[iOS] Don't import 'UIKit-apps.sb' to the WebContent process sandbox
[WebKit-https.git] / Source / WebKit / Resources / SandboxProfiles / ios / com.apple.WebKit.WebContent.sb
index 42f475e..93ef8bb 100644 (file)
@@ -1,4 +1,4 @@
-; Copyright (C) 2010-2015 Apple Inc. All rights reserved.
+; Copyright (C) 2010-2017 Apple Inc. All rights reserved.
 ;
 ; Redistribution and use in source and binary forms, with or without
 ; modification, are permitted provided that the following conditions
 
 (deny mach-lookup (xpc-service-name-prefix ""))
 
-(import "UIKit-apps.sb")
+(import "common.sb")
+
+;;;
+;;; The following rules were originally contained in 'UIKit-apps.sb'. We are duplicating them here so we can
+;;; remove unneeded sandbox extensions.
+;;;
+
+;;;
+;;; Declare that the process hosts UI provided by another process.
+;;; (This could potentially be any application; see <rdar://problem/11034833> and
+;;;  <rdar://problem/11330224> for details)
+;;;
+(define-once (remote-view-client)
+    (allow mach-lookup
+        (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
+        (global-name-regex #"^com\.apple\.uikit\.viewservice\..+")))
+
+;;;
+;;; Declare that the process serves UI that can be remotely-hosted by another process.
+;;;
+(define-once (remote-view-service)
+    ;; RemoteViewServices need to lookup their own accessility service in order to send
+    ;; the mach port to the hosting app.
+    (allow mach-lookup
+        (local-name "com.apple.iphone.axserver"))
+    ;; RemoteViewServices need to lookup the bundle identifier of the application hosting
+    ;; their views (see <rdar://problem/11780984>).
+    (allow mach-lookup
+        (global-name "com.apple.springboard.backgroundappservices")))
+
+(define (uikit-app . rest)
+    ;;; <rdar://problem/29959382> Allow UIKit apps access to com.apple.TextInput.preferences mach service
+    (allow mach-lookup
+        (global-name "com.apple.TextInput.preferences"))
+
+    (allow mach-lookup
+        (xpc-service-name "com.apple.siri.context.service"))
+
+    ;; Any UI could be remote-hosted.
+    (remote-view-client)
+
+    ;; Any app could use ubiquity.
+    (ubiquity-client)
+
+    ;; Any app can play audio & movies.
+    (play-audio)
+    (play-media)
+
+    ;; Any app can use ProgressKit
+    (progresskit-client)
+
+    (url-translation)
+
+    ;; For <rdar://problem/20812377> All applications need to be able to access the com.apple.UIKit.KeyboardManagement running in backboardd
+    ;; renamed in <rdar://problem/20909914> Rename com.apple.UIKit.KeyboardManagement
+    (allow mach-lookup
+        (global-name "com.apple.UIKit.KeyboardManagement")
+        (global-name "com.apple.UIKit.KeyboardManagement.hosted"))
+
+    ;; For <rdar://problem/23469318> Allow UIKit-based apps to access com.apple.remote-text-editing mach service
+    ;; and <rdar://problem/23579008> REM: Allow UIKit-based apps to access com.apple.remote-input-limiting mach service
+    (when tv?
+        (allow mach-lookup
+            (global-name "com.apple.remote-input-limiting")
+            (global-name "com.apple.remote-text-editing")
+            (global-name "com.apple.remote-text-editing-legacy")
+            (global-name "com.apple.sharing.remote-text-editing")))
+
+    ;; For ApplicationScripting
+    ;; <rdar://problem/12778546> ASProcessScriptEvent fails to obtain port for event return
+    (allow mach-lookup
+        (global-name "ScripterServer"))
+
+    ;; TextInput framework
+    (allow mach-lookup
+        (global-name "com.apple.TextInput")
+        (global-name "com.apple.TextInput.emoji")
+        (global-name "com.apple.TextInput.image-cache-server")
+        (global-name "com.apple.TextInput.lexicon-server")
+        (global-name "com.apple.TextInput.rdt")
+        (global-name "com.apple.TextInput.shortcuts"))
+    (mobile-preferences-read "com.apple.da")
+
+    ;; Various Accessibility services.
+    (allow mach-lookup
+        (xpc-service-name "com.apple.accessibility.AccessibilityUIServer"))
+
+    ;; Guided Access support (<rdar://problem/11683460>).
+    (allow mach-lookup
+        (global-name "com.apple.accessibility.gax.backboard"))
+    (allow mach-register
+        (local-name "com.apple.accessibility.gax.client"))
+
+    ;; AssistiveTouch
+    ;; <rdar://problem/11800071> sandbox error for remote message services when AssistiveTouch is running
+    (allow mach-lookup
+        (global-name "UIASTNotificationCenter"))
+
+    ;; ZoomTouch
+    ;; <rdar://problem/11823957>
+    (allow mach-lookup
+        (global-name "com.apple.accessibility.AXBackBoardServer"))
+
+    ;; Speak Selection & VoiceOver
+    ;; <rdar://problem/12030530> AX: Sandbox violation with changing Language while VO is on
+    ;; and <rdar://problem/13071747>
+    (mobile-preferences-read
+        "com.apple.SpeakSelection"
+        "com.apple.VoiceOverTouch"
+        "com.apple.voiceservices")
+    (allow mach-lookup
+        (global-name "com.apple.audio.AudioComponentPrefs")
+        (global-name "com.apple.audio.AudioComponentRegistrar")
+        (global-name "com.apple.audio.AudioQueueServer")
+        (global-name "com.apple.voiceservices.keepalive")
+        (global-name "com.apple.voiceservices.tts"))
+    (allow mach-register
+        (local-name "com.apple.iphone.axserver"))
+    ;; <rdar://problem/14555119> Access to high quality speech voices
+    (allow file-read*
+        (home-subpath "/Library/VoiceServices/Assets")
+        (home-subpath "/Library/Assets/com_apple_MobileAsset_VoiceServicesVocalizerVoice"))
+
+    ;; HearingAidSupport
+    (allow mach-lookup
+        (xpc-service-name "com.apple.accessibility.heard"))
+
+    ;; MediaAccessibility (captions)
+    ;; <rdar://problem/12801477>
+    (mobile-preferences-read "com.apple.mediaaccessibility")
+        (allow mach-lookup (global-name "com.apple.accessibility.mediaaccessibilityd"))
+
+    ;; MobileAssistantFramework's AFContextManager
+    ;; <rdar://problem/13742083> & <rdar://problem/13717391> & <rdar://problem/13811297>
+    (allow mach-register mach-lookup
+        (local-name-regex #"^com\.apple\.assistant\.contextprovider\."))
+
+    ;; Permit reading assets via MobileAsset framework.
+    (asset-access 'with-media-playback)
+
+    ;; Permit access to on-demand resources.
+    (allow mach-lookup
+        (global-name "com.apple.ondemandd.client"))
+    (with-filter
+        (require-all
+            (require-any
+                (home-subpath "/Library/OnDemandResources/AssetPacks")
+                (well-known-system-group-container-subpath "/systemgroup.com.apple.ondemandresources/Library/AssetPacks"))
+            (extension "com.apple.odr-assets"))
+        (allow file-read*)
+        (allow file-issue-extension
+            (extension-class "com.apple.app-sandbox.read" "com.apple.mediaserverd.read")))
+
+    ;; allow 3rd party applications to access nsurlstoraged's top level domain data cache
+    (allow-well-known-system-group-container-literal-read
+        "/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
+
+    ;; allow replayd to extend read access to its data
+    (allow file-read*
+        (require-all
+            (extension "com.apple.replayd.read-only")
+            (home-subpath "/Library/ReplayKit")))
+
+    ;; AirPlay
+    (allow mach-lookup
+        (global-name "com.apple.airplaydiagnostics.server"))
+
+    ;; Access the keyboards
+    (allow file-read*
+        (home-subpath "/Library/Caches/com.apple.keyboards"))
+
+    ;; NSExtension helper for supplying information not provided by PlugInKit
+    (allow mach-lookup
+        (xpc-service-name "com.apple.uifoundation-bundle-helper"))
+
+    ;; <rdar://problem/19525887>
+    (allow mach-lookup (xpc-service-name-regex #"\.apple-extension-service$"))
+    ;; <rdar://problem/31252371>
+    (allow mach-lookup (xpc-service-name-regex #"\.viewservice$"))
+
+    ;; DataDetectors -> CallKit so user can place calls by tapping on phone numbers.
+    (allow mach-lookup
+        (global-name "com.apple.callkit.callcontrollerhost"))
+
+    ;; DataDetectors; update CoreRecents with recently-detected addresses, etc.
+    (allow mach-lookup
+        (xpc-service-name "com.apple.datadetectors.AddToRecentsService"))
+
+    ;; Accessoryd
+    (allow mach-lookup
+        (global-name "com.apple.accessories.externalaccessory-server"))
+
+    ;; Power logging
+    (allow mach-lookup
+        (global-name "com.apple.powerlog.plxpclogger.xpc"))
+
+    ;; <rdar://problem/19460486>
+    (nano-preferences-read ".GlobalPreferences")
+
+    (mobile-preferences-read
+        ; To determine whether the dictation opt-in alert should be suppressed.
+        "com.apple.assistant.backedup"
+        ; Keyboard Dictation reads the list of supported languages from com.apple.assistant.support.plist.
+        ; And Dictation checks whether Assistant is enabled by reading the same plist.
+        ; <rdar://problem/9883999> com.apple.assistant.support preference domain needs to be unsandboxed
+        "com.apple.assistant.support"
+        "com.apple.EmojiPreferences"
+        ; For CarPlay screen aspect ratio (rdar://problem/20062770).
+        "com.apple.iapd"
+        ; <rdar://problem/8477596> com.apple.InputModePreferences
+        "com.apple.InputModePreferences"
+        ; <rdar://problem/8206632> Weather(1038) deny file-read-data ~/Library/Preferences/com.apple.keyboard.plist
+        "com.apple.keyboard"
+        ; <rdar://problem/25130834> Spotlight suggestions in Lookup preference should be readable by any process
+        "com.apple.lookup.shared"
+        ; <rdar://problem/9384085>
+        "com.apple.Preferences")
+
+    ;; <rdar://problem/12985925> Need read access to /var/mobile/Library/Fonts to all apps
+    (allow file-read*
+        (home-subpath "/Library/Fonts"))
+
+    ;; <rdar://problem/23803332>, <rdar://problem/9457549>, <rdar://problem/13237899>
+    (allow mach-lookup
+        (global-name "com.apple.assistant.analytics")
+        (global-name "com.apple.assistant.dictation")
+        (global-name "com.apple.dictationd.recognition"))
+
+    ;; For copy-and-paste.
+    (allow mach-lookup
+        (global-name "com.apple.UIKit.pasteboardd")
+        (global-name "com.apple.pasteboard.pasted"))
+
+    ;; <rdar://problem/9749387>
+    (allow file-read*
+        (literal "/private/var/preferences/SystemConfiguration/com.apple.accounts.exists.plist"))
+
+    ;; For Social.framework
+    ;; <rdar://problem/13239172>
+    (allow file-read*
+        (literal "/private/var/preferences/SystemConfiguration/com.apple.sinaweibo.plist")
+        (literal "/private/var/preferences/SystemConfiguration/com.apple.twitter.plist")
+        (literal "/private/var/preferences/SystemConfiguration/com.apple.facebook.plist")
+        (literal "/private/var/preferences/SystemConfiguration/com.apple.linkedin.plist"))
+
+    ;; <rdar://problem/7344719&26323449> LaunchServices app icons
+    (allow file-read*
+        (well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
+    (allow mach-lookup
+        (xpc-service-name "com.apple.lsdiconservice"))
+
+    ;; <rdar://problem/14184130> SpringBoard needs read/write to statusbar cache folder - all apps need read
+    (allow file-read*
+        (home-subpath "/Library/Caches/com.apple.UIStatusBar"))
+
+    ;; <rdar://problem/22346174> Allow read-only access from the container profile to ~/Library/TVWallpaper
+    (when tv?
+        (allow file-read*
+        (home-subpath "/Library/TVWallpaper")))
+
+    ;; Common mach services needed by UIKit.
+    (allow mach-lookup
+        (global-name "com.apple.CARenderServer")
+        (global-name "com.apple.KeyboardServices.TextReplacementService")
+        (global-name "com.apple.UIKit.statusbarserver")
+        (global-name "com.apple.uikit.GestureServer")
+        (global-name "com.apple.assertiond.applicationstateconnection")
+        (global-name "com.apple.assertiond.expiration")
+        (global-name "com.apple.assertiond.processinfoservice")
+        (global-name "com.apple.audio.hapticd")
+        (global-name "com.apple.audio.SystemSoundServer-iOS")
+        (global-name "com.apple.backboard.TouchDeliveryPolicyServer")
+        (global-name "com.apple.backboard.animation-fence-arbiter")
+        (global-name "com.apple.backboard.display.services")
+        (global-name "com.apple.backboard.hid.focus")
+        (global-name "com.apple.backboard.hid.services")
+        (global-name "com.apple.iohideventsystem")
+        (global-name "com.apple.iphone.axserver-systemwide")
+        (global-name "com.apple.frontboard.workspace")
+        (global-name "com.apple.frontboard.systemappservices")
+        (global-name "com.apple.progressd"))
+
+    (pasteboard-client)
+    (springboard-services)
+
+    (when gizmo?
+        (mobile-preferences-read "com.apple.nano")
+        (allow mach-lookup
+            (global-name "com.apple.appaudiod")
+            (global-name "com.apple.Carousel.ButtonTapAssertion")
+            (global-name "com.apple.Carousel.CSLSBackgroundTaskRequestService")
+            (global-name "com.apple.Carousel.CSLSDockStatusService")
+            (global-name "com.apple.Carousel.activatingUIAssertion")
+            (global-name "com.apple.Carousel.alertSuppression")
+            (global-name "com.apple.Carousel.appOnWake")
+            (global-name "com.apple.Carousel.suspendSystemGestureAssertion")
+            (global-name "com.apple.carousel.backlightxpc")
+            (global-name "com.apple.carousel.brightnesscalculator")
+            (global-name "com.apple.carousel.connectionstatusservice")
+            (global-name "com.apple.Carousel.contextuallock")
+            (global-name "com.apple.carousel.fetchschedulingservice")
+            (global-name "com.apple.carousel.snapshotservice")
+            (global-name "com.apple.carousel.uiscalingservice")
+            (global-name "com.apple.carousel.unblankingsynchronization")
+            (global-name "com.apple.pepperuicore.statusbaritemserver")))
+
+    ;; AirDrop from the activity sheet.
+    ;; <rdar://problem/12715391>, <rdar://problem/12847034>, <rdar://problem/16400661>
+    (allow mach-lookup
+        (global-name "com.apple.sharingd")
+        (global-name "com.apple.sharingd.nsxpc")
+        (with report)
+        (with message "This rule is being removed in rdar://15713112 -- please report this violation to Sandbox_profiles | all"))
+    (allow-preferences-common)
+    (allow user-preference-read
+        (preference-domain "com.apple.Sharing")
+        (with report)
+        (with message "This rule is being removed in rdar://15713112 -- please report this violation to Sandbox_profiles | all"))
+
+    ;; <rdar://problem/30874167> Create a new CacheDelete mach service to allow for public API for purgeable space requests
+    (allow mach-lookup
+        (global-name "com.apple.cache_delete.public"))
+
+    ;; MIDI
+    (allow ipc-posix-shm-read* ipc-posix-shm-write-data
+        (ipc-posix-name-regex #"^Apple MIDI (in|out) [0-9]+$"))
+
+    ;; CoreMotion
+    (mobile-preferences-read "com.apple.CoreMotion")
+
+    ;; CoreMotion’s deviceMotion API
+    (with-filter
+        (require-any
+            (iokit-registry-entry-class "AppleOscarNub")
+            (iokit-registry-entry-class "AppleSPUHIDInterface"))
+        (allow iokit-get-properties
+            (iokit-property "gyro-interrupt-calibration")))
+    (with-filter (iokit-registry-entry-class "IOHIDEventServiceFastPathUserClient")
+    (allow iokit-open)
+    (allow iokit-get-properties iokit-set-properties
+        (iokit-property "interval"
+                        "mode"
+                        "QueueSize"
+                        "useMag"))
+    (allow iokit-get-properties
+    (iokit-property "client")))
+
+    ;; Common preferences read by UIKit.
+    (mobile-preferences-read "com.apple.Accessibility"
+        "com.apple.UIKit"
+        "com.apple.WebUI"
+        "com.apple.airplay"
+        "com.apple.avkit"
+        "com.apple.coreanimation"
+        "com.apple.mt"
+        "com.apple.preferences.sounds"
+        "com.apple.telephonyutilities.dialassist")
+
+    ;; Silence sandbox violations from apps trying to create the empty plist if it doesn't exist.
+    ;; <rdar://problem/13796537>
+    (deny file-write-create
+        (home-prefix "/Library/Preferences/com.apple.UIKit.plist")
+        (with no-report))
+
+    ;; <rdar://problem/10809394>
+    (deny file-write-create
+        (home-prefix "/Library/Preferences/com.apple.Accessibility.plist")
+        (with no-report))
+
+    ;; <rdar://problem/9404009>
+    (mobile-preferences-read "kCFPreferencesAnyApplication")
+
+    ;; <rdar://problem/10266866>
+    (marco-logging-client)
+
+    ;; <rdar://problem/12250145>
+    (mobile-preferences-read "com.apple.mediaaccessibility")
+
+    ; Dictionary Services used by UITextFields.
+    ; <rdar://problem/9386926>
+    (allow-create-directory
+        (home-literal "/Library/Caches/com.apple.DictionaryServices"))
+
+    ; <rdar://problem/11204655>
+    (mobile-preferences-read "com.apple.MapKit.internal")
+
+    ;; Required to detect whether Airplane mode is enabled.
+    (allow file-read*
+        (literal "/private/var/preferences/SystemConfiguration/com.apple.radios.plist"))
+
+    (when (memq 'with-printing rest)
+        (allow file-read-metadata network-outbound
+            (literal "/private/var/run/printd"))
+        (allow mach-lookup
+            (xpc-service-name "com.apple.PrintKit.PrinterTool")))
+
+    ; <rdar://problem/9007191> , <rdar://problem/9244785>
+    (when (memq 'with-gamekit-data rest)
+        (allow file-read*
+            (home-regex "/Library/GameKit/Data/[^/]+\.gcdata$"))
+        (allow file-read-metadata
+            (home-literal "/Library/GameKit/Data")))
+
+    ; rfc3484 -- from common.sb
+    (unless (memq 'without-network rest)
+        (allow-network-common))
+
+    ; <rdar://problem/8548856> Sub-TLF: Sandbox change for apps for read-only access to the dictionary directory/data
+    (allow file-read*
+        ; XXX - /Library ought to be allowed in all UI profiles but isn't (CF, MobileSafari)
+        (subpath "/Library/Dictionaries")
+        (home-subpath "/Library/Dictionaries"))
+
+    ; <rdar://problem/8440231>
+    (allow file-read*
+        (home-literal "/Library/Caches/DateFormats.plist"))
+    ; Silently deny writes when CFData attempts to write to the cache directory.
+    (deny file-write*
+        (home-literal "/Library/Caches/DateFormats.plist")
+        (with no-log))
+
+    ; UIKit-required IOKit nodes.
+    (allow iokit-open
+        (iokit-user-client-class "AppleJPEGDriverUserClient")
+        (iokit-user-client-class "IOSurfaceAcceleratorClient")
+        (iokit-user-client-class "IOSurfaceSendRight")
+        ;; Requires by UIView -> UITextMagnifierRenderer -> UIWindow
+        (iokit-user-client-class "IOSurfaceRootUserClient"))
+
+    ;; <rdar://problem/12675621>
+    (allow iokit-open
+        (iokit-user-client-class "IOHIDLibUserClient"))
+
+    (framebuffer-access)
+
+    ;; <rdar://problem/7822790>
+    (mobile-keybag-access)
+
+    ; <rdar://problem/7595408> , <rdar://problem/7643881>
+    (if (memq 'with-opengl rest)
+        (opengl))
+
+    (if (memq 'with-geoservices rest)
+        (geoservices))
+
+    (if (memq 'with-location-services rest)
+        (location-services))
+
+    ; <rdar://problem/8181749> Allow access to iTunes database files in container.sb
+    (if (memq 'with-itunes-db rest)
+        (itunes-db-read))
+
+    (if (memq 'with-push-notifications rest)
+        (push-notifications))
+
+    (if (memq 'with-in-app-purchases rest)
+        (in-app-purchases))
+
+    ; CRCopyRestrictionsDictionary periodically tries to CFPreferencesAppSynchronize com.apple.springboard.plist
+    ; which will attempt to create the plist if it doesn't exist -- from any application.  Only SpringBoard is
+    ; allowed to write its plist; ignore all others, they don't know what they are doing.
+    ; See <rdar://problem/9375027> for sample backtraces.
+    (deny file-write*
+        (home-prefix "/Library/Preferences/com.apple.springboard.plist")
+        (with no-log))
+
+    ;; For <rdar://problem/29428318> Allow DragUI mach service lookups for all UIKit apps
+    (allow mach-lookup
+        (global-name "com.apple.DragUI.druid.destination")
+        (global-name "com.apple.DragUI.druid.source"))
+
+    ;; <rdar://problem/30544378> Allow global lookup of com.apple.contactsd
+    (allow mach-lookup
+        (global-name "com.apple.contactsd"))
+
+    ;; <rdar://problem/31571441> need AX Drag-and-drop mach services added to default sandbox profile
+    (allow mach-lookup
+        (global-name "com.apple.VoiceOverTouch.drag.xpc")
+        (global-name "com.apple.assistivetouchd.drag.xpc"))
+
+    ;; <rdar://problem/34092690>
+    (allow mach-lookup
+        (xpc-service-name "com.apple.avkit.SharedPreferences"))
+
+    ;; <rdar://problem/34437589>
+    (allow mach-lookup
+        (global-name "com.apple.ap.adtrackingd.attribution"))
+
+    ;; <rdar://problem/34986314> Sandbox Profiles changes for indigo pref
+    (mobile-preferences-read "com.apple.indigo")
+
+    ;; <rdar://problem/35417382>, <rdar://problem/35518557>
+    (allow mach-lookup
+        (global-name "com.apple.corespotlightservice"))
+
+    ;; <rdar://problem/35446577>
+    (allow mach-lookup
+        (global-name "com.apple.coremedia.endpointplaybacksession.xpc"))
+
+    ;; For the (define... nesting.
+    )
+
+;;;
+;;; End UIKit-apps.sb content
+;;;
 
 (uikit-app 'with-opengl 'with-location-services)