6859dd1ba07915b5a5c9f1878f86112756fa5604
[WebKit-https.git] / Source / WebKit2 / WebProcess / com.apple.WebProcess.sb.in
1 (version 1)
2 (deny default (with partial-symbolication))
3 (allow system-audit file-read-metadata)
4 #if __MAC_OS_X_VERSION_MIN_REQUIRED == 1070
5 (allow ipc-posix-shm)
6 #endif
7
8 (import "system.sb")
9
10 ;; Utility functions for home directory relative path filters
11 (define (home-regex home-relative-regex)
12   (regex (string-append "^" (regex-quote (param "HOME_DIR")) home-relative-regex)))
13
14 (define (home-subpath home-relative-subpath)
15   (subpath (string-append (param "HOME_DIR") home-relative-subpath)))
16
17 (define (home-literal home-relative-literal)
18   (literal (string-append (param "HOME_DIR") home-relative-literal)))
19
20 (define (allow-read-directory-and-issue-read-extensions path)
21     (if path
22         (begin
23             (allow file-read* (subpath path))
24             (allow file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read") (subpath path))))))
25
26 #if __MAC_OS_X_VERSION_MIN_REQUIRED == 1070
27 ;; Low level networking. Defined in system.sb on newer OS versions.
28 (define (system-network)
29   (allow file-read*
30          (literal "/Library/Preferences/com.apple.networkd.plist"))
31   (allow mach-lookup
32          (global-name "com.apple.SystemConfiguration.PPPController")
33          (global-name "com.apple.SystemConfiguration.SCNetworkReachability")
34          (global-name "com.apple.networkd"))
35   (allow network-outbound
36          (control-name "com.apple.netsrc")
37          (control-name "com.apple.network.statistics"))
38   (allow system-socket
39          (require-all (socket-domain AF_SYSTEM)
40                       (socket-protocol 2)) ; SYSPROTO_CONTROL
41          (socket-domain AF_ROUTE)))
42
43 ;; Low level graphics. Defined in system.sb on newer OS versions.
44 (define (system-graphics)
45     (allow mach-lookup (global-name "com.apple.cvmsServ"))
46     (allow iokit-open
47         (iokit-connection "IOAccelerator")
48         (iokit-user-client-class "IOAccelerationUserClient")
49         (iokit-user-client-class "IOSurfaceRootUserClient")
50         (iokit-user-client-class "IOSurfaceSendRight")
51         (iokit-user-client-class "IOFramebufferSharedUserClient")
52         (iokit-user-client-class "AppleSNBFBUserClient")
53         (iokit-user-client-class "AGPMClient")
54         (iokit-user-client-class "AppleGraphicsControlClient")))
55 #endif
56
57 ;; Read-only preferences and data
58 (allow file-read*
59        ;; Basic system paths
60        (subpath "/Library/Dictionaries")
61        (subpath "/Library/Fonts")
62        (subpath "/Library/Frameworks")
63        (subpath "/Library/Managed Preferences")
64        (subpath "/Library/Speech/Synthesizers")
65        (regex #"^/private/etc/(hosts|group|passwd)$")
66
67        ;; System and user preferences
68        (literal "/Library/Preferences/.GlobalPreferences.plist")
69        (home-literal "/Library/Preferences/.GlobalPreferences.plist")
70        (home-regex #"/Library/Preferences/ByHost/\.GlobalPreferences\.")
71        (home-regex #"/Library/Preferences/ByHost/com\.apple\.HIToolbox\.")
72        (home-regex #"/Library/Preferences/ByHost/com\.apple\.networkConnect\.")
73        (home-literal "/Library/Preferences/com.apple.ATS.plist")
74        (home-literal "/Library/Preferences/com.apple.DownloadAssessment.plist")
75        (home-literal "/Library/Preferences/com.apple.HIToolbox.plist")
76        (home-literal "/Library/Preferences/com.apple.LaunchServices.plist")
77        (home-literal "/Library/Preferences/com.apple.MultitouchSupport.plist") ;; FIXME: Remove when <rdar://problem/13011633> is fixed.
78        (home-literal "/Library/Preferences/com.apple.QTKit.plist")
79        (home-literal "/Library/Preferences/com.apple.WebFoundation.plist")
80        (home-literal "/Library/Preferences/com.apple.avfoundation.plist")
81        (home-literal "/Library/Preferences/com.apple.coremedia.plist")
82        (home-literal "/Library/Preferences/com.apple.speech.voice.prefs.plist")
83        (home-regex #"/Library/Preferences/com\.apple\.driver\.(AppleBluetoothMultitouch\.mouse|AppleBluetoothMultitouch\.trackpad|AppleHIDMouse)\.plist$")
84        (home-literal "/.CFUserTextEncoding")
85
86        ;; FIXME: This should be removed when <rdar://problem/8957845> is fixed.
87        (home-subpath "/Library/Fonts")
88
89        ;; FIXME: These should be removed when <rdar://problem/9217757> is fixed.
90        (home-subpath "/Library/Audio/Plug-Ins/Components")
91        (home-subpath "/Library/Preferences/QuickTime Preferences")
92        (home-literal "/Library/Caches/com.apple.coreaudio.components.plist")
93        (subpath "/Library/Audio/Plug-Ins/Components")
94        (subpath "/Library/Audio/Plug-Ins/HAL")
95        (subpath "/Library/Video/Plug-Ins")
96        (subpath "/Library/QuickTime")
97
98        (home-subpath "/Library/Dictionaries"))
99
100 ;; On-disk WebKit2 framework location, to account for debug installations outside of /System/Library/Frameworks,
101 ;; and to allow issuing extensions.
102 (allow-read-directory-and-issue-read-extensions (param "WEBKIT2_FRAMEWORK_DIR"))
103
104 ;; Sandbox extensions
105 (define (apply-read-and-issue-extension op path-filter)
106     (op file-read* path-filter)
107     (op file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read") path-filter)))
108 (define (apply-write-and-issue-extension op path-filter)
109     (op file-write* path-filter)
110     (op file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read-write") path-filter)))
111 (define (read-only-and-issue-extensions path-filter)
112     (apply-read-and-issue-extension allow path-filter))
113 (define (read-write-and-issue-extensions path-filter)
114     (apply-read-and-issue-extension allow path-filter)
115     (apply-write-and-issue-extension allow path-filter))
116 (read-only-and-issue-extensions (extension "com.apple.app-sandbox.read"))
117 (read-write-and-issue-extensions (extension "com.apple.app-sandbox.read-write"))
118 (allow mach-lookup (extension "com.apple.app-sandbox.mach")) ;; FIXME: Should be removed when <rdar://problem/13066206> is fixed.
119
120 ;; MediaAccessibility
121 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1090
122 (allow file-read* (home-literal "/Library/Preferences/com.apple.mediaaccessibility.plist"))
123 (allow file-read* file-write* (home-literal "/Library/Preferences/com.apple.mediaaccessibility.public.plist"))
124 #endif
125
126 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1080
127 (if (positive? (string-length (param "DARWIN_USER_CACHE_DIR")))
128     (allow file* (subpath (param "DARWIN_USER_CACHE_DIR"))))
129 #else
130 (if (positive? (string-length (param "DARWIN_USER_CACHE_DIR")))
131     (allow file* (subpath (string-append (param "DARWIN_USER_CACHE_DIR") "/mds"))))
132 #endif
133
134 (if (positive? (string-length (param "DARWIN_USER_TEMP_DIR")))
135     (allow file* (subpath (param "DARWIN_USER_TEMP_DIR"))))
136
137 ;; IOKit user clients
138 (allow iokit-open
139        (iokit-user-client-class "AppleUpstreamUserClient")
140        (iokit-user-client-class "IOHIDParamUserClient")
141        (iokit-user-client-class "RootDomainUserClient")
142        (iokit-user-client-class "IOAudioControlUserClient")
143        (iokit-user-client-class "IOAudioEngineUserClient"))
144
145 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1080
146
147 ;; cookied.
148 ;; FIXME: Update for <rdar://problem/13642852>.
149 (allow ipc-posix-shm-read-data
150     (ipc-posix-name "FNetwork.defaultStorageSession")
151     (ipc-posix-name-regex #"\.PrivateBrowsing-")
152     (ipc-posix-name-regex #"^Private WebKit Session-"))
153
154 ;; ColorSync
155 ;; FIXME: Remove names with underscores when possible (see <rdar://problem/13072721>).
156 (allow ipc-posix-shm*
157     (ipc-posix-name "_CS_GSHMEMLOCK")
158     (ipc-posix-name "_CS_DSHMEMLOCK")
159     (ipc-posix-name "_CSGRAYPROFILE")
160     (ipc-posix-name "_CSRGBPROFILE")
161     (ipc-posix-name "_CSGENGPROFILE")
162     (ipc-posix-name "_CSGENRPROFILE")
163     (ipc-posix-name "com.apple.ColorSync.Gen.lock")
164     (ipc-posix-name "com.apple.ColorSync.Disp.lock")
165     (ipc-posix-name "com.apple.ColorSync.Gray2.2")
166     (ipc-posix-name "com.apple.ColorSync.sRGB")
167     (ipc-posix-name "com.apple.ColorSync.GenGray")
168     (ipc-posix-name "com.apple.ColorSync.GenRGB"))
169
170 ;; Audio
171 (allow ipc-posix-shm-read* ipc-posix-shm-write-data
172     (ipc-posix-name-regex #"^AudioIO"))
173
174 #endif
175
176 ;; Various services required by AppKit and other frameworks
177 (allow mach-lookup
178        (global-name "com.apple.DiskArbitration.diskarbitrationd")
179        (global-name "com.apple.FileCoordination")
180        (global-name "com.apple.FontObjectsServer")
181        (global-name "com.apple.FontServer")
182        (global-name "com.apple.SystemConfiguration.configd")
183        (global-name "com.apple.SystemConfiguration.PPPController")
184        (global-name "com.apple.audio.VDCAssistant")
185        (global-name "com.apple.audio.audiohald")
186        (global-name "com.apple.audio.coreaudiod")
187        (global-name "com.apple.cookied")
188        (global-name "com.apple.dock.server")
189        (global-name "com.apple.system.opendirectoryd.api")
190        (global-name "com.apple.tccd")
191        (global-name "com.apple.tccd.system")
192        (global-name "com.apple.window_proxies")
193        (global-name "com.apple.windowserver.active")
194        (global-name "com.apple.cfnetwork.AuthBrokerAgent")
195        (global-name "com.apple.PowerManagement.control")
196        (global-name "com.apple.speech.speechsynthesisd")
197        (global-name "com.apple.speech.synthesis.console")
198
199 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1090
200        (global-name "com.apple.coreservices.launchservicesd")
201 #endif
202 )
203
204 ;; Security framework
205 (allow mach-lookup
206        (global-name "com.apple.ocspd")
207        (global-name "com.apple.SecurityServer"))
208 (allow file-read* file-write* (home-subpath "/Library/Keychains")) ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
209 (allow file-read* file-write* (subpath "/private/var/db/mds/system")) ;; FIXME: This should be removed when <rdar://problem/9538414> is fixed.
210 (allow file-read*
211        (subpath "/Library/Keychains")
212        (subpath "/private/var/db/mds")
213        (literal "/private/var/db/DetachedSignatures")
214        (literal "/Library/Preferences/com.apple.crypto.plist")
215        (literal "/Library/Preferences/com.apple.security.plist")
216        (literal "/Library/Preferences/com.apple.security.common.plist")
217        (literal "/Library/Preferences/com.apple.security.revocation.plist")
218        (home-literal "/Library/Application Support/SyncServices/Local/ClientsWithChanges/com.apple.Keychain")
219        (home-literal "/Library/Preferences/com.apple.security.plist")
220        (home-literal "/Library/Preferences/com.apple.security.revocation.plist"))
221 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1080
222 (allow ipc-posix-shm-read* ipc-posix-shm-write-data
223        (ipc-posix-name "com.apple.AppleDatabaseChanged"))
224 #endif
225
226 ;; CoreFoundation. We don't import com.apple.corefoundation.sb, because it allows unnecessary access to pasteboard.
227 (allow mach-lookup
228     (global-name-regex #"^com.apple.distributed_notifications")                                                       
229     (global-name "com.apple.CoreServices.coreservicesd"))
230 (allow file-read-data
231     (literal "/dev/autofs_nowait")) ; Used by CF to circumvent automount triggers
232 (allow ipc-posix-shm
233     (ipc-posix-name-regex #"^CFPBS:")) ; <rdar://problem/13757475>
234
235 ;; Graphics
236 (system-graphics)
237
238 ;; Networking
239 (system-network)
240 (allow network-outbound
241        ;; Local mDNSResponder for DNS, arbitrary outbound TCP
242        (literal "/private/var/run/mDNSResponder")
243        (remote tcp))
244
245 ;; Needed for NSAttributedString, <rdar://problem/10844321>.
246 (allow file-read*
247        (home-literal "/Library/Preferences/pbs.plist")
248        (home-literal "/Library/Preferences/com.apple.ServicesMenu.Services.plist"))
249 (allow mach-lookup
250        (global-name "com.apple.pbs.fetch_services"))
251
252 ;; FIXME should be removed when <rdar://problem/9347205> + related radar in Safari is fixed
253 (allow mach-lookup
254        (global-name "org.h5l.kcm")
255        (global-name "com.apple.system.logger")
256        (global-name "com.apple.system.notification_center"))
257 (allow network-outbound
258        (remote udp))
259 (allow file-read*
260         (home-subpath "/Library/Preferences/com.apple.Kerberos.plist")
261         (home-subpath "/Library/Preferences/com.apple.GSS.plist")
262         (home-subpath "/Library/Preferences/edu.mit.Kerberos")
263         (literal "/Library/Preferences/com.apple.Kerberos.plist")
264         (literal "/Library/Preferences/com.apple.GSS.plist")
265         (literal "/Library/Preferences/edu.mit.Kerberos")
266         (literal "/private/etc/krb5.conf")
267         (literal "/private/etc/services")
268         (literal "/private/etc/host"))
269
270 (if (defined? 'vnode-type)
271         (deny file-write-create (vnode-type SYMLINK)))
272
273 (deny file-read* file-write* (with no-log)
274 #if __MAC_OS_X_VERSION_MIN_REQUIRED <= 1080
275        (home-literal "/Library/Caches/Cache.db") ;; <rdar://problem/9422957>
276 #endif
277 #if __MAC_OS_X_VERSION_MIN_REQUIRED == 1080
278        (home-subpath "/Library/Caches/com.apple.WebProcess") ;; <rdar://problem/12656814>
279 #endif
280
281 #if __MAC_OS_X_VERSION_MIN_REQUIRED == 1070
282        (subpath (string-append (param "DARWIN_USER_CACHE_DIR") "/com.nvidia.OpenGL")) ;; <rdar://problem/13402976>
283 #endif
284
285        ;; FIXME: Should be removed after <rdar://problem/10463881> is fixed.
286        (home-literal "/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2")
287        (home-literal "/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2-journal"))
288
289 ;; Deny access needed for unnecessary NSApplication initialization.
290 ;; FIXME: This can be removed once <rdar://problem/13011633> is fixed.
291 (deny file-read* (with no-log)
292        (home-literal "/Library/Preferences/com.apple.speech.recognition.AppleSpeechRecognition.prefs.plist")
293        (subpath "/Library/InputManagers")
294        (home-subpath "/Library/InputManagers")
295 #if __MAC_OS_X_VERSION_MIN_REQUIRED == 1070
296        (literal (string-append (param "DARWIN_USER_CACHE_DIR") "/com.apple.IntlDataCache.le"))
297        (literal (string-append (param "DARWIN_USER_CACHE_DIR") "/com.apple.IntlDataCache.le.kbdx"))
298 #endif
299        )
300 (deny mach-lookup (with no-log)
301        (global-name "com.apple.coreservices.appleevents")
302        (global-name "com.apple.pasteboard.1")
303        (global-name "com.apple.speech.recognitionserver"))
304 ;; Also part of unnecessary NSApplication initialization, but we can't block access to these yet, see <rdar://problem/13869765>.
305 (allow file-read*
306        (subpath "/Library/Components")
307        (subpath "/Library/Keyboard Layouts")
308        (subpath "/Library/Input Methods")
309        (home-subpath "/Library/Components")
310        (home-subpath "/Library/Keyboard Layouts")
311        (home-subpath "/Library/Input Methods"))
312
313 #if __MAC_OS_X_VERSION_MIN_REQUIRED == 1070
314 (deny mach-lookup (with no-log) (global-name "com.apple.tsm.uiserver")) ;; <rdar://problem/13902706>
315 #endif