove unneeded sandbox extensions.
35 ;;;
36
37 ;;;
38 ;;; Declare that the process hosts UI provided by another process.
39 ;;; (This could potentially be any application; see <rdar://problem/11034833> and
40 ;;;  <rdar://problem/11330224> for details)
41 ;;;
42 (define-once (remote-view-client)
43     (allow mach-lookup
44         (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
45         (global-name-regex #"^com\.apple\.uikit\.viewservice\..+")))
46
47 ;;;
48 ;;; Declare that the process serves UI that can be remotely-hosted by another process.
49 ;;;
50 (define-once (remote-view-service)
51     ;; RemoteViewServices need to lookup their own accessility service in order to send
52     ;; the mach port to the hosting app.
53     (allow mach-lookup
54         (local-name "com.apple.iphone.axserver"))
55     ;; RemoteViewServices need to lookup the bundle identifier of the application hosting
56     ;; their views (see <rdar://problem/11780984>).
57     (allow mach-lookup
58         (global-name "com.apple.springboard.backgroundappservices")))
59
60 (define (uikit-app . rest)
61     ;;; <rdar://problem/29959382> Allow UIKit apps access to com.apple.TextInput.preferences mach service
62     (allow mach-lookup
63         (global-name "com.apple.TextInput.preferences"))
64
65     (allow mach-lookup
66         (xpc-service-name "com.apple.siri.context.service"))
67
68     ;; Any UI could be remote-hosted.
69     (remote-view-client)
70
71     ;; Any app could use ubiquity.
72     (ubiquity-client)
73
74     ;; Any app can play audio & movies.
75     (play-audio)
76     (play-media)
77
78     ;; Any app can use ProgressKit
79     (progresskit-client)
80
81     (url-translation)
82
83     ;; For <rdar://problem/20812377> All applications need to be able to access the com.apple.UIKit.KeyboardManagement running in backboardd
84     ;; renamed in <rdar://problem/20909914> Rename com.apple.UIKit.KeyboardManagement
85     (allow mach-lookup
86         (global-name "com.apple.UIKit.KeyboardManagement")
87         (global-name "com.apple.UIKit.KeyboardManagement.hosted"))
88
89     ;; For <rdar://problem/23469318> Allow UIKit-based apps to access com.apple.remote-text-editing mach service
90     ;; and <rdar://problem/23579008> REM: Allow UIKit-based apps to access com.apple.remote-input-limiting mach service
91     (when tv?
92         (allow mach-lookup
93             (global-name "com.apple.remote-input-limiting")
94             (global-name "com.apple.remote-text-editing")
95             (global-name "com.apple.remote-text-editing-legacy")
96             (global-name "com.apple.sharing.remote-text-editing")))
97
98     ;; For ApplicationScripting
99     ;; <rdar://problem/12778546> ASProcessScriptEvent fails to obtain port for event return
100     (allow mach-lookup
101         (global-name "ScripterServer"))
102
103     ;; TextInput framework
104     (allow mach-lookup
105         (global-name "com.apple.TextInput")
106         (global-name "com.apple.TextInput.emoji")
107         (global-name "com.apple.TextInput.image-cache-server")
108         (global-name "com.apple.TextInput.lexicon-server")
109         (global-name "com.apple.TextInput.rdt")
110         (global-name "com.apple.TextInput.shortcuts"))
111     (mobile-preferences-read "com.apple.da")
112
113     ;; Various Accessibility services.
114     (allow mach-lookup
115         (xpc-service-name "com.apple.accessibility.AccessibilityUIServer"))
116
117     ;; Guided Access support (<rdar://problem/11683460>).
118     (allow mach-lookup
119         (global-name "com.apple.accessibility.gax.backboard"))
120     (allow mach-register
121         (local-name "com.apple.accessibility.gax.client"))
122
123     ;; AssistiveTouch
124     ;; <rdar://problem/11800071> sandbox error for remote message services when AssistiveTouch is running
125     (allow mach-lookup
126         (global-name "UIASTNotificationCenter"))
127
128     ;; ZoomTouch
129     ;; <rdar://problem/11823957>
130     (allow mach-lookup
131         (global-name "com.apple.accessibility.AXBackBoardServer"))
132
133     ;; Speak Selection & VoiceOver
134     ;; <rdar://problem/12030530> AX: Sandbox violation with changing Language while VO is on
135     ;; and <rdar://problem/13071747>
136     (mobile-preferences-read
137         "com.apple.SpeakSelection"
138         "com.apple.VoiceOverTouch"
139         "com.apple.voiceservices")
140     (allow mach-lookup
141         (global-name "com.apple.audio.AudioComponentPrefs")
142         (global-name "com.apple.audio.AudioComponentRegistrar")
143         (global-name "com.apple.audio.AudioQueueServer")
144         (global-name "com.apple.voiceservices.keepalive")
145         (global-name "com.apple.voiceservices.tts"))
146     (allow mach-register
147         (local-name "com.apple.iphone.axserver"))
148     ;; <rdar://problem/14555119> Access to high quality speech voices
149     (allow file-read*
150         (home-subpath "/Library/VoiceServices/Assets")
151         (home-subpath "/Library/Assets/com_apple_MobileAsset_VoiceServicesVocalizerVoice"))
152
153     ;; HearingAidSupport
154     (allow mach-lookup
155         (xpc-service-name "com.apple.accessibility.heard"))
156
157     ;; MediaAccessibility (captions)
158     ;; <rdar://problem/12801477>
159     (mobile-preferences-read "com.apple.mediaaccessibility")
160         (allow mach-lookup (global-name "com.apple.accessibility.mediaaccessibilityd"))
161
162     ;; MobileAssistantFramework's AFContextManager
163     ;; <rdar://problem/13742083> & <rdar://problem/13717391> & <rdar://problem/13811297>
164     (allow mach-register mach-lookup
165         (local-name-regex #"^com\.apple\.assistant\.contextprovider\."))
166
167     ;; Permit reading assets via MobileAsset framework.
168     (asset-access 'with-media-playback)
169
170     ;; Permit access to on-demand resources.
171     (allow mach-lookup
172         (global-name "com.apple.ondemandd.client"))
173     (with-filter
174         (require-all
175             (require-any
176                 (home-subpath "/Library/OnDemandResources/AssetPacks")
177                 (well-known-system-group-container-subpath "/systemgroup.com.apple.ondemandresources/Library/AssetPacks"))
178             (extension "com.apple.odr-assets"))
179         (allow file-read*)
180         (allow file-issue-extension
181             (extension-class "com.apple.app-sandbox.read" "com.apple.mediaserverd.read")))
182
183     ;; allow 3rd party applications to access nsurlstoraged's top level domain data cache
184     (allow-well-known-system-group-container-literal-read
185         "/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
186
187     ;; allow replayd to extend read access to its data
188     (allow file-read*
189         (require-all
190             (extension "com.apple.replayd.read-only")
191             (home-subpath "/Library/ReplayKit")))
192
193     ;; AirPlay
194     (allow mach-lookup
195         (global-name "com.apple.airplaydiagnostics.server"))
196
197     ;; Access the keyboards
198     (allow file-read*
199         (home-subpath "/Library/Caches/com.apple.keyboards"))
200
201     ;; NSExtension helper for supplying information not provided by PlugInKit
202     (allow mach-lookup
203         (xpc-service-name "com.apple.uifoundation-bundle-helper"))
204
205     ;; <rdar://problem/19525887>
206     (allow mach-lookup (xpc-service-name-regex #"\.apple-extension-service$"))
207     ;; <rdar://problem/31252371>
208     (allow mach-lookup (xpc-service-name-regex #"\.viewservice$"))
209
210     ;; DataDetectors -> CallKit so user can place calls by tapping on phone numbers.
211     (allow mach-lookup
212         (global-name "com.apple.callkit.callcontrollerhost"))
213
214     ;; DataDetectors; update CoreRecents with recently-detected addresses, etc.
215     (allow mach-lookup
216         (xpc-service-name "com.apple.datadetectors.AddToRecentsService"))
217
218     ;; Accessoryd
219     (allow mach-lookup
220         (global-name "com.apple.accessories.externalaccessory-server"))
221
222     ;; Power logging
223     (allow mach-lookup
224         (global-name "com.apple.powerlog.plxpclogger.xpc"))
225
226     ;; <rdar://problem/19460486>
227     (nano-preferences-read ".GlobalPreferences")
228
229     (mobile-preferences-read
230         ; To determine whether the dictation opt-in alert should be suppressed.
231         "com.apple.assistant.backedup"
232         ; Keyboard Dictation reads the list of supported languages from com.apple.assistant.support.plist.
233         ; And Dictation checks whether Assistant is enabled by reading the same plist.
234         ; <rdar://problem/9883999> com.apple.assistant.support preference domain needs to be unsandboxed
235         "com.apple.assistant.support"
236         "com.apple.EmojiPreferences"
237         ; For CarPlay screen aspect ratio (rdar://problem/20062770).
238         "com.apple.iapd"
239         ; <rdar://problem/8477596> com.apple.InputModePreferences
240         "com.apple.InputModePreferences"
241         ; <rdar://problem/8206632> Weather(1038) deny file-read-data ~/Library/Preferences/com.apple.keyboard.plist
242         "com.apple.keyboard"
243         ; <rdar://problem/25130834> Spotlight suggestions in Lookup preference should be readable by any process
244         "com.apple.lookup.shared"
245         ; <rdar://problem/9384085>
246         "com.apple.Preferences")
247
248     ;; <rdar://problem/12985925> Need read access to /var/mobile/Library/Fonts to all apps
249     (allow file-read*
250         (home-subpath "/Library/Fonts"))
251
252     ;; <rdar://problem/23803332>, <rdar://problem/9457549>, <rdar://problem/13237899>
253     (allow mach-lookup
254         (global-name "com.apple.assistant.analytics")
255         (global-name "com.apple.assistant.dictation")
256         (global-name "com.apple.dictationd.recognition"))
257
258     ;; For copy-and-paste.
259     (allow mach-lookup
260         (global-name "com.apple.UIKit.pasteboardd")
261         (global-name "com.apple.pasteboard.pasted"))
262
263     ;; <rdar://problem/9749387>
264     (allow file-read*
265         (literal "/private/var/preferences/SystemConfiguration/com.apple.accounts.exists.plist"))
266
267     ;; For Social.framework
268     ;; <rdar://problem/13239172>
269     (allow file-read*
270         (literal "/private/var/preferences/SystemConfiguration/com.apple.sinaweibo.plist")
271         (literal "/private/var/preferences/SystemConfiguration/com.apple.twitter.plist")
272         (literal "/private/var/preferences/SystemConfiguration/com.apple.facebook.plist")
273         (literal "/private/var/preferences/SystemConfiguration/com.apple.linkedin.plist"))
274
275     ;; <rdar://problem/7344719&26323449> LaunchServices app icons
276     (allow file-read*
277         (well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
278     (allow mach-lookup
279         (xpc-service-name "com.apple.lsdiconservice"))
280
281     ;; <rdar://problem/14184130> SpringBoard needs read/write to statusbar cache folder - all apps need read
282     (allow file-read*
283         (home-subpath "/Library/Caches/com.apple.UIStatusBar"))
284
285     ;; <rdar://problem/22346174> Allow read-only access from the container profile to ~/Library/TVWallpaper
286     (when tv?
287         (allow file-read*
288         (home-subpath "/Library/TVWallpaper")))
289
290     ;; Common mach services needed by UIKit.
291     (allow mach-lookup
292         (global-name "com.apple.CARenderServer")
293         (global-name "com.apple.KeyboardServices.TextReplacementService")
294         (global-name "com.apple.UIKit.statusbarserver")
295         (global-name "com.apple.uikit.GestureServer")
296         (global-name "com.apple.assertiond.applicationstateconnection")
297         (global-name "com.apple.assertiond.expiration")
298         (global-name "com.apple.assertiond.processinfoservice")
299         (global-name "com.apple.audio.hapticd")
300         (global-name "com.apple.audio.SystemSoundServer-iOS")
301         (global-name "com.apple.backboard.TouchDeliveryPolicyServer")
302         (global-name "com.apple.backboard.animation-fence-arbiter")
303         (global-name "com.apple.backboard.display.services")
304         (global-name "com.apple.backboard.hid.focus")
305         (global-name "com.apple.backboard.hid.services")
306         (global-name "com.apple.iohideventsystem")
307         (global-name "com.apple.iphone.axserver-systemwide")
308         (global-name "com.apple.frontboard.workspace")
309         (global-name "com.apple.frontboard.systemappservices")
310         (global-name "com.apple.progressd"))
311
312     (pasteboard-client)
313     (springboard-services)
314
315     (when gizmo?
316         (mobile-preferences-read "com.apple.nano")
317         (allow mach-lookup
318             (global-name "com.apple.appaudiod")
319             (global-name "com.apple.Carousel.ButtonTapAssertion")
320             (global-name "com.apple.Carousel.CSLSBackgroundTaskRequestService")
321             (global-name "com.apple.Carousel.CSLSDockStatusService")
322             (global-name "com.apple.Carousel.activatingUIAssertion")
323             (global-name "com.apple.Carousel.alertSuppression")
324             (global-name "com.apple.Carousel.appOnWake")
325             (global-name "com.apple.Carousel.suspendSystemGestureAssertion")
326             (global-name "com.apple.carousel.backlightxpc")
327             (global-name "com.apple.carousel.brightnesscalculator")
328             (global-name "com.apple.carousel.connectionstatusservice")
329             (global-name "com.apple.Carousel.contextuallock")
330             (global-name "com.apple.carousel.fetchschedulingservice")
331             (global-name "com.apple.carousel.snapshotservice")
332             (global-name "com.apple.carousel.uiscalingservice")
333             (global-name "com.apple.carousel.unblankingsynchronization")
334             (global-name "com.apple.pepperuicore.statusbaritemserver")))
335
336     ;; AirDrop from the activity sheet.
337     ;; <rdar://problem/12715391>, <rdar://problem/12847034>, <rdar://problem/16400661>
338     (allow mach-lookup
339         (global-name "com.apple.sharingd")
340         (global-name "com.apple.sharingd.nsxpc")
341         (with report)
342         (with message "This rule is being removed in rdar://15713112 -- please report this violation to Sandbox_profiles | all"))
343     (allow-preferences-common)
344     (allow user-preference-read
345         (preference-domain "com.apple.Sharing")
346         (with report)
347         (with message "This rule is being removed in rdar://15713112 -- please report this violation to Sandbox_profiles | all"))
348
349     ;; <rdar://problem/30874167> Create a new CacheDelete mach service to allow for public API for purgeable space requests
350     (allow mach-lookup
351         (global-name "com.apple.cache_delete.public"))
352
353     ;; MIDI
354     (allow ipc-posix-shm-read* ipc-posix-shm-write-data
355         (ipc-posix-name-regex #"^Apple MIDI (in|out) [0-9]+$"))
356
357     ;; CoreMotion
358     (mobile-preferences-read "com.apple.CoreMotion")
359
360     ;; CoreMotion’s deviceMotion API
361     (with-filter
362         (require-any
363             (iokit-registry-entry-class "AppleOscarNub")
364             (iokit-registry-entry-class "AppleSPUHIDInterface"))
365         (allow iokit-get-properties
366             (iokit-property "gyro-interrupt-calibration")))
367     (with-filter (iokit-registry-entry-class "IOHIDEventServiceFastPathUserClient")
368     (allow iokit-open)
369     (allow iokit-get-properties iokit-set-properties
370         (iokit-property "interval"
371                         "mode"
372                         "QueueSize"
373                         "useMag"))
374     (allow iokit-get-properties
375     (iokit-property "client")))
376
377     ;; Common preferences read by UIKit.
378     (mobile-preferences-read "com.apple.Accessibility"
379         "com.apple.UIKit"
380         "com.apple.WebUI"
381         "com.apple.airplay"
382         "com.apple.avkit"
383         "com.apple.coreanimation"
384         "com.apple.mt"
385         "com.apple.preferences.sounds"
386         "com.apple.telephonyutilities.dialassist")
387
388     ;; Silence sandbox violations from apps trying to create the empty plist if it doesn't exist.
389     ;; <rdar://problem/13796537>
390     (deny file-write-create
391         (home-prefix "/Library/Preferences/com.apple.UIKit.plist")
392         (with no-report))
393
394     ;; <rdar://problem/10809394>
395     (deny file-write-create
396         (home-prefix "/Library/Preferences/com.apple.Accessibility.plist")
397         (with no-report))
398
399     ;; <rdar://problem/9404009>
400     (mobile-preferences-read "kCFPreferencesAnyApplication")
401
402     ;; <rdar://problem/10266866>
403     (marco-logging-client)
404
405     ;; <rdar://problem/12250145>
406     (mobile-preferences-read "com.apple.mediaaccessibility")
407
408     ; Dictionary Services used by UITextFields.
409     ; <rdar://problem/9386926>
410     (allow-create-directory
411         (home-literal "/Library/Caches/com.apple.DictionaryServices"))
412
413     ; <rdar://problem/11204655>
414     (mobile-preferences-read "com.apple.MapKit.internal")
415
416     ;; Required to detect whether Airplane mode is enabled.
417     (allow file-read*
418         (literal "/private/var/preferences/SystemConfiguration/com.apple.radios.plist"))
419
420     (when (memq 'with-printing rest)
421         (allow file-read-metadata network-outbound
422             (literal "/private/var/run/printd"))
423         (allow mach-lookup
424             (xpc-service-name "com.apple.PrintKit.PrinterTool")))
425
426     ; <rdar://problem/9007191> , <rdar://problem/9244785>
427     (when (memq 'with-gamekit-data rest)
428         (allow file-read*
429             (home-regex "/Library/GameKit/Data/[^/]+\.gcdata$"))
430         (allow file-read-metadata
431             (home-literal "/Library/GameKit/Data")))
432
433     ; rfc3484 -- from common.sb
434     (unless (memq 'without-network rest)
435         (allow-network-common))
436
437     ; <rdar://problem/8548856> Sub-TLF: Sandbox change for apps for read-only access to the dictionary directory/data
438     (allow file-read*
439         ; XXX - /Library ought to be allowed in all UI profiles but isn't (CF, MobileSafari)
440         (subpath "/Library/Dictionaries")
441         (home-subpath "/Library/Dictionaries"))
442
443     ; <rdar://problem/8440231>
444     (allow file-read*
445         (home-literal "/Library/Caches/DateFormats.plist"))
446     ; Silently deny writes when CFData attempts to write to the cache directory.
447     (deny file-write*
448         (home-literal "/Library/Caches/DateFormats.plist")
449         (with no-log))
450
451     ; UIKit-required IOKit nodes.
452     (allow iokit-open
453         (iokit-user-client-class "AppleJPEGDriverUserClient")
454         (iokit-user-client-class "IOSurfaceAcceleratorClient")
455         (iokit-user-client-class "IOSurfaceSendRight")
456         ;; Requires by UIView -> UITextMagnifierRenderer -> UIWindow
457         (iokit-user-client-class "IOSurfaceRootUserClient"))
458
459     ;; <rdar://problem/12675621>
460     (allow iokit-open
461         (iokit-user-client-class "IOHIDLibUserClient"))
462
463     (framebuffer-access)
464
465     ;; <rdar://problem/7822790>
466     (mobile-keybag-access)
467
468     ; <rdar://problem/7595408> , <rdar://problem/7643881>
469     (if (memq 'with-opengl rest)
470         (opengl))
471
472     (if (memq 'with-geoservices rest)
473         (geoservices))
474
475     (if (memq 'with-location-services rest)
476         (location-services))
477
478     ; <rdar://problem/8181749> Allow access to iTunes database files in container.sb
479     (if (memq 'with-itunes-db rest)
480         (itunes-db-read))
481
482     (if (memq 'with-push-notifications rest)
483         (push-notifications))
484
485     (if (memq 'with-in-app-purchases rest)
486         (in-app-purchases))
487
488     ; CRCopyRestrictionsDictionary periodically tries to CFPreferencesAppSynchronize com.apple.springboard.plist
489     ; which will attempt to create the plist if it doesn't exist -- from any application.  Only SpringBoard is
490     ; allowed to write its plist; ignore all others, they don't know what they are doing.
491     ; See <rdar://problem/9375027> for sample backtraces.
492     (deny file-write*
493         (home-prefix "/Library/Preferences/com.apple.springboard.plist")
494         (with no-log))
495
496     ;; For <rdar://problem/29428318> Allow DragUI mach service lookups for all UIKit apps
497     (allow mach-lookup
498         (global-name "com.apple.DragUI.druid.destination")
499         (global-name "com.apple.DragUI.druid.source"))
500
501     ;; <rdar://problem/30544378> Allow global lookup of com.apple.contactsd
502     (allow mach-lookup
503         (global-name "com.apple.contactsd"))
504
505     ;; <rdar://problem/31571441> need AX Drag-and-drop mach services added to default sandbox profile
506     (allow mach-lookup
507         (global-name "com.apple.VoiceOverTouch.drag.xpc")
508         (global-name "com.apple.assistivetouchd.drag.xpc"))
509
510     ;; <rdar://problem/34092690>
511     (allow mach-lookup
512         (xpc-service-name "com.apple.avkit.SharedPreferences"))
513
514     ;; <rdar://problem/34437589>
515     (allow mach-lookup
516         (global-name "com.apple.ap.adtrackingd.attribution"))
517
518     ;; <rdar://problem/34986314> Sandbox Profiles changes for indigo pref
519     (mobile-preferences-read "com.apple.indigo")
520
521     ;; <rdar://problem/35417382>, <rdar://problem/35518557>
522     (allow mach-lookup
523         (global-name "com.apple.corespotlightservice"))
524
525     ;; <rdar://problem/35446577>
526     (allow mach-lookup
527         (global-name "com.apple.coremedia.endpointplaybacksession.xpc"))
528
529     ;; For the (define... nesting.
530     )
531
532 ;;;
533 ;;; End UIKit-apps.sb content
534 ;;;
535
536 (uikit-app 'with-opengl 'with-location-services)
537
538 ;; Access to media controls
539 (play-media)
540 (media-remote)
541
542 (deny sysctl*)
543 (allow sysctl-read
544     (sysctl-name
545         "hw.availcpu"
546         "hw.ncpu"
547         "hw.model"
548         "kern.memorystatus_level"
549         "vm.footprint_suspend"))
550
551 ;; Read-only preferences and data
552 (mobile-preferences-read
553     "com.apple.LaunchServices"
554     "com.apple.WebFoundation"
555     "com.apple.mobileipod"
556     "com.apple.avfoundation.videoperformancehud" ;; <rdar://problem/31594568>
557     "com.apple.voiceservices.logging")
558
559 ;; Sandbox extensions
560 (define (apply-read-and-issue-extension op path-filter)
561     (op file-read* path-filter)
562     (op file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read") path-filter)))
563 (define (apply-write-and-issue-extension op path-filter)
564     (op file-write* path-filter)
565     (op file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read-write") path-filter)))
566 (define (read-only-and-issue-extensions path-filter)
567     (apply-read-and-issue-extension allow path-filter))
568 (define (read-write-and-issue-extensions path-filter)
569     (apply-read-and-issue-extension allow path-filter)
570     (apply-write-and-issue-extension allow path-filter))
571 (read-only-and-issue-extensions (extension "com.apple.app-sandbox.read"))
572 (read-write-and-issue-extensions (extension "com.apple.app-sandbox.read-write"))
573
574 ;; Access to client's cache folder & re-vending to CFNetwork.
575 ;; FIXME: Remove the webkti specific extension classes <rdar://problem/17755931>
576 (allow file-issue-extension (require-all
577     (extension "com.apple.app-sandbox.read-write")
578     (extension-class "com.apple.nsurlstorage.extension-cache")))
579
580 ;; MediaAccessibility
581 (mobile-preferences-read "com.apple.mediaaccessibility")
582 (mobile-preferences-read-write "com.apple.mediaaccessibility.public")
583
584 ;; Remote Web Inspector
585 (allow mach-lookup
586        (global-name "com.apple.webinspector"))
587
588 ;; Various services required by CFNetwork and other frameworks
589 (allow mach-lookup
590     (global-name "com.apple.PowerManagement.control")
591     (global-name "com.apple.accountsd.accountmanager")
592     (global-name "com.apple.analyticsd")
593     (global-name "com.apple.coremedia.audiodeviceclock"))
594
595 (deny file-write-create (vnode-type SYMLINK))
596 (deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))
597
598 ;; Allow loading injected bundles.
599 (allow file-map-executable)
600
601 ;; AWD logging
602 (awd-log-directory "com.apple.WebKit.WebContent")
603
604 (network-client (remote tcp) (remote udp))
605
606 ;; Allow ManagedPreference access
607 (allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
608
609 ;; Allow mediaserverd to issue file extensions for the purposes of reading media
610 (allow file-issue-extension (require-all
611     (extension "com.apple.app-sandbox.read")
612     (extension-class "com.apple.mediaserverd.read")))
613
614 ;; Allow CoreMedia to communicate with mediaserverd in order to implement custom media loading
615 (allow mach-lookup
616     (global-name "com.apple.coremedia.customurlloader.xpc"))
617
618 ;; Media capture, microphone access
619 (with-filter (extension "com.apple.webkit.microphone")
620     (allow device-microphone))
621
622 ;; Media capture, camera access
623 (with-filter (extension "com.apple.webkit.camera")
624     (allow user-preference-read
625         (preference-domain "com.apple.coremedia"))
626     (allow file-read* (subpath "/Library/CoreMediaIO/Plug-Ins/DAL"))
627     (allow mach-lookup (extension "com.apple.app-sandbox.mach"))
628     (allow device-camera))
629
630 ;; Support incoming video connections
631 (allow mach-lookup
632     (global-name "com.apple.audio.audiohald")
633     (global-name "com.apple.coremedia.compressionsession")
634     (global-name "com.apple.coremedia.decompressionsession")
635     (global-name "com.apple.coremedia.videoqueue"))