Diff
Modified: trunk/Source/WebKit/ChangeLog (283057 => 283058)
--- trunk/Source/WebKit/ChangeLog 2021-09-24 21:25:45 UTC (rev 283057)
+++ trunk/Source/WebKit/ChangeLog 2021-09-24 21:43:26 UTC (rev 283058)
@@ -1,3 +1,27 @@
+2021-09-24 Per Arne Vollan <[email protected]>
+
+ Clean up preference rules in sandboxes
+ https://bugs.webkit.org/show_bug.cgi?id=230578
+ <rdar://problem/83371815>
+
+ Reviewed by Brent Fulgham.
+
+ We are currently duplicating many preference domains in the sandboxes after blocking cfprefsd by using CFPrefs direct mode.
+ This is addressed by adopting a pre-existing macro that adds the required file access privileges in CFPrefs direct mode.
+ This patch also creates a sandbox include file for preferences, which can be shared among WebKit processes.
+
+ * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+ * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+ * PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
+ * Shared/Sandbox: Added.
+ * Shared/Sandbox/preferences.sb: Added.
+ * WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in:
+ * WebKit.xcodeproj/project.pbxproj:
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2021-09-24 Devin Rousso <[email protected]>
Add typechecking `is` overloads for `std::unique_ptr`, `WTF::UniqueRef`, and `WTF::WeakPtr`
Modified: trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (283057 => 283058)
--- trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2021-09-24 21:25:45 UTC (rev 283057)
+++ trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2021-09-24 21:43:26 UTC (rev 283058)
@@ -26,6 +26,8 @@
(deny nvram*)
(allow system-audit file-read-metadata)
+#include "Shared/Sandbox/preferences.sb"
+
;;;
;;; The following rules were originally contained in 'system.sb'. We are duplicating them here so we can
;;; remove unneeded sandbox extensions.
@@ -567,82 +569,38 @@
(subpath "/Library/Audio/Plug-Ins/Components"))
;; Preferences support
-(allow user-preference-read
- (preference-domain
- "kCFPreferencesAnyApplication"
- "com.apple.Accessibility"
- "com.apple.ATS"
- "com.apple.CoreGraphics"
- "com.apple.DownloadAssessment"
- "com.apple.HIToolbox"
- "com.apple.LaunchServices"
- "com.apple.MultitouchSupport" ;; FIXME: Remove when <rdar://problem/13011633> is fixed.
- "com.apple.ServicesMenu.Services" ;; Needed for NSAttributedString <rdar://problem/10844321>
- "com.apple.ViewBridge" ;; Needed for Input elements.
- "com.apple.WebFoundation"
- "com.apple.avfoundation"
- "com.apple.avfoundation.frecents" ;; <rdar://problem/33137029>
- "com.apple.avfoundation.videoperformancehud" ;; <rdar://problem/31594568>
- "com.apple.coremedia"
- "com.apple.crypto"
- "com.apple.driver.AppleBluetoothMultitouch.mouse"
- "com.apple.driver.AppleBluetoothMultitouch.trackpad"
- "com.apple.driver.AppleHIDMouse"
- "com.apple.lookup.shared"
- "com.apple.mediaaccessibility" ;; Needed for custom caption styles
- "com.apple.networkConnect"
- "com.apple.speech.voice.prefs"
- "com.apple.systemsound"
- "com.apple.universalaccess"
- "edu.mit.Kerberos"
- "pbs" ;; Needed for NSAttributedString <rdar://problem/10844321>
-))
+(shared-preferences-read
+ "com.apple.Accessibility"
+ "com.apple.ATS"
+ "com.apple.CoreGraphics"
+ "com.apple.DownloadAssessment"
+ "com.apple.HIToolbox"
+ "com.apple.LaunchServices"
+ "com.apple.MultitouchSupport" ;; FIXME: Remove when <rdar://problem/13011633> is fixed.
+ "com.apple.ServicesMenu.Services" ;; Needed for NSAttributedString <rdar://problem/10844321>
+ "com.apple.ViewBridge" ;; Needed for Input elements.
+ "com.apple.WebFoundation"
+ "com.apple.WebKit"
+ "com.apple.avfoundation"
+ "com.apple.avfoundation.frecents" ;; <rdar://problem/33137029>
+ "com.apple.avfoundation.videoperformancehud" ;; <rdar://problem/31594568>
+ "com.apple.coremedia"
+ "com.apple.crypto"
+ "com.apple.driver.AppleBluetoothMultitouch.mouse"
+ "com.apple.driver.AppleBluetoothMultitouch.trackpad"
+ "com.apple.driver.AppleHIDMouse"
+ "com.apple.lookup.shared"
+ "com.apple.mediaaccessibility" ;; Needed for custom caption styles
+ "com.apple.networkConnect"
+ "com.apple.security"
+ "com.apple.speech.voice.prefs"
+ "com.apple.systemsound"
+ "com.apple.universalaccess"
+ "edu.mit.Kerberos"
+ "pbs") ;; Needed for NSAttributedString <rdar://problem/10844321>
-#if ENABLE(CFPREFS_DIRECT_MODE)
-(allow file-read*
- (literal "/Library/Preferences/.GlobalPreferences.plist")
- (home-subpath "/Library/Preferences/.GlobalPreferences.plist")
- (home-subpath "/Library/Preferences/.GlobalPreferences_m.plist")
- (home-subpath "/Library/Preferences/com.apple.security.plist")
- (home-subpath "/Library/Preferences/com.apple.Accessibility.plist")
- (home-subpath "/Library/Preferences/com.apple.ATS.plist")
- (home-subpath "/Library/Preferences/com.apple.CoreGraphics.plist")
- (home-subpath "/Library/Preferences/com.apple.DownloadAssessment.plist")
- (home-subpath "/Library/Preferences/com.apple.HIToolbox.plist")
- (home-subpath "/Library/Preferences/com.apple.LaunchServices.plist")
- (home-subpath "/Library/Preferences/com.apple.MultitouchSupport.plist")
- (home-subpath "/Library/Preferences/com.apple.ServicesMenu.Services.plist")
- (home-subpath "/Library/Preferences/com.apple.ViewBridge.plist")
- (home-subpath "/Library/Preferences/com.apple.WebKit.plist")
- (home-subpath "/Library/Preferences/com.apple.WebFoundation.plist")
- (home-subpath "/Library/Preferences/com.apple.avfoundation.plist")
- (home-subpath "/Library/Preferences/com.apple.avfoundation.frecents.plist")
- (home-subpath "/Library/Preferences/com.apple.avfoundation.videoperformancehud.plist")
- (home-subpath "/Library/Preferences/com.apple.coremedia.plist")
- (home-subpath "/Library/Preferences/com.apple.crypto.plist")
- (home-subpath "/Library/Preferences/com.apple.driver.AppleBluetoothMultitouch.mouse.plist")
- (home-subpath "/Library/Preferences/com.apple.driver.AppleBluetoothMultitouch.trackpad.plist")
- (home-subpath "/Library/Preferences/com.apple.driver.AppleHIDMouse.plist")
- (home-subpath "/Library/Preferences/com.apple.lookup.shared.plist")
- (home-subpath "/Library/Preferences/com.apple.mediaaccessibility.plist")
- (home-subpath "/Library/Preferences/com.apple.networkConnect.plist")
- (home-subpath "/Library/Preferences/com.apple.speech.voice.prefs.plist")
- (home-subpath "/Library/Preferences/com.apple.systemsound.plist")
- (home-subpath "/Library/Preferences/com.apple.universalaccess.plist")
- (home-subpath "/Library/Preferences/edu.mit.Kerberos.plist")
- (home-subpath "/Library/Preferences/pbs.plist")
-)
-#endif
+(allow-reading-global-preferences)
-; (Temporary) backward compatibility with non-CFPreferences readers.
-(allow file-read*
- (literal "/Library/Preferences/com.apple.ViewBridge.plist"))
-
-; FIXME: This is needed for some security framework calls (that use non-CFPreferences readers)
-(allow file-read-data
- (literal "/Library/Preferences/com.apple.security.plist")
- (home-subpath "/Library/Preferences/com.apple.security.plist"))
-
;; On-disk WebKit2 framework location, to account for debug installations outside of /System/Library/Frameworks,
;; and to allow issuing extensions.
(allow-read-directory-and-issue-read-extensions (param "WEBKIT2_FRAMEWORK_DIR"))
@@ -911,24 +869,6 @@
(set! deny orig-deny)
(set! allow orig-allow))))
-(define (home-library-preferences-regex home-library-preferences-relative-regex)
- (regex (string-append "^" (regex-quote (param "HOME_LIBRARY_PREFERENCES_DIR")) home-library-preferences-relative-regex)))
-
-(define (home-library-preferences-literal home-library-preferences-relative-literal)
- (literal (string-append (param "HOME_LIBRARY_PREFERENCES_DIR") home-library-preferences-relative-literal)))
-
-(define (shared-preferences-read . domains)
- (for-each (lambda (domain)
- (begin
- (if (defined? `user-preference-read)
- (allow user-preference-read (preference-domain domain)))
- ; (Temporary) backward compatibility with non-CFPreferences readers.
- (allow file-read*
- (literal (string-append "/Library/Preferences/" domain ".plist"))
- (home-library-preferences-literal (string-append "/" domain ".plist"))
- (home-library-preferences-regex (string-append #"/ByHost/" (regex-quote domain) #"\..*\.plist$")))))
- domains))
-
;; Media capture, microphone access
(with-filter (extension "com.apple.webkit.microphone")
(allow device-microphone))
Modified: trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (283057 => 283058)
--- trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2021-09-24 21:25:45 UTC (rev 283057)
+++ trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2021-09-24 21:43:26 UTC (rev 283058)
@@ -26,6 +26,8 @@
(deny nvram*)
(allow system-audit file-read-metadata)
+#include "Shared/Sandbox/preferences.sb"
+
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500
;;;
;;; The following rules were originally contained in 'common.sb'. We are duplicating them here so we can
@@ -264,15 +266,15 @@
*uuid-pattern*)
;; Read-only preferences and data
-(allow user-preference-read
- (preference-domain
- "kCFPreferencesAnyApplication"
- "com.apple.CFNetwork"
- "com.apple.DownloadAssessment"
- "com.apple.WebFoundation"
- "com.apple.ist.ds.appleconnect2.uat" ;; Remove after <rdar://problem/35542803> ships
- "com.apple.networkConnect"))
+(allow-reading-global-preferences)
+(shared-preferences-read
+ "com.apple.CFNetwork"
+ "com.apple.DownloadAssessment"
+ "com.apple.WebFoundation"
+ "com.apple.ist.ds.appleconnect2.uat" ;; Remove after <rdar://problem/35542803> ships
+ "com.apple.networkConnect")
+
(allow file-read*
;; Basic system paths
(subpath "/Library/Frameworks")
@@ -378,12 +380,11 @@
(subpath "/private/var/db/mds/system")) ;; FIXME: This should be removed when <rdar://problem/9538414> is fixed.
)
-(allow user-preference-read
- (preference-domain
- "com.apple.crypto"
- "com.apple.security"
- "com.apple.security.common"
- "com.apple.security.revocation"))
+(shared-preferences-read
+ "com.apple.crypto"
+ "com.apple.security"
+ "com.apple.security.common"
+ "com.apple.security.revocation")
(allow file-read*
(subpath "/private/var/db/mds")
@@ -423,11 +424,10 @@
(global-name "com.apple.system.logger"))
(allow network-outbound
(remote udp))
-(allow user-preference-read
- (preference-domain
- "com.apple.GSS"
- "com.apple.Kerberos"
- "edu.mit.Kerberos"))
+(shared-preferences-read
+ "com.apple.GSS"
+ "com.apple.Kerberos"
+ "edu.mit.Kerberos")
(allow file-read*
(literal "/private/etc/krb5.conf")
(literal "/private/etc/services")
Modified: trunk/Source/WebKit/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in (283057 => 283058)
--- trunk/Source/WebKit/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in 2021-09-24 21:25:45 UTC (rev 283057)
+++ trunk/Source/WebKit/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in 2021-09-24 21:43:26 UTC (rev 283058)
@@ -27,6 +27,8 @@
(import "system.sb")
+#include "Shared/Sandbox/preferences.sb"
+
;;; process-info* defaults to allow; deny it and then allow operations we actually need.
(deny process-info*)
(allow process-info-pidinfo)
@@ -193,18 +195,6 @@
(define (home-library-preferences-literal home-library-preferences-relative-literal)
(literal (string-append (param "HOME_LIBRARY_PREFERENCES_DIR") home-library-preferences-relative-literal)))
-(define (shared-preferences-read . domains)
- (for-each (lambda (domain)
- (begin
- (if (defined? `user-preference-read)
- (allow user-preference-read (preference-domain domain)))
- ; (Temporary) backward compatibility with non-CFPreferences readers.
- (allow file-read*
- (literal (string-append "/Library/Preferences/" domain ".plist"))
- (home-library-preferences-literal (string-append "/" domain ".plist"))
- (home-library-preferences-regex (string-append #"/ByHost/" (regex-quote domain) #"\..*\.plist$")))))
- domains))
-
(define (shared-preferences-read-write . domains)
(for-each (lambda (domain)
(begin
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (283057 => 283058)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2021-09-24 21:25:45 UTC (rev 283057)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2021-09-24 21:43:26 UTC (rev 283058)
@@ -80,7 +80,12 @@
(define-once (mobile-preferences-read . domains)
(allow-preferences-common)
- (allow user-preference-read (apply preference-domain domains)))
+ (for-each (lambda (domain)
+ (begin
+ (allow user-preference-read (preference-domain domain))
+ (allow file-read*
+ (home-literal (string-append "/Library/Preferences/" domain ".plist")))))
+ domains))
(define-once (framebuffer-access)
(allow iokit-open
@@ -456,7 +461,7 @@
(allow file-read*
(subpath "/private/var/preferences/Logging"))
- (mobile-preferences-read "kCFPreferencesAnyApplication")
+ (allow user-preference-read (preference-domain "kCFPreferencesAnyApplication"))
(allow file-read*
(front-user-home-literal "/Library/Preferences/.GlobalPreferences.plist")
(front-user-home-literal "/Library/Preferences/.GlobalPreferences_m.plist"))
@@ -715,9 +720,6 @@
(uikit-requirements)
-;; <rdar://problem/9404009>
-(mobile-preferences-read "kCFPreferencesAnyApplication")
-
(dictionary-support)
; <rdar://problem/8440231>
@@ -748,51 +750,7 @@
;;; End UIKit-apps.sb content
;;;
-;; In CFPrefs direct mode, access to preference files is required.
-(allow file-read*
- (home-literal
- "/Library/Preferences/com.apple.Accessibility.plist"
- "/Library/Preferences/com.apple.AdLib.plist"
- "/Library/Preferences/com.apple.EmojiPreferences.plist"
- "/Library/Preferences/com.apple.InputModePreferences.plist"
- "/Library/Preferences/com.apple.LaunchServices.plist"
- "/Library/Preferences/com.apple.Metal.plist"
- "/Library/Preferences/com.apple.MobileAsset.plist"
- "/Library/Preferences/com.apple.Preferences.plist"
- "/Library/Preferences/com.apple.PrototypeTools.plist"
- "/Library/Preferences/com.apple.SpeakSelection.plist"
- "/Library/Preferences/com.apple.UIKit.plist"
- "/Library/Preferences/com.apple.VoiceOverTouch.plist"
- "/Library/Preferences/com.apple.WebFoundation.plist"
- "/Library/Preferences/com.apple.WebUI.plist"
- "/Library/Preferences/com.apple.airplay.plist"
- "/Library/Preferences/com.apple.audio.virtualaudio.plist"
- "/Library/Preferences/com.apple.avfoundation.plist"
- "/Library/Preferences/com.apple.avfoundation.frecents.plist"
- "/Library/Preferences/com.apple.avfoundation.videoperformancehud.plist"
- "/Library/Preferences/com.apple.avkit.plist"
- "/Library/Preferences/com.apple.coreanimation.plist"
- "/Library/Preferences/com.apple.coreaudio.plist"
- "/Library/Preferences/com.apple.coremedia.plist"
- "/Library/Preferences/com.apple.corevideo.plist"
- "/Library/Preferences/com.apple.da.plist"
- "/Library/Preferences/com.apple.keyboard.plist"
- "/Library/Preferences/com.apple.lookup.shared.plist"
- "/Library/Preferences/com.apple.mediaaccessibility.plist"
- "/Library/Preferences/com.apple.mediaaccessibility.public.plist"
- "/Library/Preferences/com.apple.mediaremote.plist"
- "/Library/Preferences/com.apple.mobileipod.plist"
- "/Library/Preferences/com.apple.mt.plist"
- "/Library/Preferences/com.apple.hangtracer.plist"
- "/Library/Preferences/com.apple.iokit.IOMobileGraphicsFamily.plist"
- "/Library/Preferences/com.apple.itunesstored.plist"
- "/Library/Preferences/com.apple.opengl.plist"
- "/Library/Preferences/com.apple.preferences.sounds.plist"
- "/Library/Preferences/com.apple.security.plist"
- "/Library/Preferences/com.apple.voiceservices.plist"
- "/Library/Preferences/com.apple.voiceservices.logging.plist"
- )
-)
+(mobile-preferences-read "com.apple.AdLib.plist")
(deny sysctl*)
(allow sysctl-read
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (283057 => 283058)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2021-09-24 21:25:45 UTC (rev 283057)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2021-09-24 21:43:26 UTC (rev 283058)
@@ -331,7 +331,7 @@
(allow file-read*
(subpath "/private/var/preferences/Logging"))
- (mobile-preferences-read "kCFPreferencesAnyApplication")
+ (allow user-preference-read (preference-domain "kCFPreferencesAnyApplication"))
(allow file-read*
(front-user-home-literal "/Library/Preferences/.GlobalPreferences.plist"))
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb (283057 => 283058)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb 2021-09-24 21:25:45 UTC (rev 283057)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb 2021-09-24 21:43:26 UTC (rev 283058)
@@ -45,7 +45,12 @@
(define-once (mobile-preferences-read . domains)
(allow-preferences-common)
- (allow user-preference-read (apply preference-domain domains)))
+ (for-each (lambda (domain)
+ (begin
+ (allow user-preference-read (preference-domain domain))
+ (allow file-read*
+ (home-literal (string-append "/Library/Preferences/" domain ".plist")))))
+ domains))
(define-once (internal-debugging-support)
(allow file-read* file-map-executable
@@ -180,7 +185,9 @@
)
)
- (mobile-preferences-read "kCFPreferencesAnyApplication")
+ (allow user-preference-read (preference-domain "kCFPreferencesAnyApplication"))
+ (allow file-read*
+ (front-user-home-literal "/Library/Preferences/.GlobalPreferences.plist"))
(allow managed-preference-read (preference-domain "kCFPreferencesAnyApplication"))
(allow file-read*
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (283057 => 283058)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2021-09-24 21:25:45 UTC (rev 283057)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2021-09-24 21:43:26 UTC (rev 283058)
@@ -80,7 +80,12 @@
(define-once (mobile-preferences-read . domains)
(allow-preferences-common)
- (allow user-preference-read (apply preference-domain domains)))
+ (for-each (lambda (domain)
+ (begin
+ (allow user-preference-read (preference-domain domain))
+ (allow file-read*
+ (home-literal (string-append "/Library/Preferences/" domain ".plist")))))
+ domains))
(define-once (framebuffer-access)
(allow iokit-open
@@ -571,7 +576,7 @@
(allow file-read*
(subpath "/private/var/preferences/Logging"))
- (mobile-preferences-read "kCFPreferencesAnyApplication")
+ (allow user-preference-read (preference-domain "kCFPreferencesAnyApplication"))
(allow file-read*
(front-user-home-literal "/Library/Preferences/.GlobalPreferences.plist")
(front-user-home-literal "/Library/Preferences/.GlobalPreferences_m.plist"))
@@ -838,9 +843,6 @@
(uikit-requirements)
-;; <rdar://problem/9404009>
-(mobile-preferences-read "kCFPreferencesAnyApplication")
-
(dictionary-support)
; <rdar://problem/8440231>
@@ -871,51 +873,7 @@
;;; End UIKit-apps.sb content
;;;
-;; In CFPrefs direct mode, access to preference files is required.
-(allow file-read*
- (home-literal
- "/Library/Preferences/com.apple.Accessibility.plist"
- "/Library/Preferences/com.apple.AdLib.plist"
- "/Library/Preferences/com.apple.EmojiPreferences.plist"
- "/Library/Preferences/com.apple.InputModePreferences.plist"
- "/Library/Preferences/com.apple.LaunchServices.plist"
- "/Library/Preferences/com.apple.Metal.plist"
- "/Library/Preferences/com.apple.MobileAsset.plist"
- "/Library/Preferences/com.apple.Preferences.plist"
- "/Library/Preferences/com.apple.PrototypeTools.plist"
- "/Library/Preferences/com.apple.SpeakSelection.plist"
- "/Library/Preferences/com.apple.UIKit.plist"
- "/Library/Preferences/com.apple.VoiceOverTouch.plist"
- "/Library/Preferences/com.apple.WebFoundation.plist"
- "/Library/Preferences/com.apple.WebUI.plist"
- "/Library/Preferences/com.apple.airplay.plist"
- "/Library/Preferences/com.apple.audio.virtualaudio.plist"
- "/Library/Preferences/com.apple.avfoundation.plist"
- "/Library/Preferences/com.apple.avfoundation.frecents.plist"
- "/Library/Preferences/com.apple.avfoundation.videoperformancehud.plist"
- "/Library/Preferences/com.apple.avkit.plist"
- "/Library/Preferences/com.apple.coreanimation.plist"
- "/Library/Preferences/com.apple.coreaudio.plist"
- "/Library/Preferences/com.apple.coremedia.plist"
- "/Library/Preferences/com.apple.corevideo.plist"
- "/Library/Preferences/com.apple.da.plist"
- "/Library/Preferences/com.apple.keyboard.plist"
- "/Library/Preferences/com.apple.lookup.shared.plist"
- "/Library/Preferences/com.apple.mediaaccessibility.plist"
- "/Library/Preferences/com.apple.mediaaccessibility.public.plist"
- "/Library/Preferences/com.apple.mediaremote.plist"
- "/Library/Preferences/com.apple.mobileipod.plist"
- "/Library/Preferences/com.apple.mt.plist"
- "/Library/Preferences/com.apple.hangtracer.plist"
- "/Library/Preferences/com.apple.iokit.IOMobileGraphicsFamily.plist"
- "/Library/Preferences/com.apple.itunesstored.plist"
- "/Library/Preferences/com.apple.opengl.plist"
- "/Library/Preferences/com.apple.preferences.sounds.plist"
- "/Library/Preferences/com.apple.security.plist"
- "/Library/Preferences/com.apple.voiceservices.plist"
- "/Library/Preferences/com.apple.voiceservices.logging.plist"
- )
-)
+(mobile-preferences-read "com.apple.AdLib.plist")
(deny file-read* (with no-report)
(home-literal
Added: trunk/Source/WebKit/Shared/Sandbox/preferences.sb (0 => 283058)
--- trunk/Source/WebKit/Shared/Sandbox/preferences.sb (rev 0)
+++ trunk/Source/WebKit/Shared/Sandbox/preferences.sb 2021-09-24 21:43:26 UTC (rev 283058)
@@ -0,0 +1,54 @@
+; Copyright (C) 2021 Apple Inc. All rights reserved.
+;
+; Redistribution and use in source and binary forms, with or without
+; modification, are permitted provided that the following conditions
+; are met:
+; 1. Redistributions of source code must retain the above copyright
+; notice, this list of conditions and the following disclaimer.
+; 2. Redistributions in binary form must reproduce the above copyright
+; notice, this list of conditions and the following disclaimer in the
+; documentation and/or other materials provided with the distribution.
+;
+; THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+; BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+; THE POSSIBILITY OF SUCH DAMAGE.
+
+(define (home-library-preferences-regex home-library-preferences-relative-regex)
+ (regex (string-append "^" (regex-quote (param "HOME_LIBRARY_PREFERENCES_DIR")) home-library-preferences-relative-regex)))
+
+(define (home-library-preferences-literal home-library-preferences-relative-literal)
+ (literal (string-append (param "HOME_LIBRARY_PREFERENCES_DIR") home-library-preferences-relative-literal)))
+
+(define (shared-preferences-read . domains)
+ (for-each (lambda (domain)
+ (begin
+ (allow user-preference-read (preference-domain domain))
+ (allow file-read*
+ (literal (string-append "/Library/Preferences/" domain ".plist"))
+ (home-library-preferences-literal (string-append "/" domain ".plist"))
+ (home-library-preferences-regex (string-append #"/ByHost/" (regex-quote domain) #"\..*\.plist$")))))
+ domains))
+
+(define (allow-reading-global-preferences)
+ (allow user-preference-read (preference-domain "kCFPreferencesAnyApplication"))
+#if ENABLE(CFPREFS_DIRECT_MODE)
+ (allow file-read*
+ (literal "/Library/Preferences/.GlobalPreferences.plist")
+ (home-subpath "/Library/Preferences/.GlobalPreferences.plist")
+ (home-subpath "/Library/Preferences/.GlobalPreferences_m.plist")
+ (home-regex #"/Library/Preferences/ByHost/\.GlobalPreferences\..*\.plist$")
+ )
+#endif
+)
+
+
+
+
Modified: trunk/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in (283057 => 283058)
--- trunk/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in 2021-09-24 21:25:45 UTC (rev 283057)
+++ trunk/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in 2021-09-24 21:43:26 UTC (rev 283058)
@@ -26,6 +26,8 @@
(deny nvram*)
(allow system-audit file-read-metadata)
+#include "Shared/Sandbox/preferences.sb"
+
;;;
;;; The following rules were originally contained in 'system.sb'. We are duplicating them here so we can
;;; remove unneeded sandbox extensions.
@@ -249,37 +251,36 @@
(subpath "/Library/Audio/Plug-Ins/Components"))
;; Preferences support
-(allow user-preference-read
- (preference-domain
- "kCFPreferencesAnyApplication"
- "com.apple.Accessibility"
- "com.apple.ATS"
- "com.apple.CoreGraphics"
- "com.apple.DownloadAssessment"
- "com.apple.HIToolbox"
- "com.apple.LaunchServices"
- "com.apple.MultitouchSupport" ;; FIXME: Remove when <rdar://problem/13011633> is fixed.
- "com.apple.ServicesMenu.Services" ;; Needed for NSAttributedString <rdar://problem/10844321>
- "com.apple.ViewBridge" ;; Needed for Input elements.
- "com.apple.WebFoundation"
- "com.apple.avfoundation"
- "com.apple.avfoundation.frecents" ;; <rdar://problem/33137029>
- "com.apple.avfoundation.videoperformancehud" ;; <rdar://problem/31594568>
- "com.apple.coremedia"
- "com.apple.crypto"
- "com.apple.driver.AppleBluetoothMultitouch.mouse"
- "com.apple.driver.AppleBluetoothMultitouch.trackpad"
- "com.apple.driver.AppleHIDMouse"
- "com.apple.lookup.shared"
- "com.apple.mediaaccessibility" ;; Needed for custom caption styles
- "com.apple.networkConnect"
- "com.apple.speech.voice.prefs"
- "com.apple.systemsound"
- "com.apple.universalaccess"
- "edu.mit.Kerberos"
- "pbs" ;; Needed for NSAttributedString <rdar://problem/10844321>
-))
+(shared-preferences-read
+ "com.apple.Accessibility"
+ "com.apple.ATS"
+ "com.apple.CoreGraphics"
+ "com.apple.DownloadAssessment"
+ "com.apple.HIToolbox"
+ "com.apple.LaunchServices"
+ "com.apple.MultitouchSupport" ;; FIXME: Remove when <rdar://problem/13011633> is fixed.
+ "com.apple.ServicesMenu.Services" ;; Needed for NSAttributedString <rdar://problem/10844321>
+ "com.apple.ViewBridge" ;; Needed for Input elements.
+ "com.apple.WebFoundation"
+ "com.apple.avfoundation"
+ "com.apple.avfoundation.frecents" ;; <rdar://problem/33137029>
+ "com.apple.avfoundation.videoperformancehud" ;; <rdar://problem/31594568>
+ "com.apple.coremedia"
+ "com.apple.crypto"
+ "com.apple.driver.AppleBluetoothMultitouch.mouse"
+ "com.apple.driver.AppleBluetoothMultitouch.trackpad"
+ "com.apple.driver.AppleHIDMouse"
+ "com.apple.lookup.shared"
+ "com.apple.mediaaccessibility" ;; Needed for custom caption styles
+ "com.apple.networkConnect"
+ "com.apple.speech.voice.prefs"
+ "com.apple.systemsound"
+ "com.apple.universalaccess"
+ "edu.mit.Kerberos"
+ "pbs") ;; Needed for NSAttributedString <rdar://problem/10844321>
+(allow-reading-global-preferences)
+
; (Temporary) backward compatibility with non-CFPreferences readers.
(allow file-read*
(literal "/Library/Preferences/com.apple.ViewBridge.plist"))
Modified: trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj (283057 => 283058)
--- trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2021-09-24 21:25:45 UTC (rev 283057)
+++ trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2021-09-24 21:43:26 UTC (rev 283058)
@@ -6013,6 +6013,7 @@
E30CFB9D2660663C0094D9C0 /* com.apple.WebKit.WebContent.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = com.apple.WebKit.WebContent.sb; path = DerivedSources/WebKit2/com.apple.WebKit.WebContent.sb; sourceTree = BUILT_PRODUCTS_DIR; };
E313664D265EE5AF0051084F /* com.apple.WebKit.WebContent.sb.in */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.apple.WebKit.WebContent.sb.in; sourceTree = "<group>"; };
E3439B632345463A0011DE0B /* NetworkProcessConnectionInfo.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = NetworkProcessConnectionInfo.h; path = Network/NetworkProcessConnectionInfo.h; sourceTree = "<group>"; };
+ E3612FF026F90862007B1175 /* Sandbox */ = {isa = PBXFileReference; lastKnownFileType = folder; path = Sandbox; sourceTree = "<group>"; };
E3866AE42397400400F88FE9 /* WebDeviceOrientationUpdateProviderProxy.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = WebDeviceOrientationUpdateProviderProxy.mm; path = ios/WebDeviceOrientationUpdateProviderProxy.mm; sourceTree = "<group>"; };
E3866AE62397405300F88FE9 /* WebDeviceOrientationUpdateProviderProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = WebDeviceOrientationUpdateProviderProxy.h; path = ios/WebDeviceOrientationUpdateProviderProxy.h; sourceTree = "<group>"; };
E3866AED2398471A00F88FE9 /* WebDeviceOrientationUpdateProviderProxy.messages.in */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = WebDeviceOrientationUpdateProviderProxy.messages.in; path = ios/WebDeviceOrientationUpdateProviderProxy.messages.in; sourceTree = "<group>"; };
@@ -6856,6 +6857,7 @@
BC111B5A112F628200337BAB /* mac */,
1AAE058C1279DCD400852418 /* Plugins */,
2D2E04761F5BEC4F00BB25ED /* RemoteLayerTree */,
+ E3612FF026F90862007B1175 /* Sandbox */,
1ABF43781A368035003FB0E6 /* WebsiteData */,
118502602673B0DA00A6425E /* XR */,
E3BCE877267252120011D8DB /* AccessibilityPreferences.cpp */,
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (283057 => 283058)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-09-24 21:25:45 UTC (rev 283057)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-09-24 21:43:26 UTC (rev 283058)
@@ -26,6 +26,8 @@
(deny nvram*)
(allow system-audit file-read-metadata)
+#include "Shared/Sandbox/preferences.sb"
+
;;;
;;; The following rules were originally contained in 'system.sb'. We are duplicating them here so we can
;;; remove unneeded sandbox extensions.
@@ -987,84 +989,40 @@
;; Needed for AES3 support
(subpath "/Library/Audio/Plug-Ins/Components"))
+
;; Preferences support
-(allow user-preference-read
- (preference-domain
- "kCFPreferencesAnyApplication"
- "com.apple.Accessibility"
- "com.apple.ATS"
- "com.apple.CoreGraphics"
- "com.apple.DownloadAssessment"
- "com.apple.HIToolbox"
- "com.apple.LaunchServices"
- "com.apple.MultitouchSupport" ;; FIXME: Remove when <rdar://problem/13011633> is fixed.
- "com.apple.ServicesMenu.Services" ;; Needed for NSAttributedString <rdar://problem/10844321>
- "com.apple.ViewBridge" ;; Needed for Input elements.
- "com.apple.WebFoundation"
- "com.apple.avfoundation"
- "com.apple.avfoundation.frecents" ;; <rdar://problem/33137029>
- "com.apple.avfoundation.videoperformancehud" ;; <rdar://problem/31594568>
- "com.apple.coremedia"
- "com.apple.crypto"
- "com.apple.driver.AppleBluetoothMultitouch.mouse"
- "com.apple.driver.AppleBluetoothMultitouch.trackpad"
- "com.apple.driver.AppleHIDMouse"
- "com.apple.lookup.shared"
- "com.apple.mediaaccessibility" ;; Needed for custom caption styles
- "com.apple.networkConnect"
- "com.apple.speech.voice.prefs"
- "com.apple.systemsound"
- "com.apple.universalaccess"
- "edu.mit.Kerberos"
- "pbs" ;; Needed for NSAttributedString <rdar://problem/10844321>
-))
+(shared-preferences-read
+ "com.apple.Accessibility"
+ "com.apple.ATS"
+ "com.apple.CoreGraphics"
+ "com.apple.DownloadAssessment"
+ "com.apple.HIToolbox"
+ "com.apple.LaunchServices"
+ "com.apple.MultitouchSupport" ;; FIXME: Remove when <rdar://problem/13011633> is fixed.
+ "com.apple.ServicesMenu.Services" ;; Needed for NSAttributedString <rdar://problem/10844321>
+ "com.apple.ViewBridge" ;; Needed for Input elements.
+ "com.apple.WebFoundation"
+ "com.apple.WebKit"
+ "com.apple.avfoundation"
+ "com.apple.avfoundation.frecents" ;; <rdar://problem/33137029>
+ "com.apple.avfoundation.videoperformancehud" ;; <rdar://problem/31594568>
+ "com.apple.coremedia"
+ "com.apple.crypto"
+ "com.apple.driver.AppleBluetoothMultitouch.mouse"
+ "com.apple.driver.AppleBluetoothMultitouch.trackpad"
+ "com.apple.driver.AppleHIDMouse"
+ "com.apple.lookup.shared"
+ "com.apple.mediaaccessibility" ;; Needed for custom caption styles
+ "com.apple.networkConnect"
+ "com.apple.security"
+ "com.apple.speech.voice.prefs"
+ "com.apple.systemsound"
+ "com.apple.universalaccess"
+ "edu.mit.Kerberos"
+ "pbs") ;; Needed for NSAttributedString <rdar://problem/10844321>
-#if ENABLE(CFPREFS_DIRECT_MODE)
-(allow file-read*
- (literal "/Library/Preferences/.GlobalPreferences.plist")
- (home-subpath "/Library/Preferences/.GlobalPreferences.plist")
- (home-subpath "/Library/Preferences/.GlobalPreferences_m.plist")
- (home-subpath "/Library/Preferences/com.apple.security.plist")
- (home-subpath "/Library/Preferences/com.apple.Accessibility.plist")
- (home-subpath "/Library/Preferences/com.apple.ATS.plist")
- (home-subpath "/Library/Preferences/com.apple.CoreGraphics.plist")
- (home-subpath "/Library/Preferences/com.apple.DownloadAssessment.plist")
- (home-subpath "/Library/Preferences/com.apple.HIToolbox.plist")
- (home-subpath "/Library/Preferences/com.apple.LaunchServices.plist")
- (home-subpath "/Library/Preferences/com.apple.MultitouchSupport.plist")
- (home-subpath "/Library/Preferences/com.apple.ServicesMenu.Services.plist")
- (home-subpath "/Library/Preferences/com.apple.ViewBridge.plist")
- (home-subpath "/Library/Preferences/com.apple.WebKit.plist")
- (home-subpath "/Library/Preferences/com.apple.WebFoundation.plist")
- (home-subpath "/Library/Preferences/com.apple.avfoundation.plist")
- (home-subpath "/Library/Preferences/com.apple.avfoundation.frecents.plist")
- (home-subpath "/Library/Preferences/com.apple.avfoundation.videoperformancehud.plist")
- (home-subpath "/Library/Preferences/com.apple.coremedia.plist")
- (home-subpath "/Library/Preferences/com.apple.crypto.plist")
- (home-subpath "/Library/Preferences/com.apple.driver.AppleBluetoothMultitouch.mouse.plist")
- (home-subpath "/Library/Preferences/com.apple.driver.AppleBluetoothMultitouch.trackpad.plist")
- (home-subpath "/Library/Preferences/com.apple.driver.AppleHIDMouse.plist")
- (home-subpath "/Library/Preferences/com.apple.lookup.shared.plist")
- (home-subpath "/Library/Preferences/com.apple.mediaaccessibility.plist")
- (home-subpath "/Library/Preferences/com.apple.networkConnect.plist")
- (home-subpath "/Library/Preferences/com.apple.speech.voice.prefs.plist")
- (home-subpath "/Library/Preferences/com.apple.systemsound.plist")
- (home-subpath "/Library/Preferences/com.apple.universalaccess.plist")
- (home-subpath "/Library/Preferences/edu.mit.Kerberos.plist")
- (home-subpath "/Library/Preferences/pbs.plist")
- (home-regex #"/Library/Preferences/ByHost/\.GlobalPreferences\..*\.plist$")
-)
-#endif
+(allow-reading-global-preferences)
-; (Temporary) backward compatibility with non-CFPreferences readers.
-(allow file-read*
- (literal "/Library/Preferences/com.apple.ViewBridge.plist"))
-
-; FIXME: This is needed for some security framework calls (that use non-CFPreferences readers)
-(allow file-read-data
- (literal "/Library/Preferences/com.apple.security.plist")
- (home-subpath "/Library/Preferences/com.apple.security.plist"))
-
;; On-disk WebKit2 framework location, to account for debug installations outside of /System/Library/Frameworks,
;; and to allow issuing extensions.
(allow-read-directory-and-issue-read-extensions (param "WEBKIT2_FRAMEWORK_DIR"))
@@ -1650,24 +1608,6 @@
(set! deny orig-deny)
(set! allow orig-allow))))
-(define (home-library-preferences-regex home-library-preferences-relative-regex)
- (regex (string-append "^" (regex-quote (param "HOME_LIBRARY_PREFERENCES_DIR")) home-library-preferences-relative-regex)))
-
-(define (home-library-preferences-literal home-library-preferences-relative-literal)
- (literal (string-append (param "HOME_LIBRARY_PREFERENCES_DIR") home-library-preferences-relative-literal)))
-
-(define (shared-preferences-read . domains)
- (for-each (lambda (domain)
- (begin
- (if (defined? `user-preference-read)
- (allow user-preference-read (preference-domain domain)))
- ; (Temporary) backward compatibility with non-CFPreferences readers.
- (allow file-read*
- (literal (string-append "/Library/Preferences/" domain ".plist"))
- (home-library-preferences-literal (string-append "/" domain ".plist"))
- (home-library-preferences-regex (string-append #"/ByHost/" (regex-quote domain) #"\..*\.plist$")))))
- domains))
-
;; Media capture, camera access
(with-filter (extension "com.apple.webkit.camera")
(shared-preferences-read "com.apple.cmio")
