Title: [225763] trunk/Source/WebKit
- Revision
- 225763
- Author
- [email protected]
- Date
- 2017-12-11 16:39:37 -0800 (Mon, 11 Dec 2017)
Log Message
[iOS] Remove unused services from WebContent Process sandbox
https://bugs.webkit.org/show_bug.cgi?id=180670
Reviewed by Eric Carlson.
Pare down the set of sandbox exceptions in the iOS WebContent process sandbox to just
those services actually in use:
1. Remove unused code.
2. Instead of defining a 'UIKit-app' function and calling it, just declare the individual sandbox
commands inline. This will allow them to be more easily consolidated with other parts of the
sandbox in a future step.
This update should not change behavior.
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (225762 => 225763)
--- trunk/Source/WebKit/ChangeLog 2017-12-12 00:28:59 UTC (rev 225762)
+++ trunk/Source/WebKit/ChangeLog 2017-12-12 00:39:37 UTC (rev 225763)
@@ -1,3 +1,21 @@
+2017-12-11 Brent Fulgham <[email protected]>
+
+ [iOS] Remove unused services from WebContent Process sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=180670
+
+ Reviewed by Eric Carlson.
+
+ Pare down the set of sandbox exceptions in the iOS WebContent process sandbox to just
+ those services actually in use:
+ 1. Remove unused code.
+ 2. Instead of defining a 'UIKit-app' function and calling it, just declare the individual sandbox
+ commands inline. This will allow them to be more easily consolidated with other parts of the
+ sandbox in a future step.
+
+ This update should not change behavior.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
2017-12-11 Chris Dumez <[email protected]>
Merge ServiceWorkerClientIdentifier into ServiceWorkerClientData
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (225762 => 225763)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2017-12-12 00:28:59 UTC (rev 225762)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2017-12-12 00:39:37 UTC (rev 225763)
@@ -34,507 +34,369 @@
;;; remove unneeded sandbox extensions.
;;;
-;;;
-;;; Declare that the process hosts UI provided by another process.
-;;; (This could potentially be any application; see <rdar://problem/11034833> and
-;;; <rdar://problem/11330224> for details)
-;;;
-(define-once (remote-view-client)
- (allow mach-lookup
- (global-name "com.apple.frontboard.systemappservices") ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
- (global-name-regex #"^com\.apple\.uikit\.viewservice\..+")))
+;;; <rdar://problem/29959382> Allow UIKit apps access to com.apple.TextInput.preferences mach service
+(allow mach-lookup
+ (global-name "com.apple.TextInput.preferences"))
-;;;
-;;; Declare that the process serves UI that can be remotely-hosted by another process.
-;;;
-(define-once (remote-view-service)
- ;; RemoteViewServices need to lookup their own accessility service in order to send
- ;; the mach port to the hosting app.
- (allow mach-lookup
- (local-name "com.apple.iphone.axserver"))
- ;; RemoteViewServices need to lookup the bundle identifier of the application hosting
- ;; their views (see <rdar://problem/11780984>).
- (allow mach-lookup
- (global-name "com.apple.springboard.backgroundappservices")))
+(allow mach-lookup
+ (xpc-service-name "com.apple.siri.context.service"))
-(define (uikit-app . rest)
- ;;; <rdar://problem/29959382> Allow UIKit apps access to com.apple.TextInput.preferences mach service
- (allow mach-lookup
- (global-name "com.apple.TextInput.preferences"))
+(allow mach-lookup
+ (global-name "com.apple.frontboard.systemappservices") ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
+ (global-name-regex #"^com\.apple\.uikit\.viewservice\..+"))
- (allow mach-lookup
- (xpc-service-name "com.apple.siri.context.service"))
+;; Any app could use ubiquity.
+(ubiquity-client)
- ;; Any UI could be remote-hosted.
- (remote-view-client)
+;; Any app can play audio & movies.
+(play-audio)
+(play-media)
- ;; Any app could use ubiquity.
- (ubiquity-client)
+(url-translation)
- ;; Any app can play audio & movies.
- (play-audio)
- (play-media)
+;; For <rdar://problem/20812377> All applications need to be able to access the com.apple.UIKit.KeyboardManagement running in backboardd
+;; renamed in <rdar://problem/20909914> Rename com.apple.UIKit.KeyboardManagement
+(allow mach-lookup
+ (global-name "com.apple.UIKit.KeyboardManagement")
+ (global-name "com.apple.UIKit.KeyboardManagement.hosted"))
- ;; Any app can use ProgressKit
- (progresskit-client)
-
- (url-translation)
-
- ;; For <rdar://problem/20812377> All applications need to be able to access the com.apple.UIKit.KeyboardManagement running in backboardd
- ;; renamed in <rdar://problem/20909914> Rename com.apple.UIKit.KeyboardManagement
+;; For <rdar://problem/23469318> Allow UIKit-based apps to access com.apple.remote-text-editing mach service
+;; and <rdar://problem/23579008> REM: Allow UIKit-based apps to access com.apple.remote-input-limiting mach service
+(when tv?
(allow mach-lookup
- (global-name "com.apple.UIKit.KeyboardManagement")
- (global-name "com.apple.UIKit.KeyboardManagement.hosted"))
+ (global-name "com.apple.remote-input-limiting")
+ (global-name "com.apple.remote-text-editing")
+ (global-name "com.apple.remote-text-editing-legacy")
+ (global-name "com.apple.sharing.remote-text-editing")))
- ;; For <rdar://problem/23469318> Allow UIKit-based apps to access com.apple.remote-text-editing mach service
- ;; and <rdar://problem/23579008> REM: Allow UIKit-based apps to access com.apple.remote-input-limiting mach service
- (when tv?
- (allow mach-lookup
- (global-name "com.apple.remote-input-limiting")
- (global-name "com.apple.remote-text-editing")
- (global-name "com.apple.remote-text-editing-legacy")
- (global-name "com.apple.sharing.remote-text-editing")))
+;; TextInput framework
+(allow mach-lookup
+ (global-name "com.apple.TextInput")
+ (global-name "com.apple.TextInput.emoji")
+ (global-name "com.apple.TextInput.image-cache-server")
+ (global-name "com.apple.TextInput.lexicon-server")
+ (global-name "com.apple.TextInput.rdt")
+ (global-name "com.apple.TextInput.shortcuts"))
+(mobile-preferences-read "com.apple.da")
- ;; For ApplicationScripting
- ;; <rdar://problem/12778546> ASProcessScriptEvent fails to obtain port for event return
- (allow mach-lookup
- (global-name "ScripterServer"))
+;; Various Accessibility services.
+(allow mach-lookup
+ (xpc-service-name "com.apple.accessibility.AccessibilityUIServer"))
- ;; TextInput framework
- (allow mach-lookup
- (global-name "com.apple.TextInput")
- (global-name "com.apple.TextInput.emoji")
- (global-name "com.apple.TextInput.image-cache-server")
- (global-name "com.apple.TextInput.lexicon-server")
- (global-name "com.apple.TextInput.rdt")
- (global-name "com.apple.TextInput.shortcuts"))
- (mobile-preferences-read "com.apple.da")
+;; Guided Access support (<rdar://problem/11683460>).
+(allow mach-lookup
+ (global-name "com.apple.accessibility.gax.backboard"))
+(allow mach-register
+ (local-name "com.apple.accessibility.gax.client"))
- ;; Various Accessibility services.
- (allow mach-lookup
- (xpc-service-name "com.apple.accessibility.AccessibilityUIServer"))
+;; AssistiveTouch
+;; <rdar://problem/11800071> sandbox error for remote message services when AssistiveTouch is running
+(allow mach-lookup
+ (global-name "UIASTNotificationCenter"))
- ;; Guided Access support (<rdar://problem/11683460>).
- (allow mach-lookup
- (global-name "com.apple.accessibility.gax.backboard"))
- (allow mach-register
- (local-name "com.apple.accessibility.gax.client"))
+;; ZoomTouch
+;; <rdar://problem/11823957>
+(allow mach-lookup
+ (global-name "com.apple.accessibility.AXBackBoardServer"))
- ;; AssistiveTouch
- ;; <rdar://problem/11800071> sandbox error for remote message services when AssistiveTouch is running
- (allow mach-lookup
- (global-name "UIASTNotificationCenter"))
+;; Speak Selection & VoiceOver
+;; <rdar://problem/12030530> AX: Sandbox violation with changing Language while VO is on
+;; and <rdar://problem/13071747>
+(mobile-preferences-read
+ "com.apple.SpeakSelection"
+ "com.apple.VoiceOverTouch"
+ "com.apple.voiceservices")
+(allow mach-lookup
+ (global-name "com.apple.audio.AudioComponentPrefs")
+ (global-name "com.apple.audio.AudioComponentRegistrar")
+ (global-name "com.apple.audio.AudioQueueServer")
+ (global-name "com.apple.voiceservices.keepalive")
+ (global-name "com.apple.voiceservices.tts"))
+(allow mach-register
+ (local-name "com.apple.iphone.axserver"))
+;; <rdar://problem/14555119> Access to high quality speech voices
+(allow file-read*
+ (home-subpath "/Library/VoiceServices/Assets")
+ (home-subpath "/Library/Assets/com_apple_MobileAsset_VoiceServicesVocalizerVoice"))
- ;; ZoomTouch
- ;; <rdar://problem/11823957>
- (allow mach-lookup
- (global-name "com.apple.accessibility.AXBackBoardServer"))
+;; HearingAidSupport
+(allow mach-lookup
+ (xpc-service-name "com.apple.accessibility.heard"))
- ;; Speak Selection & VoiceOver
- ;; <rdar://problem/12030530> AX: Sandbox violation with changing Language while VO is on
- ;; and <rdar://problem/13071747>
- (mobile-preferences-read
- "com.apple.SpeakSelection"
- "com.apple.VoiceOverTouch"
- "com.apple.voiceservices")
- (allow mach-lookup
- (global-name "com.apple.audio.AudioComponentPrefs")
- (global-name "com.apple.audio.AudioComponentRegistrar")
- (global-name "com.apple.audio.AudioQueueServer")
- (global-name "com.apple.voiceservices.keepalive")
- (global-name "com.apple.voiceservices.tts"))
- (allow mach-register
- (local-name "com.apple.iphone.axserver"))
- ;; <rdar://problem/14555119> Access to high quality speech voices
- (allow file-read*
- (home-subpath "/Library/VoiceServices/Assets")
- (home-subpath "/Library/Assets/com_apple_MobileAsset_VoiceServicesVocalizerVoice"))
+;; MediaAccessibility (captions)
+;; <rdar://problem/12801477>
+(mobile-preferences-read "com.apple.mediaaccessibility")
+(allow mach-lookup (global-name "com.apple.accessibility.mediaaccessibilityd"))
- ;; HearingAidSupport
- (allow mach-lookup
- (xpc-service-name "com.apple.accessibility.heard"))
+;; Permit reading assets via MobileAsset framework.
+(asset-access 'with-media-playback)
- ;; MediaAccessibility (captions)
- ;; <rdar://problem/12801477>
- (mobile-preferences-read "com.apple.mediaaccessibility")
- (allow mach-lookup (global-name "com.apple.accessibility.mediaaccessibilityd"))
+;; allow 3rd party applications to access nsurlstoraged's top level domain data cache
+(allow-well-known-system-group-container-literal-read
+ "/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
- ;; MobileAssistantFramework's AFContextManager
- ;; <rdar://problem/13742083> & <rdar://problem/13717391> & <rdar://problem/13811297>
- (allow mach-register mach-lookup
- (local-name-regex #"^com\.apple\.assistant\.contextprovider\."))
+;; AirPlay
+(allow mach-lookup
+ (global-name "com.apple.airplaydiagnostics.server"))
- ;; Permit reading assets via MobileAsset framework.
- (asset-access 'with-media-playback)
+;; Access the keyboards
+(allow file-read*
+ (home-subpath "/Library/Caches/com.apple.keyboards"))
- ;; Permit access to on-demand resources.
- (allow mach-lookup
- (global-name "com.apple.ondemandd.client"))
- (with-filter
- (require-all
- (require-any
- (home-subpath "/Library/OnDemandResources/AssetPacks")
- (well-known-system-group-container-subpath "/systemgroup.com.apple.ondemandresources/Library/AssetPacks"))
- (extension "com.apple.odr-assets"))
- (allow file-read*)
- (allow file-issue-extension
- (extension-class "com.apple.app-sandbox.read" "com.apple.mediaserverd.read")))
+;; NSExtension helper for supplying information not provided by PlugInKit
+(allow mach-lookup
+ (xpc-service-name "com.apple.uifoundation-bundle-helper"))
- ;; allow 3rd party applications to access nsurlstoraged's top level domain data cache
- (allow-well-known-system-group-container-literal-read
- "/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
+;; <rdar://problem/19525887>
+(allow mach-lookup (xpc-service-name-regex #"\.apple-extension-service$"))
+;; <rdar://problem/31252371>
+(allow mach-lookup (xpc-service-name-regex #"\.viewservice$"))
- ;; allow replayd to extend read access to its data
- (allow file-read*
- (require-all
- (extension "com.apple.replayd.read-only")
- (home-subpath "/Library/ReplayKit")))
+;; DataDetectors -> CallKit so user can place calls by tapping on phone numbers.
+(allow mach-lookup
+ (global-name "com.apple.callkit.callcontrollerhost"))
- ;; AirPlay
- (allow mach-lookup
- (global-name "com.apple.airplaydiagnostics.server"))
+;; DataDetectors; update CoreRecents with recently-detected addresses, etc.
+(allow mach-lookup
+ (xpc-service-name "com.apple.datadetectors.AddToRecentsService"))
- ;; Access the keyboards
- (allow file-read*
- (home-subpath "/Library/Caches/com.apple.keyboards"))
+;; <rdar://problem/19460486>
+(nano-preferences-read ".GlobalPreferences")
- ;; NSExtension helper for supplying information not provided by PlugInKit
- (allow mach-lookup
- (xpc-service-name "com.apple.uifoundation-bundle-helper"))
+(mobile-preferences-read
+ ; To determine whether the dictation opt-in alert should be suppressed.
+ "com.apple.assistant.backedup"
+ ; Keyboard Dictation reads the list of supported languages from com.apple.assistant.support.plist.
+ ; And Dictation checks whether Assistant is enabled by reading the same plist.
+ ; <rdar://problem/9883999> com.apple.assistant.support preference domain needs to be unsandboxed
+ "com.apple.assistant.support"
+ "com.apple.EmojiPreferences"
+ ; For CarPlay screen aspect ratio (rdar://problem/20062770).
+ "com.apple.iapd"
+ ; <rdar://problem/8477596> com.apple.InputModePreferences
+ "com.apple.InputModePreferences"
+ ; <rdar://problem/8206632> Weather(1038) deny file-read-data ~/Library/Preferences/com.apple.keyboard.plist
+ "com.apple.keyboard"
+ ; <rdar://problem/25130834> Spotlight suggestions in Lookup preference should be readable by any process
+ "com.apple.lookup.shared"
+ ; <rdar://problem/9384085>
+ "com.apple.Preferences")
- ;; <rdar://problem/19525887>
- (allow mach-lookup (xpc-service-name-regex #"\.apple-extension-service$"))
- ;; <rdar://problem/31252371>
- (allow mach-lookup (xpc-service-name-regex #"\.viewservice$"))
+;; <rdar://problem/12985925> Need read access to /var/mobile/Library/Fonts to all apps
+(allow file-read*
+ (home-subpath "/Library/Fonts"))
- ;; DataDetectors -> CallKit so user can place calls by tapping on phone numbers.
- (allow mach-lookup
- (global-name "com.apple.callkit.callcontrollerhost"))
+;; <rdar://problem/23803332>, <rdar://problem/9457549>, <rdar://problem/13237899>
+(allow mach-lookup
+ (global-name "com.apple.assistant.analytics")
+ (global-name "com.apple.assistant.dictation")
+ (global-name "com.apple.dictationd.recognition"))
- ;; DataDetectors; update CoreRecents with recently-detected addresses, etc.
- (allow mach-lookup
- (xpc-service-name "com.apple.datadetectors.AddToRecentsService"))
+;; For copy-and-paste.
+(allow mach-lookup
+ (global-name "com.apple.UIKit.pasteboardd")
+ (global-name "com.apple.pasteboard.pasted"))
- ;; Accessoryd
- (allow mach-lookup
- (global-name "com.apple.accessories.externalaccessory-server"))
+;; <rdar://problem/7344719&26323449> LaunchServices app icons
+(allow file-read*
+ (well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
+(allow mach-lookup
+ (xpc-service-name "com.apple.lsdiconservice"))
- ;; Power logging
- (allow mach-lookup
- (global-name "com.apple.powerlog.plxpclogger.xpc"))
+;; Common mach services needed by UIKit.
+(allow mach-lookup
+ (global-name "com.apple.CARenderServer")
+ (global-name "com.apple.KeyboardServices.TextReplacementService")
+ (global-name "com.apple.UIKit.statusbarserver")
+ (global-name "com.apple.uikit.GestureServer")
+ (global-name "com.apple.assertiond.applicationstateconnection")
+ (global-name "com.apple.assertiond.expiration")
+ (global-name "com.apple.assertiond.processinfoservice")
+ (global-name "com.apple.audio.hapticd")
+ (global-name "com.apple.audio.SystemSoundServer-iOS")
+ (global-name "com.apple.backboard.TouchDeliveryPolicyServer")
+ (global-name "com.apple.backboard.animation-fence-arbiter")
+ (global-name "com.apple.backboard.display.services")
+ (global-name "com.apple.backboard.hid.focus")
+ (global-name "com.apple.backboard.hid.services")
+ (global-name "com.apple.iohideventsystem")
+ (global-name "com.apple.iphone.axserver-systemwide")
+ (global-name "com.apple.frontboard.workspace")
+ (global-name "com.apple.frontboard.systemappservices")
+ (global-name "com.apple.progressd"))
- ;; <rdar://problem/19460486>
- (nano-preferences-read ".GlobalPreferences")
+(pasteboard-client)
+(springboard-services)
- (mobile-preferences-read
- ; To determine whether the dictation opt-in alert should be suppressed.
- "com.apple.assistant.backedup"
- ; Keyboard Dictation reads the list of supported languages from com.apple.assistant.support.plist.
- ; And Dictation checks whether Assistant is enabled by reading the same plist.
- ; <rdar://problem/9883999> com.apple.assistant.support preference domain needs to be unsandboxed
- "com.apple.assistant.support"
- "com.apple.EmojiPreferences"
- ; For CarPlay screen aspect ratio (rdar://problem/20062770).
- "com.apple.iapd"
- ; <rdar://problem/8477596> com.apple.InputModePreferences
- "com.apple.InputModePreferences"
- ; <rdar://problem/8206632> Weather(1038) deny file-read-data ~/Library/Preferences/com.apple.keyboard.plist
- "com.apple.keyboard"
- ; <rdar://problem/25130834> Spotlight suggestions in Lookup preference should be readable by any process
- "com.apple.lookup.shared"
- ; <rdar://problem/9384085>
- "com.apple.Preferences")
-
- ;; <rdar://problem/12985925> Need read access to /var/mobile/Library/Fonts to all apps
- (allow file-read*
- (home-subpath "/Library/Fonts"))
-
- ;; <rdar://problem/23803332>, <rdar://problem/9457549>, <rdar://problem/13237899>
+(when gizmo?
+ (mobile-preferences-read "com.apple.nano")
(allow mach-lookup
- (global-name "com.apple.assistant.analytics")
- (global-name "com.apple.assistant.dictation")
- (global-name "com.apple.dictationd.recognition"))
+ (global-name "com.apple.appaudiod")
+ (global-name "com.apple.Carousel.ButtonTapAssertion")
+ (global-name "com.apple.Carousel.CSLSBackgroundTaskRequestService")
+ (global-name "com.apple.Carousel.CSLSDockStatusService")
+ (global-name "com.apple.Carousel.activatingUIAssertion")
+ (global-name "com.apple.Carousel.alertSuppression")
+ (global-name "com.apple.Carousel.appOnWake")
+ (global-name "com.apple.Carousel.suspendSystemGestureAssertion")
+ (global-name "com.apple.carousel.backlightxpc")
+ (global-name "com.apple.carousel.brightnesscalculator")
+ (global-name "com.apple.carousel.connectionstatusservice")
+ (global-name "com.apple.Carousel.contextuallock")
+ (global-name "com.apple.carousel.fetchschedulingservice")
+ (global-name "com.apple.carousel.snapshotservice")
+ (global-name "com.apple.carousel.uiscalingservice")
+ (global-name "com.apple.carousel.unblankingsynchronization")
+ (global-name "com.apple.pepperuicore.statusbaritemserver")))
- ;; For copy-and-paste.
- (allow mach-lookup
- (global-name "com.apple.UIKit.pasteboardd")
- (global-name "com.apple.pasteboard.pasted"))
+;; AirDrop from the activity sheet.
+;; <rdar://problem/12715391>, <rdar://problem/12847034>, <rdar://problem/16400661>
+(allow mach-lookup
+ (global-name "com.apple.sharingd")
+ (global-name "com.apple.sharingd.nsxpc")
+ (with report)
+ (with message "This rule is being removed in rdar://15713112 -- please report this violation to Sandbox_profiles | all"))
+(allow-preferences-common)
+(allow user-preference-read
+ (preference-domain "com.apple.Sharing")
+ (with report)
+ (with message "This rule is being removed in rdar://15713112 -- please report this violation to Sandbox_profiles | all"))
- ;; <rdar://problem/9749387>
- (allow file-read*
- (literal "/private/var/preferences/SystemConfiguration/com.apple.accounts.exists.plist"))
+;; CoreMotion
+(mobile-preferences-read "com.apple.CoreMotion")
- ;; For Social.framework
- ;; <rdar://problem/13239172>
- (allow file-read*
- (literal "/private/var/preferences/SystemConfiguration/com.apple.sinaweibo.plist")
- (literal "/private/var/preferences/SystemConfiguration/com.apple.twitter.plist")
- (literal "/private/var/preferences/SystemConfiguration/com.apple.facebook.plist")
- (literal "/private/var/preferences/SystemConfiguration/com.apple.linkedin.plist"))
-
- ;; <rdar://problem/7344719&26323449> LaunchServices app icons
- (allow file-read*
- (well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
- (allow mach-lookup
- (xpc-service-name "com.apple.lsdiconservice"))
-
- ;; <rdar://problem/14184130> SpringBoard needs read/write to statusbar cache folder - all apps need read
- (allow file-read*
- (home-subpath "/Library/Caches/com.apple.UIStatusBar"))
-
- ;; <rdar://problem/22346174> Allow read-only access from the container profile to ~/Library/TVWallpaper
- (when tv?
- (allow file-read*
- (home-subpath "/Library/TVWallpaper")))
-
- ;; Common mach services needed by UIKit.
- (allow mach-lookup
- (global-name "com.apple.CARenderServer")
- (global-name "com.apple.KeyboardServices.TextReplacementService")
- (global-name "com.apple.UIKit.statusbarserver")
- (global-name "com.apple.uikit.GestureServer")
- (global-name "com.apple.assertiond.applicationstateconnection")
- (global-name "com.apple.assertiond.expiration")
- (global-name "com.apple.assertiond.processinfoservice")
- (global-name "com.apple.audio.hapticd")
- (global-name "com.apple.audio.SystemSoundServer-iOS")
- (global-name "com.apple.backboard.TouchDeliveryPolicyServer")
- (global-name "com.apple.backboard.animation-fence-arbiter")
- (global-name "com.apple.backboard.display.services")
- (global-name "com.apple.backboard.hid.focus")
- (global-name "com.apple.backboard.hid.services")
- (global-name "com.apple.iohideventsystem")
- (global-name "com.apple.iphone.axserver-systemwide")
- (global-name "com.apple.frontboard.workspace")
- (global-name "com.apple.frontboard.systemappservices")
- (global-name "com.apple.progressd"))
-
- (pasteboard-client)
- (springboard-services)
-
- (when gizmo?
- (mobile-preferences-read "com.apple.nano")
- (allow mach-lookup
- (global-name "com.apple.appaudiod")
- (global-name "com.apple.Carousel.ButtonTapAssertion")
- (global-name "com.apple.Carousel.CSLSBackgroundTaskRequestService")
- (global-name "com.apple.Carousel.CSLSDockStatusService")
- (global-name "com.apple.Carousel.activatingUIAssertion")
- (global-name "com.apple.Carousel.alertSuppression")
- (global-name "com.apple.Carousel.appOnWake")
- (global-name "com.apple.Carousel.suspendSystemGestureAssertion")
- (global-name "com.apple.carousel.backlightxpc")
- (global-name "com.apple.carousel.brightnesscalculator")
- (global-name "com.apple.carousel.connectionstatusservice")
- (global-name "com.apple.Carousel.contextuallock")
- (global-name "com.apple.carousel.fetchschedulingservice")
- (global-name "com.apple.carousel.snapshotservice")
- (global-name "com.apple.carousel.uiscalingservice")
- (global-name "com.apple.carousel.unblankingsynchronization")
- (global-name "com.apple.pepperuicore.statusbaritemserver")))
-
- ;; AirDrop from the activity sheet.
- ;; <rdar://problem/12715391>, <rdar://problem/12847034>, <rdar://problem/16400661>
- (allow mach-lookup
- (global-name "com.apple.sharingd")
- (global-name "com.apple.sharingd.nsxpc")
- (with report)
- (with message "This rule is being removed in rdar://15713112 -- please report this violation to Sandbox_profiles | all"))
- (allow-preferences-common)
- (allow user-preference-read
- (preference-domain "com.apple.Sharing")
- (with report)
- (with message "This rule is being removed in rdar://15713112 -- please report this violation to Sandbox_profiles | all"))
-
- ;; <rdar://problem/30874167> Create a new CacheDelete mach service to allow for public API for purgeable space requests
- (allow mach-lookup
- (global-name "com.apple.cache_delete.public"))
-
- ;; MIDI
- (allow ipc-posix-shm-read* ipc-posix-shm-write-data
- (ipc-posix-name-regex #"^Apple MIDI (in|out) [0-9]+$"))
-
- ;; CoreMotion
- (mobile-preferences-read "com.apple.CoreMotion")
-
- ;; CoreMotion’s deviceMotion API
- (with-filter
- (require-any
- (iokit-registry-entry-class "AppleOscarNub")
- (iokit-registry-entry-class "AppleSPUHIDInterface"))
- (allow iokit-get-properties
- (iokit-property "gyro-interrupt-calibration")))
- (with-filter (iokit-registry-entry-class "IOHIDEventServiceFastPathUserClient")
- (allow iokit-open)
- (allow iokit-get-properties iokit-set-properties
- (iokit-property "interval"
- "mode"
- "QueueSize"
- "useMag"))
+;; CoreMotion’s deviceMotion API
+(with-filter
+ (require-any
+ (iokit-registry-entry-class "AppleOscarNub")
+ (iokit-registry-entry-class "AppleSPUHIDInterface"))
(allow iokit-get-properties
- (iokit-property "client")))
+ (iokit-property "gyro-interrupt-calibration")))
+(with-filter (iokit-registry-entry-class "IOHIDEventServiceFastPathUserClient")
+(allow iokit-open)
+(allow iokit-get-properties iokit-set-properties
+ (iokit-property "interval"
+ "mode"
+ "QueueSize"
+ "useMag"))
+(allow iokit-get-properties
+(iokit-property "client")))
- ;; Common preferences read by UIKit.
- (mobile-preferences-read "com.apple.Accessibility"
- "com.apple.UIKit"
- "com.apple.WebUI"
- "com.apple.airplay"
- "com.apple.avkit"
- "com.apple.coreanimation"
- "com.apple.mt"
- "com.apple.preferences.sounds"
- "com.apple.telephonyutilities.dialassist")
+;; Common preferences read by UIKit.
+(mobile-preferences-read "com.apple.Accessibility"
+ "com.apple.UIKit"
+ "com.apple.WebUI"
+ "com.apple.airplay"
+ "com.apple.avkit"
+ "com.apple.coreanimation"
+ "com.apple.mt"
+ "com.apple.preferences.sounds"
+ "com.apple.telephonyutilities.dialassist")
- ;; Silence sandbox violations from apps trying to create the empty plist if it doesn't exist.
- ;; <rdar://problem/13796537>
- (deny file-write-create
- (home-prefix "/Library/Preferences/com.apple.UIKit.plist")
- (with no-report))
+;; Silence sandbox violations from apps trying to create the empty plist if it doesn't exist.
+;; <rdar://problem/13796537>
+(deny file-write-create
+ (home-prefix "/Library/Preferences/com.apple.UIKit.plist")
+ (with no-report))
- ;; <rdar://problem/10809394>
- (deny file-write-create
- (home-prefix "/Library/Preferences/com.apple.Accessibility.plist")
- (with no-report))
+;; <rdar://problem/10809394>
+(deny file-write-create
+ (home-prefix "/Library/Preferences/com.apple.Accessibility.plist")
+ (with no-report))
- ;; <rdar://problem/9404009>
- (mobile-preferences-read "kCFPreferencesAnyApplication")
+;; <rdar://problem/9404009>
+(mobile-preferences-read "kCFPreferencesAnyApplication")
- ;; <rdar://problem/10266866>
- (marco-logging-client)
+;; <rdar://problem/10266866>
+(marco-logging-client)
- ;; <rdar://problem/12250145>
- (mobile-preferences-read "com.apple.mediaaccessibility")
+;; <rdar://problem/12250145>
+(mobile-preferences-read "com.apple.mediaaccessibility")
- ; Dictionary Services used by UITextFields.
- ; <rdar://problem/9386926>
- (allow-create-directory
- (home-literal "/Library/Caches/com.apple.DictionaryServices"))
+; Dictionary Services used by UITextFields.
+; <rdar://problem/9386926>
+(allow-create-directory
+ (home-literal "/Library/Caches/com.apple.DictionaryServices"))
- ; <rdar://problem/11204655>
- (mobile-preferences-read "com.apple.MapKit.internal")
+(allow-network-common))
- ;; Required to detect whether Airplane mode is enabled.
- (allow file-read*
- (literal "/private/var/preferences/SystemConfiguration/com.apple.radios.plist"))
+; <rdar://problem/8548856> Sub-TLF: Sandbox change for apps for read-only access to the dictionary directory/data
+(allow file-read*
+ ; XXX - /Library ought to be allowed in all UI profiles but isn't (CF, MobileSafari)
+ (subpath "/Library/Dictionaries")
+ (home-subpath "/Library/Dictionaries"))
- (when (memq 'with-printing rest)
- (allow file-read-metadata network-outbound
- (literal "/private/var/run/printd"))
- (allow mach-lookup
- (xpc-service-name "com.apple.PrintKit.PrinterTool")))
+; <rdar://problem/8440231>
+(allow file-read*
+ (home-literal "/Library/Caches/DateFormats.plist"))
+; Silently deny writes when CFData attempts to write to the cache directory.
+(deny file-write*
+ (home-literal "/Library/Caches/DateFormats.plist")
+ (with no-log))
- ; <rdar://problem/9007191> , <rdar://problem/9244785>
- (when (memq 'with-gamekit-data rest)
- (allow file-read*
- (home-regex "/Library/GameKit/Data/[^/]+\.gcdata$"))
- (allow file-read-metadata
- (home-literal "/Library/GameKit/Data")))
+; UIKit-required IOKit nodes.
+(allow iokit-open
+ (iokit-user-client-class "AppleJPEGDriverUserClient")
+ (iokit-user-client-class "IOSurfaceAcceleratorClient")
+ (iokit-user-client-class "IOSurfaceSendRight")
+ ;; Requires by UIView -> UITextMagnifierRenderer -> UIWindow
+ (iokit-user-client-class "IOSurfaceRootUserClient"))
- ; rfc3484 -- from common.sb
- (unless (memq 'without-network rest)
- (allow-network-common))
+;; <rdar://problem/12675621>
+(allow iokit-open
+ (iokit-user-client-class "IOHIDLibUserClient"))
- ; <rdar://problem/8548856> Sub-TLF: Sandbox change for apps for read-only access to the dictionary directory/data
- (allow file-read*
- ; XXX - /Library ought to be allowed in all UI profiles but isn't (CF, MobileSafari)
- (subpath "/Library/Dictionaries")
- (home-subpath "/Library/Dictionaries"))
+(framebuffer-access)
- ; <rdar://problem/8440231>
- (allow file-read*
- (home-literal "/Library/Caches/DateFormats.plist"))
- ; Silently deny writes when CFData attempts to write to the cache directory.
- (deny file-write*
- (home-literal "/Library/Caches/DateFormats.plist")
- (with no-log))
+;; <rdar://problem/7822790>
+(mobile-keybag-access)
- ; UIKit-required IOKit nodes.
- (allow iokit-open
- (iokit-user-client-class "AppleJPEGDriverUserClient")
- (iokit-user-client-class "IOSurfaceAcceleratorClient")
- (iokit-user-client-class "IOSurfaceSendRight")
- ;; Requires by UIView -> UITextMagnifierRenderer -> UIWindow
- (iokit-user-client-class "IOSurfaceRootUserClient"))
+; <rdar://problem/7595408> , <rdar://problem/7643881>
+(opengl)
- ;; <rdar://problem/12675621>
- (allow iokit-open
- (iokit-user-client-class "IOHIDLibUserClient"))
+(location-services)
- (framebuffer-access)
+; CRCopyRestrictionsDictionary periodically tries to CFPreferencesAppSynchronize com.apple.springboard.plist
+; which will attempt to create the plist if it doesn't exist -- from any application. Only SpringBoard is
+; allowed to write its plist; ignore all others, they don't know what they are doing.
+; See <rdar://problem/9375027> for sample backtraces.
+(deny file-write*
+ (home-prefix "/Library/Preferences/com.apple.springboard.plist")
+ (with no-log))
- ;; <rdar://problem/7822790>
- (mobile-keybag-access)
+;; For <rdar://problem/29428318> Allow DragUI mach service lookups for all UIKit apps
+(allow mach-lookup
+ (global-name "com.apple.DragUI.druid.destination")
+ (global-name "com.apple.DragUI.druid.source"))
- ; <rdar://problem/7595408> , <rdar://problem/7643881>
- (if (memq 'with-opengl rest)
- (opengl))
+;; <rdar://problem/30544378> Allow global lookup of com.apple.contactsd
+(allow mach-lookup
+ (global-name "com.apple.contactsd"))
- (if (memq 'with-geoservices rest)
- (geoservices))
+;; <rdar://problem/31571441> need AX Drag-and-drop mach services added to default sandbox profile
+(allow mach-lookup
+ (global-name "com.apple.VoiceOverTouch.drag.xpc")
+ (global-name "com.apple.assistivetouchd.drag.xpc"))
- (if (memq 'with-location-services rest)
- (location-services))
+;; <rdar://problem/34092690>
+(allow mach-lookup
+ (xpc-service-name "com.apple.avkit.SharedPreferences"))
- ; <rdar://problem/8181749> Allow access to iTunes database files in container.sb
- (if (memq 'with-itunes-db rest)
- (itunes-db-read))
+;; <rdar://problem/34986314>
+(mobile-preferences-read "com.apple.indigo")
- (if (memq 'with-push-notifications rest)
- (push-notifications))
+;; <rdar://problem/35417382>, <rdar://problem/35518557>
+(allow mach-lookup
+ (global-name "com.apple.corespotlightservice"))
- (if (memq 'with-in-app-purchases rest)
- (in-app-purchases))
+;; <rdar://problem/35446577>
+(allow mach-lookup
+ (global-name "com.apple.coremedia.endpointplaybacksession.xpc"))
- ; CRCopyRestrictionsDictionary periodically tries to CFPreferencesAppSynchronize com.apple.springboard.plist
- ; which will attempt to create the plist if it doesn't exist -- from any application. Only SpringBoard is
- ; allowed to write its plist; ignore all others, they don't know what they are doing.
- ; See <rdar://problem/9375027> for sample backtraces.
- (deny file-write*
- (home-prefix "/Library/Preferences/com.apple.springboard.plist")
- (with no-log))
-
- ;; For <rdar://problem/29428318> Allow DragUI mach service lookups for all UIKit apps
- (allow mach-lookup
- (global-name "com.apple.DragUI.druid.destination")
- (global-name "com.apple.DragUI.druid.source"))
-
- ;; <rdar://problem/30544378> Allow global lookup of com.apple.contactsd
- (allow mach-lookup
- (global-name "com.apple.contactsd"))
-
- ;; <rdar://problem/31571441> need AX Drag-and-drop mach services added to default sandbox profile
- (allow mach-lookup
- (global-name "com.apple.VoiceOverTouch.drag.xpc")
- (global-name "com.apple.assistivetouchd.drag.xpc"))
-
- ;; <rdar://problem/34092690>
- (allow mach-lookup
- (xpc-service-name "com.apple.avkit.SharedPreferences"))
-
- ;; <rdar://problem/34437589>
- (allow mach-lookup
- (global-name "com.apple.ap.adtrackingd.attribution"))
-
- ;; <rdar://problem/34986314> Sandbox Profiles changes for indigo pref
- (mobile-preferences-read "com.apple.indigo")
-
- ;; <rdar://problem/35417382>, <rdar://problem/35518557>
- (allow mach-lookup
- (global-name "com.apple.corespotlightservice"))
-
- ;; <rdar://problem/35446577>
- (allow mach-lookup
- (global-name "com.apple.coremedia.endpointplaybacksession.xpc"))
-
- ;; For the (define... nesting.
- )
-
;;;
;;; End UIKit-apps.sb content
;;;
-(uikit-app 'with-opengl 'with-location-services)
-
;; Access to media controls
(play-media)
(media-remote)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
