AXIsolatedObject implementation of the title method.
[WebKit.git] / Source / WebKit / Resources / SandboxProfiles / ios / com.apple.WebKit.WebContent.sb
1 ; Copyright (C) 2010-2020 Apple Inc. All rights reserved.
2 ;
3 ; Redistribution and use in source and binary forms, with or without
4 ; modification, are permitted provided that the following conditions
5 ; are met:
6 ; 1. Redistributions of source code must retain the above copyright
7 ; notice, this list of conditions and the following disclaimer.
8 ; 2. Redistributions in binary form must reproduce the above copyright
9 ; notice, this list of conditions and the following disclaimer in the
10 ; documentation and/or other materials provided with the distribution.
11 ;
12 ; THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
13 ; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
14 ; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15 ; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
16 ; BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
17 ; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
18 ; SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
19 ; INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
20 ; CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
21 ; ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
22 ; THE POSSIBILITY OF SUCH DAMAGE.
23
24 (version 1)
25 (deny default (with partial-symbolication))
26 (allow system-audit file-read-metadata)
27
28 ;;;
29 ;;; The following rules were originally contained in 'common.sb'. We are duplicating them here so we can
30 ;;; remove unneeded sandbox extensions.
31 ;;;
32
33 (import "util.sb")
34
35 (define-once (allow-read-and-issue-generic-extensions . filters)
36     (allow file-read*
37            (apply require-any filters))
38     (allow file-issue-extension
39         (require-all
40             (extension-class "com.apple.app-sandbox.read")
41             (apply require-any filters))))
42
43 (define-once (allow-read-write-and-issue-generic-extensions . filters)
44     (allow file-read* file-write*
45            (apply require-any filters))
46     (allow file-read-metadata
47            (apply require-any filters))
48     (allow file-issue-extension
49         (require-all
50             (extension-class "com.apple.app-sandbox.read-write" "com.apple.app-sandbox.read")
51             (apply require-any filters))))
52
53 (define-once (managed-configuration-read-public)
54     (allow file-read*
55            (well-known-system-group-container-subpath "/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles/PublicInfo")
56            (front-user-home-subpath "/Library/ConfigurationProfiles/PublicInfo")
57            (front-user-home-subpath "/Library/UserConfigurationProfiles/PublicInfo")))
58
59 (define-once (managed-configuration-read . files)
60     (if (null? files)
61         (allow file-read*
62                (well-known-system-group-container-subpath "/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles")
63                (front-user-home-subpath "/Library/ConfigurationProfiles")
64                (front-user-home-subpath "/Library/UserConfigurationProfiles"))
65         (for-each
66             (lambda (file)
67                 (allow file-read*
68                     (well-known-system-group-container-literal
69                         (string-append "/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles/" file))
70                     (front-user-home-literal
71                         (string-append "/Library/ConfigurationProfiles/" file)
72                         (string-append "/Library/UserConfigurationProfiles/" file))))
73             files)))
74
75 (define-once (allow-preferences-common)
76     (allow file-read-metadata
77            (home-literal "")
78            (home-literal "/Library/Preferences")))
79
80 (define-once (mobile-preferences-read . domains)
81     (allow-preferences-common)
82     (allow user-preference-read (apply preference-domain domains)))
83
84 (define-once (mobile-preferences-read-write . domains)
85     (allow-preferences-common)
86     (allow user-preference-read user-preference-write (apply preference-domain domains)))
87
88 (define-once (framebuffer-access)
89     (allow iokit-open
90            (iokit-user-client-class "IOMobileFramebufferUserClient"))
91
92     ; IOMobileFramebuffer
93     (with-filter (iokit-registry-entry-class "IOMobileFramebuffer")
94         (allow iokit-get-properties
95                (iokit-property "AppleTV"
96                                "DisplayPipePlaneBaseAlignment"
97                                "DisplayPipeStrideRequirements"
98                                "PerformanceStatistics"
99                                "appleTV-VID0"
100                                "appleTV-VID1"
101                                "hdcp-hoover-protocol")))
102
103     (mobile-preferences-read "com.apple.iokit.IOMobileGraphicsFamily")
104 )
105
106 (define-once (asset-access . options)
107     (let ((asset-access-filter
108             (require-all
109               (require-any
110                 (home-subpath "/Library/Assets")
111                 (subpath "/private/var/MobileAsset"))
112               (extension "com.apple.assets.read"))))
113         ;; <rdar://problem/10710883>
114         ;; <rdar://problem/11569106>
115         (allow file-read* asset-access-filter)
116         (if (memq 'with-media-playback options)
117             (play-media asset-access-filter))
118         (allow mach-lookup (with telemetry-backtrace)
119                (global-name "com.apple.mobileassetd" "com.apple.mobileassetd.v2"))
120         (mobile-preferences-read "com.apple.MobileAsset")))
121
122 (define-once (play-media . filters)
123     (if (not (null? filters))
124         ;; <rdar://problem/9875794>
125         (allow file-issue-extension
126             (require-all
127                 (apply require-any filters)
128                 (extension-class "com.apple.mediaserverd.read"))))
129     (allow file-issue-extension
130         (require-all
131             (extension-class "com.apple.mediaserverd.read")
132             (extension "com.apple.security.exception.files.absolute-path.read-only"
133                        "com.apple.security.exception.files.absolute-path.read-write"
134                        "com.apple.security.exception.files.home-relative-path.read-only"
135                        "com.apple.security.exception.files.home-relative-path.read-write")))
136     (allow file-issue-extension
137         (require-all
138             (extension-class "com.apple.mediaserverd.read-write")
139             (extension "com.apple.security.exception.files.absolute-path.read-write"
140                        "com.apple.security.exception.files.home-relative-path.read-write")))
141
142     (mobile-preferences-read
143         "com.apple.avfoundation"
144         "com.apple.coreaudio"
145         "com.apple.coremedia"
146         "com.apple.corevideo"
147         "com.apple.itunesstored" ; Needed by MediaPlayer framework
148         "com.apple.mobileipod" ; Ditto
149         "com.apple.audio.virtualaudio" ; <rdar://problem/57170333>
150     )
151
152     ;; AVF needs to see these network preferences:
153     (allow file-read*
154         (literal "/private/var/preferences/com.apple.networkd.plist"))
155
156     ;; Allow mediaserverd to issue file extensions for the purposes of reading media
157     (allow file-issue-extension (require-all
158         (extension "com.apple.app-sandbox.read")
159         (extension-class "com.apple.mediaserverd.read")))
160 )
161
162 (define-once (media-remote)
163     (mobile-preferences-read
164         "com.apple.mediaremote"
165         "com.apple.mobileipod")
166 )
167
168 (define-once (media-capture-support)
169     ;; Media capture, microphone access
170     (with-filter (extension "com.apple.webkit.microphone")
171         (allow device-microphone))
172
173     ;; Media capture, camera access
174     (with-filter (extension "com.apple.webkit.camera")
175         (allow user-preference-read
176             (preference-domain "com.apple.coremedia"))
177         (allow file-read* (subpath "/Library/CoreMediaIO/Plug-Ins/DAL"))
178         (allow mach-lookup (extension "com.apple.app-sandbox.mach"))
179         (allow device-camera))
180 )
181
182 (define-once (accessibility-support)
183     (allow mach-register
184         (local-name "com.apple.iphone.axserver"))
185     (mobile-preferences-read "com.apple.Accessibility")
186     
187     ;; <rdar://problem/10809394>
188     (deny file-write-create
189         (home-prefix "/Library/Preferences/com.apple.Accessibility.plist")
190         (with no-report))
191 )
192
193 (define-once (media-accessibility-support)
194     ;; <rdar://problem/12250145>
195     (mobile-preferences-read "com.apple.mediaaccessibility")
196     (mobile-preferences-read-write "com.apple.mediaaccessibility.public")
197 )
198
199 (define-once (url-translation)
200     ;; For translating http:// & https:// URLs referencing itms:// URLs.
201     ;; <rdar://problem/11587338>
202     (allow file-read*
203            (home-literal "/Library/Caches/com.apple.itunesstored/url-resolution.plist")))
204
205 ;;;
206 ;;; Declare that the application uses the OpenGL, Metal, and CoreML hardware & frameworks.
207 ;;;
208 (define-once (opengl)
209     ;; Items not seen in testing
210     (allow iokit-open (with report) (with telemetry)
211            (iokit-connection "IOGPU")
212            (iokit-user-client-class
213                 "AGXCommandQueue"
214                 "AGXDevice"
215                 "AGXSharedUserClient"
216                 "IOAccelContext"
217                 "IOAccelDevice"
218                 "IOAccelSharedUserClient"
219                 "IOAccelSubmitter2"
220                 "IOAccelContext2"
221                 "IOAccelDevice2"
222                 "IOAccelSharedUserClient2"))
223
224     ;; Items with known uses
225     (allow iokit-open
226         (iokit-connection "IOGPU")
227         (iokit-user-client-class
228             "AGXDeviceUserClient" ;; Used by WebGL
229     ))
230
231     (allow iokit-get-properties
232         (iokit-property "IOGLBundleName")
233         (iokit-property "IOGLESBundleName")
234         (iokit-property "IOGLESDefaultUseMetal")
235         (iokit-property "IOGLESMetalBundleName")
236         (iokit-property "MetalPluginClassName")
237         (iokit-property "MetalPluginName")
238     )
239
240     (allow sysctl-read
241            (sysctl-name #"kern.bootsessionuuid"))
242
243     (allow mach-lookup
244        ;; <rdar://problem/47268166>
245        (xpc-service-name "com.apple.MTLCompilerService"))
246     
247     (mobile-preferences-read
248         "com.apple.Metal" ;; <rdar://problem/25535471>
249         "com.apple.opengl" ;; <rdar://problem/23321675>
250     )
251 )
252
253 (define-once (debugging-support)
254         (allow file-read* file-map-executable
255                (subpath "/Developer"))
256
257         (allow ipc-posix-shm
258                (ipc-posix-name-regex #"^stack-logs")
259                (ipc-posix-name-regex #"^OA-")
260                (ipc-posix-name-regex #"^/FSM-"))
261
262         (allow ipc-posix-shm-read* ipc-posix-shm-write-data ipc-posix-shm-write-unlink
263                (ipc-posix-name-regex #"^gdt-[A-Za-z0-9]+-(c|s)$"))
264
265         (with-filter (system-attribute apple-internal)
266             ;; <rdar://problem/8565035>
267             ;; <rdar://problem/23857452>
268             (allow file-read* file-map-executable
269                    (subpath "/AppleInternal")
270                    (subpath "/usr/local/lib")))
271             (with-elevated-precedence
272                 (allow file-read* file-map-executable file-issue-extension
273                    (front-user-home-subpath "/XcodeBuiltProducts")))
274
275         ;; <rdar://problem/8107758>
276         (allow file-read* file-map-executable
277                (subpath "/System/Library/Frameworks")
278                (subpath "/System/Library/PrivateFrameworks"))
279
280         ;; <rdar://problem/32544921>
281         (mobile-preferences-read "com.apple.hangtracer"))
282
283 (define-once (device-access)
284     (deny file-read* file-write*
285           (vnode-type BLOCK-DEVICE CHARACTER-DEVICE))
286
287     (allow file-read* file-write-data
288            (literal "/dev/null")
289            (literal "/dev/zero"))
290
291     (allow file-read* file-write-data file-ioctl
292            (literal "/dev/dtracehelper"))
293
294     (allow file-read*
295            (literal "/dev/random")
296            (literal "/dev/urandom"))
297     ;; <rdar://problem/14215718>
298     (deny file-write-data (with no-report)
299           (literal "/dev/random")
300           (literal "/dev/urandom"))
301
302     (allow file-read* file-write-data file-ioctl
303            (literal "/dev/aes_0")))
304
305 (define-once (logd-diagnostic-paths)
306     (require-any
307         (subpath "/private/var/db/diagnostics")
308         (subpath "/private/var/db/timesync")
309         (subpath "/private/var/db/uuidtext")
310         (subpath "/private/var/userdata/diagnostics")))
311 (define-once (logd-diagnostic-client)
312     (with-filter
313         (require-all
314             (require-any
315                 (require-entitlement "com.apple.private.logging.diagnostic")
316                 (require-entitlement "com.apple.diagnosticd.diagnostic"))
317             (extension "com.apple.logd.read-only"))
318         (allow file-read*
319                (logd-diagnostic-paths))))
320
321 (define required-etc-files
322   (literal "/private/etc/fstab"
323            "/private/etc/hosts"
324            "/private/etc/group"
325            "/private/etc/passwd"
326            "/private/etc/protocols"
327            "/private/etc/services"))
328
329 (define-once (speech-synthesis-and-voiceover)
330     ;; Speak Selection & VoiceOver
331     ;; <rdar://problem/12030530> AX: Sandbox violation with changing Language while VO is on
332     ;; and <rdar://problem/13071747>
333     (mobile-preferences-read
334         "com.apple.SpeakSelection" ; Needed for WebSpeech
335         "com.apple.VoiceOverTouch" ; Needed for non-US english language synthesis
336         "com.apple.voiceservices") ; Ditto
337
338     ;; <rdar://problem/14555119> Access to high quality speech voices
339     ;; Needed for WebSpeech
340     (allow file-read*
341         (home-subpath "/Library/VoiceServices/Assets")
342         (home-subpath "/Library/Assets/com_apple_MobileAsset_VoiceServicesVocalizerVoice"))
343 )
344
345 ;; Things required by UIKit
346 (define-once (uikit-requirements)
347     (mobile-preferences-read
348         "com.apple.UIKit"
349         "com.apple.WebUI"
350         "com.apple.airplay"
351         "com.apple.avkit"
352         "com.apple.coreanimation"
353         "com.apple.mt"
354         "com.apple.preferences.sounds")
355
356     (allow mach-lookup (with telemetry-backtrace)
357         (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
358     )
359
360     (allow mach-lookup
361         (global-name "com.apple.CARenderServer"))
362
363     ; UIKit-required IOKit nodes.
364     (allow iokit-open  (with report) (with telemetry)
365         (iokit-user-client-class "AppleJPEGDriverUserClient")
366         (iokit-user-client-class "IOSurfaceSendRight")
367     )
368
369     ; WebKit-required IOKit classes
370     (allow iokit-open
371         (iokit-user-client-class "IOSurfaceAcceleratorClient") ;; Media rendering into pixel buffers
372         (iokit-user-client-class "IOSurfaceRootUserClient") ;; Needed by Tiled Grid code.
373     )
374
375     ;; Silence sandbox violations from apps trying to create the empty plist if it doesn't exist.
376     ;; <rdar://problem/13796537>
377     (deny file-write-create
378         (home-prefix "/Library/Preferences/com.apple.UIKit.plist")
379         (with no-report))
380 )
381
382 (define-once (dictionary-support)
383     ; Dictionary Services used by UITextFields.
384     ; <rdar://problem/9386926>
385     (allow-create-directory
386         (home-literal "/Library/Caches/com.apple.DictionaryServices"))
387
388     ; <rdar://problem/8548856> Sub-TLF: Sandbox change for apps for read-only access to the dictionary directory/data
389     (allow file-read*
390         ; XXX - /Library ought to be allowed in all UI profiles but isn't (CF, MobileSafari)
391         (subpath "/Library/Dictionaries")
392         (home-subpath "/Library/Dictionaries"))
393 )
394
395 (deny file-map-executable)
396
397 (deny file-write-mount file-write-unmount)
398
399 (allow file-read-metadata (with no-times)
400        (vnode-type DIRECTORY))
401 (with-filter (apple-signed-executable?)
402   (allow file-read-metadata
403          (vnode-type DIRECTORY)))
404
405 (with-filter (apple-signed-executable?)
406   (managed-configuration-read "CloudConfigurationDetails.plist")
407   (managed-configuration-read "CloudConfigurationSetAsideDetails.plist")
408   (mobile-preferences-read "com.apple.security"))
409
410 (with-filter (system-attribute apple-internal)
411   (mobile-preferences-read "com.apple.PrototypeTools"))
412
413 (with-elevated-precedence
414     (allow file-read*
415            (subpath "/usr/lib"
416                     "/usr/share"
417                     "/private/var/db/timezone"))
418     (allow-read-and-issue-generic-extensions
419         (subpath "/Library/RegionFeatures"
420                  "/System/Library"))
421     (allow file-issue-extension
422         (require-all
423             (extension-class "com.apple.mediaserverd.read")
424             (subpath "/System/Library")))
425     (let ((hw-identifying-paths
426             (require-any
427                 (literal "/System/Library/Caches/apticket.der")
428                 (subpath "/System/Library/Caches/com.apple.kernelcaches")
429                 (subpath "/System/Library/Caches/com.apple.factorydata"))))
430         (deny file-issue-extension file-read* hw-identifying-paths))
431     
432     (allow file-map-executable
433            (subpath "/System/Library")
434            (subpath "/usr/lib"))
435     (allow file-read-metadata
436            (vnode-type SYMLINK))
437
438     ;;; <rdar://problem/24144418>
439     (allow file-read*
440            (subpath "/private/var/preferences/Logging"))
441
442     (mobile-preferences-read "kCFPreferencesAnyApplication")
443     (allow file-read*
444            (front-user-home-literal "/Library/Preferences/.GlobalPreferences.plist"))
445
446     (allow file-read*
447            (literal "/private/var/Managed Preferences/mobile/.GlobalPreferences.plist"))
448     (allow managed-preference-read (preference-domain "kCFPreferencesAnyApplication"))
449
450     (allow file-read-metadata
451            (home-literal "/Library/Caches/powerlog.launchd"))
452
453     (allow-read-and-issue-generic-extensions (executable-bundle))
454     (allow file-map-executable (executable-bundle))
455
456     ;; <rdar://problem/13963294>
457     (deny file-read-data file-issue-extension file-map-executable
458         (require-all
459             (executable-bundle)
460             (regex #"/[^/]+/SC_Info/")))
461
462     (unless (defined? 'restrictive-extension)
463         (with-filter
464             (extension
465                 "com.apple.app-sandbox.read"
466                 "com.apple.app-sandbox.read-write"
467                 "com.apple.quicklook.readonly"
468                 "com.apple.security.exception.files.absolute-path.read-only"
469                 "com.apple.security.exception.files.absolute-path.read-write"
470                 "com.apple.security.exception.files.home-relative-path.read-only"
471                 "com.apple.security.exception.files.home-relative-path.read-write"
472                 "com.apple.sharing.airdrop.readonly")
473             (allow file-read* file-read-metadata)
474             (allow file-issue-extension
475                    (extension-class "com.apple.app-sandbox.read"
476                                     "com.apple.mediaserverd.read"
477                                     "com.apple.quicklook.readonly"
478                                     "com.apple.sharing.airdrop.readonly")))
479         (with-filter
480             (extension
481                 "com.apple.app-sandbox.read-write"
482                 "com.apple.security.exception.files.absolute-path.read-write"
483                 "com.apple.security.exception.files.home-relative-path.read-write")
484             (allow file-write*)
485             (allow file-issue-extension
486                    (extension-class "com.apple.app-sandbox.read-write"
487                                     "com.apple.mediaserverd.read-write"))))
488
489     ;; <rdar://problem/16079361>
490     (with-filter (global-name-prefix "")
491         (allow mach-register
492                (extension "com.apple.security.exception.mach-register.global-name")))
493     (with-filter (local-name-prefix "")
494         (allow mach-register
495                (extension "com.apple.security.exception.mach-register.local-name")))
496     (allow-read-and-issue-generic-extensions
497            (extension "com.apple.security.exception.files.absolute-path.read-only")
498            (extension "com.apple.security.exception.files.home-relative-path.read-only"))
499     (allow-read-write-and-issue-generic-extensions
500            (extension "com.apple.security.exception.files.absolute-path.read-write")
501            (extension "com.apple.security.exception.files.home-relative-path.read-write"))
502     (allow iokit-open
503            (extension "com.apple.security.exception.iokit-user-client-class"))
504     (allow managed-preference-read
505            (extension "com.apple.security.exception.managed-preference.read-only"))
506     (allow user-preference-read
507            (extension "com.apple.security.exception.shared-preference.read-only"))
508     (allow user-preference-read user-preference-write
509            (extension "com.apple.security.exception.shared-preference.read-write"))
510
511     (allow file-issue-extension
512           (require-all
513               (extension-class "com.apple.nsurlstorage.extension-cache")
514               (extension "com.apple.security.exception.files.home-relative-path.read-write")
515               (require-any
516                   (prefix "/private/var/root/Library/Caches/")
517                   (front-user-home-prefix "/Library/Caches/"))))
518 )
519
520 (debugging-support)
521
522 (allow file-read*
523     required-etc-files
524     (literal "/"))
525
526 (allow file-read*
527        (subpath "/private/var/MobileAsset/PreinstalledAssetsV2/InstallWithOs"))
528
529 (device-access)
530
531 (allow file-issue-extension
532     (require-all
533         (extension-class "com.apple.app-sandbox.read-write" "com.apple.app-sandbox.read")
534         (extension "com.apple.fileprovider.read-write")))
535
536 (allow mach-lookup
537     (global-name "com.apple.logd")
538     (global-name "com.apple.logd.events")
539     (global-name "com.apple.cfprefsd.daemon")
540 )
541
542 (deny mach-lookup (with telemetry)
543     (global-name "com.apple.distributed_notifications@1v3"))
544
545 (allow ipc-posix-shm-read*
546        (ipc-posix-name-prefix "apple.cfprefs."))
547  
548 (allow mach-lookup (with telemetry-backtrace)
549     (global-name "com.apple.lsd.mapdb"))
550
551 ;; <rdar://problem/12413942>
552 (allow file-read*
553        (well-known-system-group-container-literal "/systemgroup.com.apple.mobilegestaltcache/Library/Caches/com.apple.MobileGestalt.plist"))
554 (allow iokit-get-properties
555        (iokit-property "IORegistryEntryPropertyKeys"))
556
557 (allow ipc-posix-sem-open
558        (ipc-posix-name "containermanagerd.fb_check"))
559
560 (with-filter (ipc-posix-name "purplebuddy.sentinel")
561     (deny ipc-posix-sem-create ipc-posix-sem-post ipc-posix-sem-unlink ipc-posix-sem-wait)
562     (allow ipc-posix-sem-open))
563
564 (allow mach-lookup (with telemetry)
565     (global-name "com.apple.runningboard") ;; Needed by process assertion code (ProcessTaskStateObserver).
566 )
567
568 (allow system-sched
569        (require-entitlement "com.apple.private.kernel.override-cpumon"))
570
571 (deny sysctl-read (with no-report)
572       (sysctl-name "sysctl.proc_native"))
573
574 (with-filter (system-attribute apple-internal)
575     (allow sysctl-read sysctl-write
576            (sysctl-name "vm.footprint_suspend")))
577
578 (allow file-read-metadata network-outbound
579        (literal "/private/var/run/syslog"))
580
581 (allow mach-lookup
582        (global-name "com.apple.system.notification_center"))
583 (allow ipc-posix-shm-read*
584        (ipc-posix-name "apple.shm.notification_center"))
585
586 (logd-diagnostic-client)
587
588 (managed-configuration-read-public)
589
590 (deny system-info (with no-report)
591       (info-type "net.link.addr"))
592
593 (allow file-read*
594        (subpath "/private/var/db/datadetectors/sys"))
595
596 (allow-well-known-system-group-container-subpath-read
597        "/systemgroup.com.apple.icloud.findmydevice.managed/Library")
598
599 (allow mach-task-name (target self))
600
601 (allow process-info-pidinfo (target self))
602 (allow process-info-pidfdinfo (target self))
603 (allow process-info-pidfileportinfo (target self))
604 (allow process-info-setcontrol (target self))
605 (allow process-info-dirtycontrol (target self))
606 (allow process-info-rusage (target self))
607 (allow process-info-codesignature (target self))
608
609 (with-filter (apple-signed-executable?)
610     (mobile-preferences-read "com.apple.demo-settings"))
611
612 ;;;
613 ;;; End common.sb content
614 ;;;
615
616 (deny mach-lookup (xpc-service-name-prefix ""))
617 (deny iokit-get-properties (with partial-symbolication))
618 (deny lsopen)
619
620 ;;;
621 ;;; The following rules were originally contained in 'UIKit-apps.sb'. We are duplicating them here so we can
622 ;;; remove unneeded sandbox extensions.
623 ;;;
624
625 ;; Any app can play audio & movies.
626 (play-media)
627
628 ;; Access to media controls
629 (media-remote)
630
631 (url-translation)
632
633 (mobile-preferences-read "com.apple.da")
634
635 (speech-synthesis-and-voiceover)
636
637 ;; Permit reading assets via MobileAsset framework.
638 (asset-access 'with-media-playback)
639
640 ;; allow 3rd party applications to access nsurlstoraged's top level domain data cache
641 (allow-well-known-system-group-container-literal-read
642     "/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
643
644 ;; Access the keyboards
645 (allow file-read*
646     (home-subpath "/Library/Caches/com.apple.keyboards"))
647
648 (mobile-preferences-read
649     "com.apple.EmojiPreferences"
650     ; <rdar://problem/8477596> com.apple.InputModePreferences
651     "com.apple.InputModePreferences"
652     ; <rdar://problem/8206632> Weather(1038) deny file-read-data ~/Library/Preferences/com.apple.keyboard.plist
653     "com.apple.keyboard"
654     ; <rdar://problem/9384085>
655     "com.apple.Preferences"
656     "com.apple.lookup.shared" ; Needed for DataDetector (Spotlight) support
657 )
658
659 ;; Silently deny unnecessary accesses caused by MessageUI framework.
660 ;; This can be removed once <rdar://problem/47038102> is resolved.
661 (deny file-read*
662     (home-literal "/Library/Preferences/com.apple.mobilemail.plist")
663     (with no-log))
664
665 ;; <rdar://problem/12985925> Need read access to /var/mobile/Library/Fonts to all apps
666 (allow file-read*
667     (home-subpath "/Library/Fonts"))
668
669 ;; <rdar://problem/7344719&26323449> LaunchServices app icons
670 (allow file-read*
671     (well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
672 (allow mach-lookup (with telemetry-backtrace)
673     (xpc-service-name "com.apple.iconservices")
674     (global-name "com.apple.iconservices"))
675
676 (allow-preferences-common)
677
678 ;; Home Button
679 (with-filter (iokit-registry-entry-class "IOPlatformDevice")
680     (allow iokit-get-properties
681         (iokit-property "home-button-type")))
682
683 (uikit-requirements)
684
685 ;; <rdar://problem/9404009>
686 (mobile-preferences-read "kCFPreferencesAnyApplication")
687
688 (dictionary-support)
689
690 ; <rdar://problem/8440231>
691 (allow file-read*
692     (home-literal "/Library/Caches/DateFormats.plist"))
693 ; Silently deny writes when CFData attempts to write to the cache directory.
694 (deny file-write*
695     (home-literal "/Library/Caches/DateFormats.plist")
696     (with no-log))
697
698 (framebuffer-access)
699
700 ; <rdar://problem/7595408> , <rdar://problem/7643881>
701 (opengl)
702
703 ; CRCopyRestrictionsDictionary periodically tries to CFPreferencesAppSynchronize com.apple.springboard.plist
704 ; which will attempt to create the plist if it doesn't exist -- from any application.  Only SpringBoard is
705 ; allowed to write its plist; ignore all others, they don't know what they are doing.
706 ; See <rdar://problem/9375027> for sample backtraces.
707 (deny file-write*
708     (home-prefix "/Library/Preferences/com.apple.springboard.plist")
709     (with no-log))
710
711 ;; <rdar://problem/34986314>
712 (mobile-preferences-read "com.apple.indigo")
713
714 ;;;
715 ;;; End UIKit-apps.sb content
716 ;;;
717
718 (deny sysctl*)
719 (allow sysctl-read
720     (sysctl-name
721         "hw.activecpu" ;; Needed by JSC engine.
722         "hw.availcpu"
723         "hw.cachelinesize"
724         "hw.cpufamily" ;; <rdar://problem/58416475>
725         "hw.cputype"
726         "hw.l2cachesize"
727         "hw.logicalcpu"
728         "hw.logicalcpu_max"
729         "hw.ncpu"
730         "hw.machine"
731         "hw.memsize"
732         "hw.model"
733         "hw.pagesize_compat"
734         "hw.physicalcpu"
735         "hw.physicalcpu_max"
736         "kern.bootargs"
737         "kern.hostname"
738         "kern.memorystatus_level"
739         "kern.osproductversion"
740         "kern.osrelease"
741         "kern.ostype"
742         "kern.osvariant_status"
743         "kern.secure_kernel" ;; Needed by XPC bundle resolution
744         "kern.version"
745         "sysctl.name2oid"
746         "vm.footprint_suspend")
747     (sysctl-name-regex #"^net.routetable") ;; <rdar://problem/57665153>
748 )
749
750 (allow iokit-get-properties
751     (iokit-property-regex #"^AAPL,(DisplayPipe|OpenCLdisabled|IOGraphics_LER(|_RegTag_1|_RegTag_0|_Busy_2)|alias-policy|boot-display|display-alias|mux-switch-state|ndrv-dev|primary-display|slot-name)")
752     (iokit-property "APTDevice")
753     (iokit-property "AVCSupported")
754     (iokit-property-regex #"^AppleJPEG(NumCores|Supports(AppleInterchangeFormats|MissingEOI|RSTLogging))")
755     (iokit-property "BaseAddressAlignmentRequirement")
756     (iokit-property-regex #"^DisplayPipe(PlaneBaseAlignment|StrideRequirements)")
757     (iokit-property "HEVCSupported")
758     (iokit-property-regex #"IOGVA(BGRAEnc|Codec|EncoderRestricted|Scaler)")
759     (iokit-property "IOClassNameOverride")
760     (iokit-property "IOPlatformUUID")
761     (iokit-property "IOSurfaceAcceleratorCapabilitiesDict")
762     (iokit-property "LGHSupported")
763     (iokit-property "Protocol Characteristics")
764     (iokit-property "als-colorCfg") ;; <rdar://problem/52903475>
765     (iokit-property "artwork-device-idiom") ;; <rdar://problem/49497720>
766     (iokit-property "artwork-device-subtype")
767     (iokit-property "artwork-display-gamut") ;; <rdar://problem/49497788>
768     (iokit-property "artwork-dynamic-displaymode") ;; <rdar://problem/49497720>
769     (iokit-property "artwork-scale-factor") ;; <rdar://problem/49497788>
770     (iokit-property-regex #"(canvas-height|canvas-width)")
771     (iokit-property "chip-id") ;; <rdar://problem/52903477>
772     (iokit-property "class-code")
773     (iokit-property "color-accuracy-index")
774     (iokit-property "compatible") ;; <rdar://problem/47523516>
775     (iokit-property "compatible-device-fallback") ;; <rdar://problem/49497720>
776     (iokit-property "device-colors") ;; <rdar://problem/51322072>
777     (iokit-property "device-id")
778     (iokit-property "device-perf-memory-class")
779     (iokit-property "dfr")
780     (iokit-property "display-corner-radius") ;; <rdar://problem/50602737>
781     (iokit-property "emu")
782     (iokit-property "external")
783     (iokit-property "graphics-featureset-class") ;; <rdar://problem/49497720>
784     (iokit-property "graphics-featureset-fallbacks") ;; <rdar://problem/51322072>
785     (iokit-property "hdcp-hoover-protocol")
786     (iokit-property "iommu-present")
787     (iokit-property "oled-display") ;; <rdar://problem/51322072>
788     (iokit-property "product-description") ;; <rdar://problem/49497788>
789     (iokit-property "product-id")
790     (iokit-property "region-info") ;; <rdar://problem/52903475>
791     (iokit-property "regulatory-model-number") ;; <rdar://problem/52903475>
792     (iokit-property "soc-generation") ;; <rdar://problem/52903476>
793     (iokit-property "software-behavior")
794     (iokit-property "vendor-id")
795     (iokit-property "udid-version") ;; <rdar://problem/52903475>
796     (iokit-property "ui-pip") ;; <rdar://problem/48867037>
797 )
798
799 ;; Read-only preferences and data
800 (mobile-preferences-read
801     "com.apple.LaunchServices"
802     "com.apple.WebFoundation"
803     "com.apple.avfoundation.frecents" ;; <rdar://problem/33137029>
804     "com.apple.avfoundation.videoperformancehud" ;; <rdar://problem/31594568>
805     "com.apple.voiceservices.logging")
806
807 ;; Sandbox extensions
808 (define (apply-read-and-issue-extension op path-filter)
809     (op file-read* path-filter)
810     (op file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read") path-filter)))
811 (define (apply-write-and-issue-extension op path-filter)
812     (op file-write* path-filter)
813     (op file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read-write") path-filter)))
814 (define (read-only-and-issue-extensions path-filter)
815     (apply-read-and-issue-extension allow path-filter))
816 (define (read-write-and-issue-extensions path-filter)
817     (apply-read-and-issue-extension allow path-filter)
818     (apply-write-and-issue-extension allow path-filter))
819 (read-only-and-issue-extensions (extension "com.apple.app-sandbox.read"))
820 (read-write-and-issue-extensions (extension "com.apple.app-sandbox.read-write"))
821
822 ;; Access to client's cache folder & re-vending to CFNetwork.
823 (allow file-issue-extension (require-all
824     (extension "com.apple.app-sandbox.read-write")
825     (extension-class "com.apple.nsurlstorage.extension-cache")))
826
827 (accessibility-support)
828
829 (media-accessibility-support)
830
831 ;; Remote Web Inspector
832 (allow mach-lookup (with report) (with telemetry)
833        (global-name "com.apple.webinspector"))
834
835 (allow mach-lookup (with telemetry-backtrace)
836     (global-name "com.apple.PowerManagement.control"))
837
838 (deny file-write-create (vnode-type SYMLINK))
839 (deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))
840
841 ;; Allow loading injected bundles.
842 (allow file-map-executable)
843
844 ;; Allow ManagedPreference access
845 (allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
846
847 (allow file-read-data
848     (literal "/usr/local/lib/log") ; <rdar://problem/36629495>
849 )
850
851 (allow mach-lookup
852     (require-all
853         (extension "com.apple.webkit.extension.mach")
854         (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.nehelper" "com.apple.nesessionmanager.content-filter" "com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI" "com.apple.diagnosticd" "com.apple.lsd.open" "com.apple.mobileassetd" "com.apple.mobileassetd.v2" "com.apple.frontboard.systemappservices" "com.apple.iconservices" "com.apple.webinspector" "com.apple.PowerManagement.control" "com.apple.cfprefsd.daemon" "com.apple.lsd.mapdb"
855
856             ;;; FIXME(207716): The following should be removed when the GPU process is complete
857             "com.apple.airplay.apsynccontroller.xpc" "com.apple.audio.AURemoteIOServer" "com.apple.audio.AudioComponentRegistrar"
858             "com.apple.audio.AudioComponentRegistrar" "com.apple.audio.AudioSession" "com.apple.coremedia.admin" "com.apple.coremedia.asset.xpc"
859             "com.apple.coremedia.assetimagegenerator.xpc" "com.apple.coremedia.audiodeviceclock.xpc" "com.apple.coremedia.audioprocessingtap.xpc"
860             "com.apple.coremedia.capturesession" "com.apple.coremedia.capturesource" "com.apple.coremedia.compressionsession" "com.apple.coremedia.cpe.xpc"
861             "com.apple.coremedia.cpeprotector.xpc" "com.apple.coremedia.customurlloader.xpc" "com.apple.coremedia.decompressionsession"
862             "com.apple.coremedia.endpoint.xpc" "com.apple.coremedia.figcontentkeysession.xpc" "com.apple.coremedia.figcpecryptor"
863             "com.apple.coremedia.formatreader.xpc" "com.apple.coremedia.player.xpc" "com.apple.coremedia.remaker" "com.apple.coremedia.remotequeue"
864             "com.apple.coremedia.routediscoverer.xpc" "com.apple.coremedia.routingcontext.xpc" "com.apple.coremedia.routingsessionmanager.xpc"
865             "com.apple.coremedia.samplebufferaudiorenderer.xpc" "com.apple.coremedia.samplebufferrendersynchronizer.xpc" "com.apple.coremedia.sandboxserver.xpc"
866             "com.apple.coremedia.sts" "com.apple.coremedia.systemcontroller.xpc" "com.apple.coremedia.videoqueue" "com.apple.coremedia.volumecontroller.xpc"
867             "com.apple.coremedia.visualcontext.xpc" "com.apple.mediaremoted.xpc"
868             ;;; FIXME(207716): End services to remove.
869 )))
870
871 (allow mach-lookup
872     (require-all
873         (extension "com.apple.webkit.extension.mach")
874         (xpc-service-name
875             ;;; FIXME(207716): The following should be removed when the GPU process is complete
876             "com.apple.MediaPlayer.RemotePlayerService"
877             "com.apple.accessibility.mediaaccessibilityd"
878             "com.apple.audio.toolbox.reporting.service"
879             ;;; FIXME(207716): End services to remove.
880         )
881     )
882 )
883
884 (allow mach-lookup
885     (require-all
886         (extension "com.apple.webkit.extension.mach")
887         (xpc-service-name-prefix "com.apple.AGXCompilerService")))
888
889 (media-capture-support)
890
891 ;; These services have been identified as unused during living-on.
892 ;; This list overrides some definitions above and in common.sb.
893 ;; FIXME: remove overridden rules once the final list has been
894 ;; established, see https://bugs.webkit.org/show_bug.cgi?id=193840
895 (deny mach-lookup
896     (global-name "com.apple.webkit.camera")
897 )
898
899 (when (defined? 'syscall-unix)
900     (deny syscall-unix (with send-signal SIGKILL))
901     (allow syscall-unix
902         (syscall-number SYS_exit)
903         (syscall-number SYS_read)
904         (syscall-number SYS_write)
905         (syscall-number SYS_open)
906         (syscall-number SYS_close)
907         (syscall-number SYS_unlink)
908         (syscall-number SYS_chmod)
909         (syscall-number SYS_getuid)
910         (syscall-number SYS_geteuid)
911         (syscall-number SYS_recvfrom)
912         (syscall-number SYS_getpeername)
913         (syscall-number SYS_access)
914         (syscall-number SYS_dup)
915         (syscall-number SYS_pipe)
916         (syscall-number SYS_getegid)
917         (syscall-number SYS_getgid)
918         (syscall-number SYS_sigprocmask)
919         (syscall-number SYS_sigaltstack)
920         (syscall-number SYS_ioctl)
921         (syscall-number SYS_readlink)
922         (syscall-number SYS_umask)
923         (syscall-number SYS_msync)
924         (syscall-number SYS_munmap)
925         (syscall-number SYS_mprotect)
926         (syscall-number SYS_madvise)
927         (syscall-number SYS_fcntl)
928         (syscall-number SYS_select)
929         (syscall-number SYS_fsync)
930         (syscall-number SYS_setpriority)
931         (syscall-number SYS_socket)
932         (syscall-number SYS_connect)
933         (syscall-number SYS_setsockopt)
934         (syscall-number SYS_gettimeofday)
935         (syscall-number SYS_getrusage)
936         (syscall-number SYS_getsockopt)
937         (syscall-number SYS_writev)
938         (syscall-number SYS_fchmod)
939         (syscall-number SYS_rename)
940         (syscall-number SYS_flock)
941         (syscall-number SYS_sendto)
942         (syscall-number SYS_shutdown)
943         (syscall-number SYS_socketpair)
944         (syscall-number SYS_mkdir)
945         (syscall-number SYS_rmdir)
946         (syscall-number SYS_pread)
947         (syscall-number SYS_pwrite)
948         (syscall-number SYS_csops)
949         (syscall-number SYS_csops_audittoken)
950         (syscall-number SYS_kdebug_trace64)
951         (syscall-number SYS_kdebug_trace)
952         (syscall-number SYS_sigreturn)
953         (syscall-number SYS_pathconf)
954         (syscall-number SYS_getrlimit)
955         (syscall-number SYS_setrlimit)
956         (syscall-number SYS_mmap)
957         (syscall-number SYS_lseek)
958         (syscall-number SYS_ftruncate)
959         (syscall-number SYS_sysctl)
960         (syscall-number SYS_mlock)
961         (syscall-number SYS_munlock)
962         (syscall-number SYS_getattrlist)
963         (syscall-number SYS_getxattr)
964         (syscall-number SYS_fgetxattr)
965         (syscall-number SYS_listxattr)
966         (syscall-number SYS_shm_open)
967         (syscall-number SYS_sem_wait)
968         (syscall-number SYS_sem_post)
969         (syscall-number SYS_sysctlbyname)
970         (syscall-number SYS_psynch_mutexwait)
971         (syscall-number SYS_psynch_mutexdrop)
972         (syscall-number SYS_psynch_cvbroad)
973         (syscall-number SYS_psynch_cvsignal)
974         (syscall-number SYS_psynch_cvwait)
975         (syscall-number SYS_psynch_rw_wrlock)
976         (syscall-number SYS_psynch_rw_unlock)
977         (syscall-number SYS_psynch_cvclrprepost)
978         (syscall-number SYS_process_policy)
979         (syscall-number SYS_issetugid)
980         (syscall-number SYS___pthread_kill)
981         (syscall-number SYS___pthread_markcancel)
982         (syscall-number SYS___pthread_sigmask)
983         (syscall-number SYS___disable_threadsignal)
984         (syscall-number SYS___semwait_signal)
985         (syscall-number SYS_proc_info)
986         (syscall-number SYS_stat64)
987         (syscall-number SYS_fstat64)
988         (syscall-number SYS_lstat64)
989         (syscall-number SYS_getdirentries64)
990         (syscall-number SYS_statfs64)
991         (syscall-number SYS_fstatfs64)
992         (syscall-number SYS_getfsstat64)
993         (syscall-number SYS_getaudit_addr)
994         (syscall-number SYS_bsdthread_create)
995         (syscall-number SYS_bsdthread_terminate)
996         (syscall-number SYS_workq_kernreturn)
997         (syscall-number SYS_thread_selfid)
998         (syscall-number SYS_kevent_qos)
999         (syscall-number SYS_kevent_id)
1000         (syscall-number SYS___mac_syscall)
1001         (syscall-number SYS_read_nocancel)
1002         (syscall-number SYS_write_nocancel)
1003         (syscall-number SYS_open_nocancel)
1004         (syscall-number SYS_close_nocancel)
1005         (syscall-number SYS_sendmsg_nocancel)
1006         (syscall-number SYS_recvfrom_nocancel)
1007         (syscall-number SYS_fcntl_nocancel)
1008         (syscall-number SYS_select_nocancel)
1009         (syscall-number SYS_connect_nocancel)
1010         (syscall-number SYS_sendto_nocancel)
1011         (syscall-number SYS_fsgetpath)
1012         (syscall-number SYS_fileport_makeport)
1013         (syscall-number SYS_guarded_open_np)
1014         (syscall-number SYS_guarded_close_np)
1015         (syscall-number SYS_change_fdguard_np)
1016         (syscall-number SYS_proc_rlimit_control)
1017         (syscall-number SYS_connectx)
1018         (syscall-number SYS_getattrlistbulk)
1019         (syscall-number SYS_openat)
1020         (syscall-number SYS_openat_nocancel)
1021         (syscall-number SYS_fstatat64)
1022         (syscall-number SYS_mkdirat)
1023         (syscall-number SYS_bsdthread_ctl)
1024         (syscall-number SYS_csrctl)
1025         (syscall-number SYS_guarded_pwrite_np)
1026         (syscall-number SYS_getentropy)
1027         (syscall-number SYS_necp_open)
1028         (syscall-number SYS_necp_client_action)
1029         (syscall-number SYS_ulock_wait)
1030         (syscall-number SYS_ulock_wake)
1031         (syscall-number SYS_kdebug_typefilter)
1032         (syscall-number SYS_shared_region_check_np)
1033         (syscall-number SYS_getpid)
1034         (syscall-number SYS_bsdthread_register)
1035         (syscall-number SYS_sigaction)
1036         (syscall-number SYS_gettid)
1037         (syscall-number SYS_workq_open)
1038         (syscall-number SYS_chdir)
1039         (syscall-number SYS_memorystatus_control)
1040         (syscall-number SYS_sem_open)
1041         (syscall-number SYS_sem_close)
1042         (syscall-number SYS_fsetattrlist)
1043         (syscall-number SYS_guarded_open_dprotected_np) ; <rdar://problem/48166729>
1044         (syscall-number SYS_mremap_encrypted)
1045         (syscall-number SYS_dup2)
1046         (syscall-number SYS_fileport_makefd)
1047         (syscall-number SYS_os_fault_with_payload)
1048         (syscall-number SYS_persona)
1049         (syscall-number SYS_work_interval_ctl)
1050         (syscall-number SYS_open_dprotected_np)
1051         (syscall-number SYS_pread_nocancel)
1052         (syscall-number SYS___semwait_signal_nocancel)
1053         (syscall-number SYS_kdebug_trace_string) ;; Needed for performance sampling, see <rdar://problem/48829655>.
1054         (syscall-number SYS_fgetattrlist) ;; <rdar://problem/50266257>
1055         (syscall-number SYS_fsetxattr) ;; <rdar://problem/49795964>
1056         (syscall-number SYS_abort_with_payload) ;; <rdar://problem/50967271>
1057         (syscall-number SYS_kqueue) ;; <rdar://problem/49609201>
1058         (syscall-number SYS_kqueue_workloop_ctl) ;; <rdar://problem/50999499>
1059         (syscall-number SYS_psynch_rw_rdlock) ;; <rdar://problem/51134351>
1060         (syscall-number SYS_faccessat) ;; <rdar://problem/56998930>
1061         (syscall-number SYS_objc_bp_assist_cfg_np) ;; <rdar://problem/55924791>
1062         (syscall-number SYS_shared_region_map_and_slide_2_np) ;; <rdar://problem/60294880>
1063     )
1064 )