Diff
Modified: trunk/Source/WebKit/ChangeLog (289565 => 289566)
--- trunk/Source/WebKit/ChangeLog 2022-02-10 19:56:40 UTC (rev 289565)
+++ trunk/Source/WebKit/ChangeLog 2022-02-10 20:13:19 UTC (rev 289566)
@@ -1,3 +1,40 @@
+2022-02-10 Ben Nham <[email protected]>
+
+ Apply default sandbox to webpushd on Mac
+ https://bugs.webkit.org/show_bug.cgi?id=236342
+
+ Reviewed by Per Arne Vollan.
+
+ This applies a default sandbox profile that allows and logs all operations by webpushd on
+ the Mac. In future patches we'll tighten the sandbox based on the sandbox logs that we
+ receive.
+
+ To do this, I refactored the sandbox initialization logic in AuxiliaryProcess so that it can
+ be called without creating an AuxiliaryProcess instance. This probably should be refactored
+ further (e.g. since webpushd isn't an AuxiliaryProcess, but rather a system daemon). But I
+ wanted to keep the amount of refactoring low for now while we're still figuring things out.
+
+ We also do not currently support compiling and caching the sandbox profiles. We'll add that
+ support later.
+
+ * DerivedSources-input.xcfilelist:
+ * DerivedSources-output.xcfilelist:
+ * DerivedSources.make:
+ * PlatformMac.cmake:
+ * Shared/AuxiliaryProcess.cpp:
+ (WebKit::applySandboxProfileForDaemon):
+ * Shared/AuxiliaryProcess.h:
+ * Shared/mac/AuxiliaryProcessMac.mm:
+ (WebKit::getUserDirectorySuffix):
+ (WebKit::populateSandboxInitializationParameters):
+ (WebKit::AuxiliaryProcess::initializeSandbox):
+ (WebKit::AuxiliaryProcess::applySandboxProfileForDaemon):
+ * WebKit.xcodeproj/project.pbxproj:
+ * webpushd/WebPushDaemonMain.mm:
+ (WebKit::applySandbox):
+ (WebKit::WebPushDaemonMain):
+ * webpushd/mac/com.apple.WebKit.webpushd.sb.in: Added.
+
2022-02-10 Wenson Hsieh <[email protected]>
Support `WebPageProxy::replaceSelectionWithPasteboardData()` on iOS
Modified: trunk/Source/WebKit/Configurations/WebKit.xcconfig (289565 => 289566)
--- trunk/Source/WebKit/Configurations/WebKit.xcconfig 2022-02-10 19:56:40 UTC (rev 289565)
+++ trunk/Source/WebKit/Configurations/WebKit.xcconfig 2022-02-10 20:13:19 UTC (rev 289566)
@@ -179,7 +179,7 @@
EXCLUDED_IOS_RESOURCE_FILE_NAMES = Resources/ios/*;
EXCLUDED_IOS_RESOURCE_FILE_NAMES[sdk=iphone*] = ;
-EXCLUDED_MACOS_PLUGIN_FILE_NAMES[sdk=iphone*] = SecItemShim.dylib WebProcessShim.dylib *.pdf Resources/mac/* com.apple.WebKit.NetworkProcess.sb com.apple.WebKit.GPUProcess.sb com.apple.WebKit.WebAuthnProcess.sb com.apple.WebProcess.sb;
+EXCLUDED_MACOS_PLUGIN_FILE_NAMES[sdk=iphone*] = SecItemShim.dylib WebProcessShim.dylib *.pdf Resources/mac/* com.apple.WebKit.NetworkProcess.sb com.apple.WebKit.GPUProcess.sb com.apple.WebKit.WebAuthnProcess.sb com.apple.WebKit.webpushd.sb com.apple.WebProcess.sb;
INSTALLHDRS_SCRIPT_PHASE = YES;
APPLY_RULES_IN_COPY_HEADERS = $(WK_USE_NEW_BUILD_SYSTEM);
Modified: trunk/Source/WebKit/DerivedSources-input.xcfilelist (289565 => 289566)
--- trunk/Source/WebKit/DerivedSources-input.xcfilelist 2022-02-10 19:56:40 UTC (rev 289565)
+++ trunk/Source/WebKit/DerivedSources-input.xcfilelist 2022-02-10 20:13:19 UTC (rev 289566)
@@ -248,3 +248,4 @@
$(PROJECT_DIR)/WebProcess/cocoa/UserMediaCaptureManager.messages.in
$(PROJECT_DIR)/WebProcess/cocoa/VideoFullscreenManager.messages.in
$(PROJECT_DIR)/WebProcess/com.apple.WebProcess.sb.in
+$(PROJECT_DIR)/webpushd/mac/com.apple.WebKit.webpushd.sb.in
Modified: trunk/Source/WebKit/DerivedSources-output.xcfilelist (289565 => 289566)
--- trunk/Source/WebKit/DerivedSources-output.xcfilelist 2022-02-10 19:56:40 UTC (rev 289565)
+++ trunk/Source/WebKit/DerivedSources-output.xcfilelist 2022-02-10 20:13:19 UTC (rev 289566)
@@ -645,5 +645,6 @@
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebKit/com.apple.WebKit.WebAuthnProcess.sb
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebKit/com.apple.WebKit.WebContent.sb
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebKit/com.apple.WebKit.plugin-common.sb
+$(BUILT_PRODUCTS_DIR)/DerivedSources/WebKit/com.apple.WebKit.webpushd.sb
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebKit/com.apple.WebProcess.sb
<<<<<<< HEAD
Modified: trunk/Source/WebKit/DerivedSources.make (289565 => 289566)
--- trunk/Source/WebKit/DerivedSources.make 2022-02-10 19:56:40 UTC (rev 289565)
+++ trunk/Source/WebKit/DerivedSources.make 2022-02-10 20:13:19 UTC (rev 289566)
@@ -104,6 +104,7 @@
$(WebKit2)/UIProcess/WebAuthentication \
$(WebKit2)/UIProcess/mac \
$(WebKit2)/UIProcess/ios \
+ $(WebKit2)/webpushd/mac \
$(WEBKITADDITIONS_HEADER_SEARCH_PATHS) \
#
@@ -351,7 +352,8 @@
com.apple.WebProcess.sb \
com.apple.WebKit.NetworkProcess.sb \
com.apple.WebKit.GPUProcess.sb \
- com.apple.WebKit.WebAuthnProcess.sb
+ com.apple.WebKit.WebAuthnProcess.sb \
+ com.apple.WebKit.webpushd.sb
SANDBOX_PROFILES_IOS = \
com.apple.WebKit.WebContent.sb \
Modified: trunk/Source/WebKit/PlatformMac.cmake (289565 => 289566)
--- trunk/Source/WebKit/PlatformMac.cmake 2022-02-10 19:56:40 UTC (rev 289565)
+++ trunk/Source/WebKit/PlatformMac.cmake 2022-02-10 20:13:19 UTC (rev 289566)
@@ -838,6 +838,12 @@
VERBATIM)
list(APPEND WebKit_SB_FILES ${WebKit_RESOURCES_DIR}/com.apple.WebKit.WebAuthnProcess.sb)
endif ()
+ if (ENABLE_BUILT_IN_NOTIFICATIONS)
+ add_custom_command(OUTPUT ${WebKit_RESOURCES_DIR}/com.apple.WebKit.webpushd.sb COMMAND
+ grep -o "^[^;]*" ${WEBKIT_DIR}/webpushd/mac/com.apple.WebKit.webpushd.sb.in | clang -E -P -w -include wtf/Platform.h -I ${WTF_FRAMEWORK_HEADERS_DIR} -I ${bmalloc_FRAMEWORK_HEADERS_DIR} -I ${WEBKIT_DIR} - > ${WebKit_RESOURCES_DIR}/com.apple.WebKit.webpushd.sb
+ VERBATIM)
+ list(APPEND WebKit_SB_FILES ${WebKit_RESOURCES_DIR}/com.apple.WebKit.webpushd.sb)
+ endif ()
add_custom_target(WebKitSandboxProfiles ALL DEPENDS ${WebKit_SB_FILES})
add_dependencies(WebKit WebKitSandboxProfiles)
Modified: trunk/Source/WebKit/Shared/AuxiliaryProcess.cpp (289565 => 289566)
--- trunk/Source/WebKit/Shared/AuxiliaryProcess.cpp 2022-02-10 19:56:40 UTC (rev 289565)
+++ trunk/Source/WebKit/Shared/AuxiliaryProcess.cpp 2022-02-10 20:13:19 UTC (rev 289566)
@@ -277,6 +277,12 @@
}
#endif
+#if !PLATFORM(MAC)
+static void applySandboxProfileForDaemon(const String&, const String&)
+{
+}
+#endif
+
#endif // !PLATFORM(COCOA)
} // namespace WebKit
Modified: trunk/Source/WebKit/Shared/AuxiliaryProcess.h (289565 => 289566)
--- trunk/Source/WebKit/Shared/AuxiliaryProcess.h 2022-02-10 19:56:40 UTC (rev 289565)
+++ trunk/Source/WebKit/Shared/AuxiliaryProcess.h 2022-02-10 20:13:19 UTC (rev 289566)
@@ -87,6 +87,8 @@
void setQOS(int latencyQOS, int throughputQOS);
#endif
+ static void applySandboxProfileForDaemon(const String& profilePath, const String& userDirectorySuffix);
+
IPC::Connection* parentProcessConnection() const { return m_connection.get(); }
IPC::MessageReceiverMap& messageReceiverMap() { return m_messageReceiverMap; }
Modified: trunk/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm (289565 => 289566)
--- trunk/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm 2022-02-10 19:56:40 UTC (rev 289565)
+++ trunk/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm 2022-02-10 20:13:19 UTC (rev 289566)
@@ -637,25 +637,27 @@
#endif // USE(CACHE_COMPILED_SANDBOX)
}
-static void initializeSandboxParameters(const AuxiliaryProcessInitializationParameters& parameters, SandboxInitializationParameters& sandboxParameters)
+static String getUserDirectorySuffix(const AuxiliaryProcessInitializationParameters& parameters)
{
- // Verify user directory suffix.
- if (sandboxParameters.userDirectorySuffix().isNull()) {
- auto userDirectorySuffix = parameters.extraInitializationData.find("user-directory-suffix");
- if (userDirectorySuffix != parameters.extraInitializationData.end()) {
- String suffix = userDirectorySuffix->value;
- auto firstPathSeparator = suffix.find("/");
- if (firstPathSeparator != notFound)
- suffix.truncate(firstPathSeparator);
- sandboxParameters.setUserDirectorySuffix(suffix);
- } else {
- String clientIdentifier = codeSigningIdentifier(parameters.connectionIdentifier.xpcConnection.get());
- if (clientIdentifier.isNull())
- clientIdentifier = parameters.clientIdentifier;
- sandboxParameters.setUserDirectorySuffix(makeString([[NSBundle mainBundle] bundleIdentifier], '+', clientIdentifier));
- }
+ auto userDirectorySuffix = parameters.extraInitializationData.find("user-directory-suffix");
+ if (userDirectorySuffix != parameters.extraInitializationData.end()) {
+ String suffix = userDirectorySuffix->value;
+ auto firstPathSeparator = suffix.find("/");
+ if (firstPathSeparator != notFound)
+ suffix.truncate(firstPathSeparator);
+ return suffix;
}
+ String clientIdentifier = codeSigningIdentifier(parameters.connectionIdentifier.xpcConnection.get());
+ if (clientIdentifier.isNull())
+ clientIdentifier = parameters.clientIdentifier;
+ return makeString([[NSBundle mainBundle] bundleIdentifier], '+', clientIdentifier);
+}
+
+static void populateSandboxInitializationParameters(SandboxInitializationParameters& sandboxParameters)
+{
+ RELEASE_ASSERT(!sandboxParameters.userDirectorySuffix().isNull());
+
String osSystemMarketingVersion = systemMarketingVersion();
Vector<String> osVersionParts = osSystemMarketingVersion.split('.');
if (osVersionParts.size() < 2) {
@@ -714,7 +716,7 @@
TraceScope traceScope(InitializeSandboxStart, InitializeSandboxEnd);
#if USE(CACHE_COMPILED_SANDBOX)
- // This must be called before initializeSandboxParameters so that the path does not include the user directory suffix.
+ // This must be called before populateSandboxInitializationParameters so that the path does not include the user directory suffix.
// We don't want the user directory suffix because we want all processes of the same type to use the same cache directory.
String dataVaultParentDirectory { sandboxDataVaultParentDirectory() };
#else
@@ -727,8 +729,11 @@
#endif
sandboxParameters.addParameter("ENABLE_SANDBOX_MESSAGE_FILTER", enableMessageFilter ? "YES" : "NO");
- initializeSandboxParameters(parameters, sandboxParameters);
+ if (sandboxParameters.userDirectorySuffix().isNull())
+ sandboxParameters.setUserDirectorySuffix(getUserDirectorySuffix(parameters));
+ populateSandboxInitializationParameters(sandboxParameters);
+
if (!applySandbox(parameters, sandboxParameters, dataVaultParentDirectory)) {
WTFLogAlways("%s: Unable to apply sandbox\n", getprogname());
CRASH();
@@ -744,6 +749,24 @@
}
}
+void AuxiliaryProcess::applySandboxProfileForDaemon(const String& profilePath, const String& userDirectorySuffix)
+{
+ TraceScope traceScope(InitializeSandboxStart, InitializeSandboxEnd);
+
+ SandboxInitializationParameters parameters { };
+ parameters.setOverrideSandboxProfilePath(profilePath);
+ parameters.setUserDirectorySuffix(userDirectorySuffix);
+ populateSandboxInitializationParameters(parameters);
+
+ String profileOrProfilePath;
+ bool isProfilePath;
+ getSandboxProfileOrProfilePath(parameters, profileOrProfilePath, isProfilePath);
+ RELEASE_ASSERT(!profileOrProfilePath.isEmpty());
+
+ bool success = compileAndApplySandboxSlowCase(profileOrProfilePath, isProfilePath, parameters);
+ RELEASE_ASSERT(success);
+}
+
#if USE(APPKIT)
void AuxiliaryProcess::stopNSAppRunLoop()
{
Modified: trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj (289565 => 289566)
--- trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2022-02-10 19:56:40 UTC (rev 289565)
+++ trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2022-02-10 20:13:19 UTC (rev 289566)
@@ -2011,6 +2011,7 @@
E5DEFA6826F8F42600AB68DB /* PhotosUISPI.h in Headers */ = {isa = PBXBuildFile; fileRef = E5DEFA6726F8F42600AB68DB /* PhotosUISPI.h */; };
EB36B16827A7B4500050E00D /* PushService.h in Headers */ = {isa = PBXBuildFile; fileRef = EB36B16627A7B4500050E00D /* PushService.h */; };
EB36B16927A7B4500050E00D /* PushService.mm in Sources */ = {isa = PBXBuildFile; fileRef = EB36B16727A7B4500050E00D /* PushService.mm */; };
+ EB7D252B27B31B77009CB586 /* com.apple.WebKit.webpushd.sb in Resources */ = {isa = PBXBuildFile; fileRef = EB7D252A27B31B3F009CB586 /* com.apple.WebKit.webpushd.sb */; };
EBA8D3AB27A5E31300CB7900 /* ApplePushServiceSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = EBA8D3AA27A5E31300CB7900 /* ApplePushServiceSPI.h */; };
EBA8D3B227A5E33F00CB7900 /* ApplePushServiceConnection.mm in Sources */ = {isa = PBXBuildFile; fileRef = EBA8D3AC27A5E33E00CB7900 /* ApplePushServiceConnection.mm */; };
EBA8D3B327A5E33F00CB7900 /* MockPushServiceConnection.h in Headers */ = {isa = PBXBuildFile; fileRef = EBA8D3AD27A5E33E00CB7900 /* MockPushServiceConnection.h */; };
@@ -6506,6 +6507,8 @@
EB0D312E275AE13300863D8F /* com.apple.webkit.webpushd.ios.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = com.apple.webkit.webpushd.ios.plist; sourceTree = "<group>"; };
EB36B16627A7B4500050E00D /* PushService.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PushService.h; sourceTree = "<group>"; };
EB36B16727A7B4500050E00D /* PushService.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = PushService.mm; sourceTree = "<group>"; };
+ EB7D252927B316A6009CB586 /* com.apple.WebKit.webpushd.sb.in */ = {isa = PBXFileReference; lastKnownFileType = text; path = com.apple.WebKit.webpushd.sb.in; sourceTree = "<group>"; };
+ EB7D252A27B31B3F009CB586 /* com.apple.WebKit.webpushd.sb */ = {isa = PBXFileReference; lastKnownFileType = file; name = com.apple.WebKit.webpushd.sb; path = DerivedSources/WebKit/com.apple.WebKit.webpushd.sb; sourceTree = BUILT_PRODUCTS_DIR; };
EBA8D3AA27A5E31300CB7900 /* ApplePushServiceSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ApplePushServiceSPI.h; sourceTree = "<group>"; };
EBA8D3AC27A5E33E00CB7900 /* ApplePushServiceConnection.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ApplePushServiceConnection.mm; sourceTree = "<group>"; };
EBA8D3AD27A5E33E00CB7900 /* MockPushServiceConnection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MockPushServiceConnection.h; sourceTree = "<group>"; };
@@ -10160,6 +10163,7 @@
5C157A0A2717C9F100ED5280 /* webpushd */ = {
isa = PBXGroup;
children = (
+ EB7D252827B316A6009CB586 /* mac */,
517B5F63275A8D5C002DC22D /* webpushtool */,
5160E954274B887100567388 /* AppBundleRequest.h */,
5160E953274B887100567388 /* AppBundleRequest.mm */,
@@ -12094,6 +12098,7 @@
7A1506721DD56298001F4B58 /* com.apple.WebKit.plugin-common.sb */,
572EBBC32536AB84000552B3 /* com.apple.WebKit.WebAuthnProcess.sb */,
E30CFB9D2660663C0094D9C0 /* com.apple.WebKit.WebContent.sb */,
+ EB7D252A27B31B3F009CB586 /* com.apple.WebKit.webpushd.sb */,
E1967E37150AB5E200C73169 /* com.apple.WebProcess.sb */,
1AB7D6171288B9D900CFD08C /* DownloadProxyMessageReceiver.cpp */,
1AB7D6181288B9D900CFD08C /* DownloadProxyMessages.h */,
@@ -12742,6 +12747,14 @@
path = cache;
sourceTree = "<group>";
};
+ EB7D252827B316A6009CB586 /* mac */ = {
+ isa = PBXGroup;
+ children = (
+ EB7D252927B316A6009CB586 /* com.apple.WebKit.webpushd.sb.in */,
+ );
+ path = mac;
+ sourceTree = "<group>";
+ };
F638955A133BF57D008941D5 /* mac */ = {
isa = PBXGroup;
children = (
@@ -13431,6 +13444,7 @@
E18E6918169B667B009B6670 /* SecItemShimProxyMessages.h in Headers */,
570AB8F320AE3BD700B8BE87 /* SecKeyProxyStore.h in Headers */,
514D9F5719119D35000063A7 /* ServicesController.h in Headers */,
+ 5164658027A9C77400E1F2BA /* ServiceWorkerNotificationHandler.h in Headers */,
1AFDE65A1954A42B00C48FFA /* SessionState.h in Headers */,
1A002D49196B345D00B9AD44 /* SessionStateCoding.h in Headers */,
93E799CE2760497B0074008A /* SessionStorageManager.h in Headers */,
@@ -14643,6 +14657,7 @@
E17AE2C316B9C63A001C42F2 /* com.apple.WebKit.GPUProcess.sb in Resources */,
E17AE2C316B9C63A001C42F1 /* com.apple.WebKit.NetworkProcess.sb in Resources */,
572EBBC42536AB84000552B3 /* com.apple.WebKit.WebAuthnProcess.sb in Resources */,
+ EB7D252B27B31B77009CB586 /* com.apple.WebKit.webpushd.sb in Resources */,
E11D35AE16B63D1B006D23D7 /* com.apple.WebProcess.sb in Resources */,
6BE969C11E54D452008B7483 /* corePrediction_model in Resources */,
8DC2EF530486A6940098B216 /* InfoPlist.strings in Resources */,
Modified: trunk/Source/WebKit/webpushd/WebPushDaemonMain.mm (289565 => 289566)
--- trunk/Source/WebKit/webpushd/WebPushDaemonMain.mm 2022-02-10 19:56:40 UTC (rev 289565)
+++ trunk/Source/WebKit/webpushd/WebPushDaemonMain.mm 2022-02-10 20:13:19 UTC (rev 289566)
@@ -26,6 +26,7 @@
#import "config.h"
#import "WebPushDaemonMain.h"
+#import "AuxiliaryProcess.h"
#import "DaemonConnection.h"
#import "DaemonDecoder.h"
#import "DaemonEncoder.h"
@@ -71,11 +72,22 @@
namespace WebKit {
+static void applySandbox()
+{
+#if PLATFORM(MAC)
+ NSBundle *bundle = [NSBundle bundleWithIdentifier:@"com.apple.WebKit"];
+ auto profilePath = makeString(String([bundle resourcePath]), "/com.apple.WebKit.webpushd.sb");
+ AuxiliaryProcess::applySandboxProfileForDaemon(profilePath, "com.apple.webkit.webpushd"_s);
+#endif
+}
+
int WebPushDaemonMain(int argc, char** argv)
{
@autoreleasepool {
WTF::initializeMainThread();
+ applySandbox();
+
#if !LOG_DISABLED || !RELEASE_LOG_DISABLED
WTF::logChannels().initializeLogChannelsIfNecessary();
WebCore::logChannels().initializeLogChannelsIfNecessary();
Added: trunk/Source/WebKit/webpushd/mac/com.apple.WebKit.webpushd.sb.in (0 => 289566)
--- trunk/Source/WebKit/webpushd/mac/com.apple.WebKit.webpushd.sb.in (rev 0)
+++ trunk/Source/WebKit/webpushd/mac/com.apple.WebKit.webpushd.sb.in 2022-02-10 20:13:19 UTC (rev 289566)
@@ -0,0 +1,25 @@
+; Copyright (C) 2022 Apple Inc. All rights reserved.
+;
+; Redistribution and use in source and binary forms, with or without
+; modification, are permitted provided that the following conditions
+; are met:
+; 1. Redistributions of source code must retain the above copyright
+; notice, this list of conditions and the following disclaimer.
+; 2. Redistributions in binary form must reproduce the above copyright
+; notice, this list of conditions and the following disclaimer in the
+; documentation and/or other materials provided with the distribution.
+;
+; THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+; BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+; THE POSSIBILITY OF SUCH DAMAGE.
+
+(version 1)
+(allow (with report) default)
