com.apple.WebKit.WebContent.sb [plain text]
; Copyright (C) 2010-2018 Apple Inc. All rights reserved.
;
; Redistribution and use in source and binary forms, with or without
; modification, are permitted provided that the following conditions
; are met:
; 1. Redistributions of source code must retain the above copyright
; notice, this list of conditions and the following disclaimer.
; 2. Redistributions in binary form must reproduce the above copyright
; notice, this list of conditions and the following disclaimer in the
; documentation and/or other materials provided with the distribution.
;
; THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
; BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
; SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
; INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
; CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
; ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
; THE POSSIBILITY OF SUCH DAMAGE.
(version 1)
(deny default (with partial-symbolication))
(allow system-audit file-read-metadata)
(deny mach-lookup (xpc-service-name-prefix ""))
(import "common.sb")
(deny lsopen)
;;;
;;; The following rules were originally contained in 'UIKit-apps.sb'. We are duplicating them here so we can
;;; remove unneeded sandbox extensions.
;;;
;;; <rdar://problem/29959382> Allow UIKit apps access to com.apple.TextInput.preferences mach service
(allow mach-lookup
(global-name "com.apple.TextInput.preferences"))
(allow mach-lookup
(xpc-service-name "com.apple.siri.context.service"))
(allow mach-lookup
(global-name "com.apple.frontboard.systemappservices") ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
(global-name-regex #"^com\.apple\.uikit\.viewservice\..+"))
;; Any app could use ubiquity.
(ubiquity-client)
;; Any app can play audio & movies.
(play-audio)
(play-media)
;; Access to media controls
(media-remote)
(url-translation)
;; For <rdar://problem/20812377> All applications need to be able to access the com.apple.UIKit.KeyboardManagement running in backboardd
;; renamed in <rdar://problem/20909914> Rename com.apple.UIKit.KeyboardManagement
(allow mach-lookup
(global-name "com.apple.UIKit.KeyboardManagement")
(global-name "com.apple.UIKit.KeyboardManagement.hosted"))
;; TextInput framework
(allow mach-lookup
(global-name "com.apple.TextInput")
(global-name "com.apple.TextInput.emoji")
(global-name "com.apple.TextInput.image-cache-server")
(global-name "com.apple.TextInput.lexicon-server")
(global-name "com.apple.TextInput.rdt")
(global-name "com.apple.TextInput.shortcuts"))
(mobile-preferences-read "com.apple.da")
;; Various Accessibility services.
(allow mach-lookup
(xpc-service-name "com.apple.accessibility.AccessibilityUIServer")) ; Needed for Zoom focus updates
;; ZoomTouch
;; <rdar://problem/11823957>
(allow mach-lookup
(global-name "com.apple.accessibility.AXBackBoardServer"))
;; Speak Selection & VoiceOver
;; <rdar://problem/12030530> AX: Sandbox violation with changing Language while VO is on
;; and <rdar://problem/13071747>
(mobile-preferences-read
"com.apple.SpeakSelection" ; Needed for WebSpeech
"com.apple.VoiceOverTouch" ; Needed for non-US english language synthesis
"com.apple.voiceservices") ; Ditto
(allow mach-lookup
(global-name "com.apple.audio.AudioComponentPrefs")
(global-name "com.apple.audio.AudioComponentRegistrar")
(global-name "com.apple.audio.AudioQueueServer"))
(allow mach-register
(local-name "com.apple.iphone.axserver")) ; Needed for Application Accessibility
;; <rdar://problem/14555119> Access to high quality speech voices
;; Needed for WebSpeech
(allow file-read*
(home-subpath "/Library/VoiceServices/Assets")
(home-subpath "/Library/Assets/com_apple_MobileAsset_VoiceServicesVocalizerVoice"))
;; HearingAidSupport
(allow mach-lookup
(xpc-service-name "com.apple.accessibility.heard"))
;; MediaAccessibility (captions)
;; <rdar://problem/12801477>
(mobile-preferences-read "com.apple.mediaaccessibility")
(allow mach-lookup (global-name "com.apple.accessibility.mediaaccessibilityd"))
;; Permit reading assets via MobileAsset framework.
(asset-access 'with-media-playback)
;; Network Extensions / VPN helper.
(allow mach-lookup
(global-name "com.apple.nehelper")
(global-name "com.apple.nesessionmanager"))
;; allow 3rd party applications to access nsurlstoraged's top level domain data cache
(allow-well-known-system-group-container-literal-read
"/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
;; Access the keyboards
(allow file-read*
(home-subpath "/Library/Caches/com.apple.keyboards"))
;; NSExtension helper for supplying information not provided by PlugInKit
(allow mach-lookup
(xpc-service-name "com.apple.uifoundation-bundle-helper"))
;; <rdar://problem/19525887>
(allow mach-lookup (xpc-service-name-regex #"\.apple-extension-service$"))
;; <rdar://problem/31252371>
(allow mach-lookup (xpc-service-name-regex #"\.viewservice$"))
;; Power logging
(allow mach-lookup
(global-name "com.apple.powerlog.plxpclogger.xpc")) ;; <rdar://problem/36442803>
(mobile-preferences-read
"com.apple.EmojiPreferences"
; <rdar://problem/8477596> com.apple.InputModePreferences
"com.apple.InputModePreferences"
; <rdar://problem/8206632> Weather(1038) deny file-read-data ~/Library/Preferences/com.apple.keyboard.plist
"com.apple.keyboard"
; <rdar://problem/9384085>
"com.apple.Preferences"
"com.apple.lookup.shared" ; Needed for DataDetector (Spotlight) support
)
;; <rdar://problem/12985925> Need read access to /var/mobile/Library/Fonts to all apps
(allow file-read*
(home-subpath "/Library/Fonts"))
;; <rdar://problem/7344719&26323449> LaunchServices app icons
(allow file-read*
(well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
(allow mach-lookup
(xpc-service-name "com.apple.lsdiconservice"))
;; Common mach services needed by UIKit.
(allow mach-lookup
(global-name "com.apple.CARenderServer")
(global-name "com.apple.KeyboardServices.TextReplacementService")
(global-name "com.apple.assertiond.applicationstateconnection")
(global-name "com.apple.assertiond.expiration")
(global-name "com.apple.assertiond.processinfoservice")
(global-name "com.apple.audio.SystemSoundServer-iOS")
(global-name "com.apple.backboard.TouchDeliveryPolicyServer")
(global-name "com.apple.backboard.animation-fence-arbiter")
(global-name "com.apple.backboard.display.services")
(global-name "com.apple.backboard.hid.focus")
(global-name "com.apple.backboard.hid.services")
(global-name "com.apple.iohideventsystem")
(global-name "com.apple.iphone.axserver-systemwide")
(global-name "com.apple.frontboard.workspace")
(global-name "com.apple.frontboard.systemappservices"))
(allow-preferences-common)
;; CoreMotion
(mobile-preferences-read "com.apple.CoreMotion")
;; CoreMotion’s deviceMotion API
(with-filter
(require-any
(iokit-registry-entry-class "AppleOscarNub")
(iokit-registry-entry-class "AppleSPUHIDInterface"))
(allow iokit-get-properties
(iokit-property "gyro-interrupt-calibration")))
(with-filter
(iokit-registry-entry-class "IOHIDEventServiceFastPathUserClient")
(allow iokit-open)
(allow iokit-get-properties iokit-set-properties
(iokit-property "interval"
"mode"
"QueueSize"
"useMag"))
(allow iokit-get-properties
(iokit-property "client")))
;; Home Button
(with-filter (iokit-registry-entry-class "IOPlatformDevice")
(allow iokit-get-properties
(iokit-property "home-button-type")))
;; Common preferences read by UIKit.
(mobile-preferences-read "com.apple.Accessibility"
"com.apple.UIKit"
"com.apple.WebUI"
"com.apple.airplay"
"com.apple.avkit"
"com.apple.coreanimation"
"com.apple.mt"
"com.apple.preferences.sounds")
;; Silence sandbox violations from apps trying to create the empty plist if it doesn't exist.
;; <rdar://problem/13796537>
(deny file-write-create
(home-prefix "/Library/Preferences/com.apple.UIKit.plist")
(with no-report))
;; <rdar://problem/10809394>
(deny file-write-create
(home-prefix "/Library/Preferences/com.apple.Accessibility.plist")
(with no-report))
;; <rdar://problem/9404009>
(mobile-preferences-read "kCFPreferencesAnyApplication")
;; <rdar://problem/10266866>
(marco-logging-client)
;; <rdar://problem/12250145>
(mobile-preferences-read "com.apple.mediaaccessibility")
; Dictionary Services used by UITextFields.
; <rdar://problem/9386926>
(allow-create-directory
(home-literal "/Library/Caches/com.apple.DictionaryServices"))
; <rdar://problem/8548856> Sub-TLF: Sandbox change for apps for read-only access to the dictionary directory/data
(allow file-read*
; XXX - /Library ought to be allowed in all UI profiles but isn't (CF, MobileSafari)
(subpath "/Library/Dictionaries")
(home-subpath "/Library/Dictionaries"))
; <rdar://problem/8440231>
(allow file-read*
(home-literal "/Library/Caches/DateFormats.plist"))
; Silently deny writes when CFData attempts to write to the cache directory.
(deny file-write*
(home-literal "/Library/Caches/DateFormats.plist")
(with no-log))
; UIKit-required IOKit nodes.
(allow iokit-open
(iokit-user-client-class "AppleJPEGDriverUserClient")
(iokit-user-client-class "IOSurfaceAcceleratorClient")
(iokit-user-client-class "IOSurfaceSendRight")
;; Requires by UIView -> UITextMagnifierRenderer -> UIWindow
(iokit-user-client-class "IOSurfaceRootUserClient"))
;; <rdar://problem/12675621>
(allow iokit-open
(iokit-user-client-class "IOHIDLibUserClient"))
(framebuffer-access)
;; <rdar://problem/7822790>
(mobile-keybag-access)
; <rdar://problem/7595408> , <rdar://problem/7643881>
(opengl)
(location-services)
; CRCopyRestrictionsDictionary periodically tries to CFPreferencesAppSynchronize com.apple.springboard.plist
; which will attempt to create the plist if it doesn't exist -- from any application. Only SpringBoard is
; allowed to write its plist; ignore all others, they don't know what they are doing.
; See <rdar://problem/9375027> for sample backtraces.
(deny file-write*
(home-prefix "/Library/Preferences/com.apple.springboard.plist")
(with no-log))
;; <rdar://problem/34092690>
(allow mach-lookup
(xpc-service-name "com.apple.avkit.SharedPreferences"))
;; <rdar://problem/34986314>
(mobile-preferences-read "com.apple.indigo")
;; <rdar://problem/35417382>, <rdar://problem/35518557>
(allow mach-lookup
(global-name "com.apple.corespotlightservice"))
;; <rdar://problem/35446577>
(allow mach-lookup
(global-name "com.apple.coremedia.endpointplaybacksession.xpc"))
;; <rdar://problem/35509194>
(allow mach-lookup
(global-name "com.apple.coremedia.endpointremotecontrolsession.xpc"))
;;;
;;; End UIKit-apps.sb content
;;;
(deny sysctl*)
(allow sysctl-read
(sysctl-name
"hw.availcpu"
"hw.ncpu"
"hw.model"
"kern.memorystatus_level"
"vm.footprint_suspend"))
(deny iokit-get-properties (with partial-symbolication))
(allow iokit-get-properties
(iokit-property-regex #"^AAPL,(DisplayPipe|OpenCLdisabled|IOGraphics_LER(|_RegTag_1|_RegTag_0|_Busy_2)|alias-policy|boot-display|display-alias|mux-switch-state|ndrv-dev|primary-display|slot-name)")
(iokit-property "APTDevice")
(iokit-property-regex #"^AppleJPEG(NumCores|Supports(AppleInterchangeFormats|MissingEOI|RSTLogging))")
(iokit-property "BaseAddressAlignmentRequirement")
(iokit-property-regex #"^DisplayPipe(PlaneBaseAlignment|StrideRequirements)")
(iokit-property-regex #"^IOGL(|ES(|Metal))BundleName")
(iokit-property "IOGLESDefaultUseMetal")
(iokit-property "IOClassNameOverride")
(iokit-property "IOSurfaceAcceleratorCapabilitiesDict")
(iokit-property-regex #"^MetalPlugin(Name|ClassName)")
(iokit-property "artwork-device-subtype")
(iokit-property "device-perf-memory-class")
(iokit-property "emu")
(iokit-property "hdcp-hoover-protocol")
(iokit-property "iommu-present")
(iokit-property "product-id")
(iokit-property "software-behavior")
)
;; Read-only preferences and data
(mobile-preferences-read
"com.apple.LaunchServices"
"com.apple.WebFoundation"
"com.apple.mobileipod"
"com.apple.avfoundation.frecents" ;; <rdar://problem/33137029>
"com.apple.avfoundation.videoperformancehud" ;; <rdar://problem/31594568>
"com.apple.voiceservices.logging")
;; Sandbox extensions
(define (apply-read-and-issue-extension op path-filter)
(op file-read* path-filter)
(op file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read") path-filter)))
(define (apply-write-and-issue-extension op path-filter)
(op file-write* path-filter)
(op file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read-write") path-filter)))
(define (read-only-and-issue-extensions path-filter)
(apply-read-and-issue-extension allow path-filter))
(define (read-write-and-issue-extensions path-filter)
(apply-read-and-issue-extension allow path-filter)
(apply-write-and-issue-extension allow path-filter))
(read-only-and-issue-extensions (extension "com.apple.app-sandbox.read"))
(read-write-and-issue-extensions (extension "com.apple.app-sandbox.read-write"))
;; Access to client's cache folder & re-vending to CFNetwork.
;; FIXME: Remove the webkti specific extension classes <rdar://problem/17755931>
(allow file-issue-extension (require-all
(extension "com.apple.app-sandbox.read-write")
(extension-class "com.apple.nsurlstorage.extension-cache")))
;; MediaAccessibility
(mobile-preferences-read "com.apple.mediaaccessibility")
(mobile-preferences-read-write "com.apple.mediaaccessibility.public")
;; Remote Web Inspector
(allow mach-lookup
(global-name "com.apple.webinspector"))
;; Various services required by CFNetwork and other frameworks
(allow mach-lookup
(global-name "com.apple.PowerManagement.control")
(global-name "com.apple.accountsd.accountmanager")
(global-name "com.apple.analyticsd")
(global-name "com.apple.coremedia.audiodeviceclock"))
(deny file-write-create (vnode-type SYMLINK))
(deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))
;; Allow loading injected bundles.
(allow file-map-executable)
;; AWD logging
(awd-log-directory "com.apple.WebKit.WebContent")
;; Allow ManagedPreference access
(allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
(allow file-read-data
(literal "/usr/local/lib/log") ; <rdar://problem/36629495>
)
;; Allow mediaserverd to issue file extensions for the purposes of reading media
(allow file-issue-extension (require-all
(extension "com.apple.app-sandbox.read")
(extension-class "com.apple.mediaserverd.read")))
;; Allow CoreMedia to communicate with mediaserverd in order to implement custom media loading
(allow mach-lookup
(global-name "com.apple.coremedia.customurlloader.xpc"))
;; Media capture, microphone access
(with-filter (extension "com.apple.webkit.microphone")
(allow device-microphone))
;; Media capture, camera access
(with-filter (extension "com.apple.webkit.camera")
(allow user-preference-read
(preference-domain "com.apple.coremedia"))
(allow file-read* (subpath "/Library/CoreMediaIO/Plug-Ins/DAL"))
(allow mach-lookup (extension "com.apple.app-sandbox.mach"))
(allow device-camera))
;; Support incoming video connections
(allow mach-lookup
(global-name "com.apple.audio.audiohald")
(global-name "com.apple.coremedia.compressionsession")
(global-name "com.apple.coremedia.decompressionsession")
(global-name "com.apple.coremedia.videoqueue"))