Changeset 225763 in webkit


Ignore:
Timestamp:
Dec 11, 2017 4:39:37 PM (6 years ago)
Author:
Brent Fulgham
Message:

[iOS] Remove unused services from WebContent Process sandbox
https://bugs.webkit.org/show_bug.cgi?id=180670

Reviewed by Eric Carlson.

Pare down the set of sandbox exceptions in the iOS WebContent process sandbox to just
those services actually in use:

  1. Remove unused code.
  2. Instead of defining a 'UIKit-app' function and calling it, just declare the individual sandbox

commands inline. This will allow them to be more easily consolidated with other parts of the
sandbox in a future step.

This update should not change behavior.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r225760 r225763  
     12017-12-11  Brent Fulgham  <bfulgham@apple.com>
     2
     3        [iOS] Remove unused services from WebContent Process sandbox
     4        https://bugs.webkit.org/show_bug.cgi?id=180670
     5
     6        Reviewed by Eric Carlson.
     7
     8        Pare down the set of sandbox exceptions in the iOS WebContent process sandbox to just
     9        those services actually in use:
     10        1. Remove unused code.
     11        2. Instead of defining a 'UIKit-app' function and calling it, just declare the individual sandbox
     12        commands inline. This will allow them to be more easily consolidated with other parts of the
     13        sandbox in a future step.
     14
     15        This update should not change behavior.
     16
     17        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
     18
    1192017-12-11  Chris Dumez  <cdumez@apple.com>
    220
  • trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

    r225754 r225763  
    3535;;;
    3636
    37 ;;;
    38 ;;; Declare that the process hosts UI provided by another process.
    39 ;;; (This could potentially be any application; see <rdar://problem/11034833> and
    40 ;;;  <rdar://problem/11330224> for details)
    41 ;;;
    42 (define-once (remote-view-client)
     37;;; <rdar://problem/29959382> Allow UIKit apps access to com.apple.TextInput.preferences mach service
     38(allow mach-lookup
     39    (global-name "com.apple.TextInput.preferences"))
     40
     41(allow mach-lookup
     42    (xpc-service-name "com.apple.siri.context.service"))
     43
     44(allow mach-lookup
     45    (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
     46    (global-name-regex #"^com\.apple\.uikit\.viewservice\..+"))
     47
     48;; Any app could use ubiquity.
     49(ubiquity-client)
     50
     51;; Any app can play audio & movies.
     52(play-audio)
     53(play-media)
     54
     55(url-translation)
     56
     57;; For <rdar://problem/20812377> All applications need to be able to access the com.apple.UIKit.KeyboardManagement running in backboardd
     58;; renamed in <rdar://problem/20909914> Rename com.apple.UIKit.KeyboardManagement
     59(allow mach-lookup
     60    (global-name "com.apple.UIKit.KeyboardManagement")
     61    (global-name "com.apple.UIKit.KeyboardManagement.hosted"))
     62
     63;; For <rdar://problem/23469318> Allow UIKit-based apps to access com.apple.remote-text-editing mach service
     64;; and <rdar://problem/23579008> REM: Allow UIKit-based apps to access com.apple.remote-input-limiting mach service
     65(when tv?
    4366    (allow mach-lookup
    44         (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
    45         (global-name-regex #"^com\.apple\.uikit\.viewservice\..+")))
    46 
    47 ;;;
    48 ;;; Declare that the process serves UI that can be remotely-hosted by another process.
    49 ;;;
    50 (define-once (remote-view-service)
    51     ;; RemoteViewServices need to lookup their own accessility service in order to send
    52     ;; the mach port to the hosting app.
     67        (global-name "com.apple.remote-input-limiting")
     68        (global-name "com.apple.remote-text-editing")
     69        (global-name "com.apple.remote-text-editing-legacy")
     70        (global-name "com.apple.sharing.remote-text-editing")))
     71
     72;; TextInput framework
     73(allow mach-lookup
     74    (global-name "com.apple.TextInput")
     75    (global-name "com.apple.TextInput.emoji")
     76    (global-name "com.apple.TextInput.image-cache-server")
     77    (global-name "com.apple.TextInput.lexicon-server")
     78    (global-name "com.apple.TextInput.rdt")
     79    (global-name "com.apple.TextInput.shortcuts"))
     80(mobile-preferences-read "com.apple.da")
     81
     82;; Various Accessibility services.
     83(allow mach-lookup
     84    (xpc-service-name "com.apple.accessibility.AccessibilityUIServer"))
     85
     86;; Guided Access support (<rdar://problem/11683460>).
     87(allow mach-lookup
     88    (global-name "com.apple.accessibility.gax.backboard"))
     89(allow mach-register
     90    (local-name "com.apple.accessibility.gax.client"))
     91
     92;; AssistiveTouch
     93;; <rdar://problem/11800071> sandbox error for remote message services when AssistiveTouch is running
     94(allow mach-lookup
     95    (global-name "UIASTNotificationCenter"))
     96
     97;; ZoomTouch
     98;; <rdar://problem/11823957>
     99(allow mach-lookup
     100    (global-name "com.apple.accessibility.AXBackBoardServer"))
     101
     102;; Speak Selection & VoiceOver
     103;; <rdar://problem/12030530> AX: Sandbox violation with changing Language while VO is on
     104;; and <rdar://problem/13071747>
     105(mobile-preferences-read
     106    "com.apple.SpeakSelection"
     107    "com.apple.VoiceOverTouch"
     108    "com.apple.voiceservices")
     109(allow mach-lookup
     110    (global-name "com.apple.audio.AudioComponentPrefs")
     111    (global-name "com.apple.audio.AudioComponentRegistrar")
     112    (global-name "com.apple.audio.AudioQueueServer")
     113    (global-name "com.apple.voiceservices.keepalive")
     114    (global-name "com.apple.voiceservices.tts"))
     115(allow mach-register
     116    (local-name "com.apple.iphone.axserver"))
     117;; <rdar://problem/14555119> Access to high quality speech voices
     118(allow file-read*
     119    (home-subpath "/Library/VoiceServices/Assets")
     120    (home-subpath "/Library/Assets/com_apple_MobileAsset_VoiceServicesVocalizerVoice"))
     121
     122;; HearingAidSupport
     123(allow mach-lookup
     124    (xpc-service-name "com.apple.accessibility.heard"))
     125
     126;; MediaAccessibility (captions)
     127;; <rdar://problem/12801477>
     128(mobile-preferences-read "com.apple.mediaaccessibility")
     129(allow mach-lookup (global-name "com.apple.accessibility.mediaaccessibilityd"))
     130
     131;; Permit reading assets via MobileAsset framework.
     132(asset-access 'with-media-playback)
     133
     134;; allow 3rd party applications to access nsurlstoraged's top level domain data cache
     135(allow-well-known-system-group-container-literal-read
     136    "/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
     137
     138;; AirPlay
     139(allow mach-lookup
     140    (global-name "com.apple.airplaydiagnostics.server"))
     141
     142;; Access the keyboards
     143(allow file-read*
     144    (home-subpath "/Library/Caches/com.apple.keyboards"))
     145
     146;; NSExtension helper for supplying information not provided by PlugInKit
     147(allow mach-lookup
     148    (xpc-service-name "com.apple.uifoundation-bundle-helper"))
     149
     150;; <rdar://problem/19525887>
     151(allow mach-lookup (xpc-service-name-regex #"\.apple-extension-service$"))
     152;; <rdar://problem/31252371>
     153(allow mach-lookup (xpc-service-name-regex #"\.viewservice$"))
     154
     155;; DataDetectors -> CallKit so user can place calls by tapping on phone numbers.
     156(allow mach-lookup
     157    (global-name "com.apple.callkit.callcontrollerhost"))
     158
     159;; DataDetectors; update CoreRecents with recently-detected addresses, etc.
     160(allow mach-lookup
     161    (xpc-service-name "com.apple.datadetectors.AddToRecentsService"))
     162
     163;; <rdar://problem/19460486>
     164(nano-preferences-read ".GlobalPreferences")
     165
     166(mobile-preferences-read
     167    ; To determine whether the dictation opt-in alert should be suppressed.
     168    "com.apple.assistant.backedup"
     169    ; Keyboard Dictation reads the list of supported languages from com.apple.assistant.support.plist.
     170    ; And Dictation checks whether Assistant is enabled by reading the same plist.
     171    ; <rdar://problem/9883999> com.apple.assistant.support preference domain needs to be unsandboxed
     172    "com.apple.assistant.support"
     173    "com.apple.EmojiPreferences"
     174    ; For CarPlay screen aspect ratio (rdar://problem/20062770).
     175    "com.apple.iapd"
     176    ; <rdar://problem/8477596> com.apple.InputModePreferences
     177    "com.apple.InputModePreferences"
     178    ; <rdar://problem/8206632> Weather(1038) deny file-read-data ~/Library/Preferences/com.apple.keyboard.plist
     179    "com.apple.keyboard"
     180    ; <rdar://problem/25130834> Spotlight suggestions in Lookup preference should be readable by any process
     181    "com.apple.lookup.shared"
     182    ; <rdar://problem/9384085>
     183    "com.apple.Preferences")
     184
     185;; <rdar://problem/12985925> Need read access to /var/mobile/Library/Fonts to all apps
     186(allow file-read*
     187    (home-subpath "/Library/Fonts"))
     188
     189;; <rdar://problem/23803332>, <rdar://problem/9457549>, <rdar://problem/13237899>
     190(allow mach-lookup
     191    (global-name "com.apple.assistant.analytics")
     192    (global-name "com.apple.assistant.dictation")
     193    (global-name "com.apple.dictationd.recognition"))
     194
     195;; For copy-and-paste.
     196(allow mach-lookup
     197    (global-name "com.apple.UIKit.pasteboardd")
     198    (global-name "com.apple.pasteboard.pasted"))
     199
     200;; <rdar://problem/7344719&26323449> LaunchServices app icons
     201(allow file-read*
     202    (well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
     203(allow mach-lookup
     204    (xpc-service-name "com.apple.lsdiconservice"))
     205
     206;; Common mach services needed by UIKit.
     207(allow mach-lookup
     208    (global-name "com.apple.CARenderServer")
     209    (global-name "com.apple.KeyboardServices.TextReplacementService")
     210    (global-name "com.apple.UIKit.statusbarserver")
     211    (global-name "com.apple.uikit.GestureServer")
     212    (global-name "com.apple.assertiond.applicationstateconnection")
     213    (global-name "com.apple.assertiond.expiration")
     214    (global-name "com.apple.assertiond.processinfoservice")
     215    (global-name "com.apple.audio.hapticd")
     216    (global-name "com.apple.audio.SystemSoundServer-iOS")
     217    (global-name "com.apple.backboard.TouchDeliveryPolicyServer")
     218    (global-name "com.apple.backboard.animation-fence-arbiter")
     219    (global-name "com.apple.backboard.display.services")
     220    (global-name "com.apple.backboard.hid.focus")
     221    (global-name "com.apple.backboard.hid.services")
     222    (global-name "com.apple.iohideventsystem")
     223    (global-name "com.apple.iphone.axserver-systemwide")
     224    (global-name "com.apple.frontboard.workspace")
     225    (global-name "com.apple.frontboard.systemappservices")
     226    (global-name "com.apple.progressd"))
     227
     228(pasteboard-client)
     229(springboard-services)
     230
     231(when gizmo?
     232    (mobile-preferences-read "com.apple.nano")
    53233    (allow mach-lookup
    54         (local-name "com.apple.iphone.axserver"))
    55     ;; RemoteViewServices need to lookup the bundle identifier of the application hosting
    56     ;; their views (see <rdar://problem/11780984>).
    57     (allow mach-lookup
    58         (global-name "com.apple.springboard.backgroundappservices")))
    59 
    60 (define (uikit-app . rest)
    61     ;;; <rdar://problem/29959382> Allow UIKit apps access to com.apple.TextInput.preferences mach service
    62     (allow mach-lookup
    63         (global-name "com.apple.TextInput.preferences"))
    64 
    65     (allow mach-lookup
    66         (xpc-service-name "com.apple.siri.context.service"))
    67 
    68     ;; Any UI could be remote-hosted.
    69     (remote-view-client)
    70 
    71     ;; Any app could use ubiquity.
    72     (ubiquity-client)
    73 
    74     ;; Any app can play audio & movies.
    75     (play-audio)
    76     (play-media)
    77 
    78     ;; Any app can use ProgressKit
    79     (progresskit-client)
    80 
    81     (url-translation)
    82 
    83     ;; For <rdar://problem/20812377> All applications need to be able to access the com.apple.UIKit.KeyboardManagement running in backboardd
    84     ;; renamed in <rdar://problem/20909914> Rename com.apple.UIKit.KeyboardManagement
    85     (allow mach-lookup
    86         (global-name "com.apple.UIKit.KeyboardManagement")
    87         (global-name "com.apple.UIKit.KeyboardManagement.hosted"))
    88 
    89     ;; For <rdar://problem/23469318> Allow UIKit-based apps to access com.apple.remote-text-editing mach service
    90     ;; and <rdar://problem/23579008> REM: Allow UIKit-based apps to access com.apple.remote-input-limiting mach service
    91     (when tv?
    92         (allow mach-lookup
    93             (global-name "com.apple.remote-input-limiting")
    94             (global-name "com.apple.remote-text-editing")
    95             (global-name "com.apple.remote-text-editing-legacy")
    96             (global-name "com.apple.sharing.remote-text-editing")))
    97 
    98     ;; For ApplicationScripting
    99     ;; <rdar://problem/12778546> ASProcessScriptEvent fails to obtain port for event return
    100     (allow mach-lookup
    101         (global-name "ScripterServer"))
    102 
    103     ;; TextInput framework
    104     (allow mach-lookup
    105         (global-name "com.apple.TextInput")
    106         (global-name "com.apple.TextInput.emoji")
    107         (global-name "com.apple.TextInput.image-cache-server")
    108         (global-name "com.apple.TextInput.lexicon-server")
    109         (global-name "com.apple.TextInput.rdt")
    110         (global-name "com.apple.TextInput.shortcuts"))
    111     (mobile-preferences-read "com.apple.da")
    112 
    113     ;; Various Accessibility services.
    114     (allow mach-lookup
    115         (xpc-service-name "com.apple.accessibility.AccessibilityUIServer"))
    116 
    117     ;; Guided Access support (<rdar://problem/11683460>).
    118     (allow mach-lookup
    119         (global-name "com.apple.accessibility.gax.backboard"))
    120     (allow mach-register
    121         (local-name "com.apple.accessibility.gax.client"))
    122 
    123     ;; AssistiveTouch
    124     ;; <rdar://problem/11800071> sandbox error for remote message services when AssistiveTouch is running
    125     (allow mach-lookup
    126         (global-name "UIASTNotificationCenter"))
    127 
    128     ;; ZoomTouch
    129     ;; <rdar://problem/11823957>
    130     (allow mach-lookup
    131         (global-name "com.apple.accessibility.AXBackBoardServer"))
    132 
    133     ;; Speak Selection & VoiceOver
    134     ;; <rdar://problem/12030530> AX: Sandbox violation with changing Language while VO is on
    135     ;; and <rdar://problem/13071747>
    136     (mobile-preferences-read
    137         "com.apple.SpeakSelection"
    138         "com.apple.VoiceOverTouch"
    139         "com.apple.voiceservices")
    140     (allow mach-lookup
    141         (global-name "com.apple.audio.AudioComponentPrefs")
    142         (global-name "com.apple.audio.AudioComponentRegistrar")
    143         (global-name "com.apple.audio.AudioQueueServer")
    144         (global-name "com.apple.voiceservices.keepalive")
    145         (global-name "com.apple.voiceservices.tts"))
    146     (allow mach-register
    147         (local-name "com.apple.iphone.axserver"))
    148     ;; <rdar://problem/14555119> Access to high quality speech voices
    149     (allow file-read*
    150         (home-subpath "/Library/VoiceServices/Assets")
    151         (home-subpath "/Library/Assets/com_apple_MobileAsset_VoiceServicesVocalizerVoice"))
    152 
    153     ;; HearingAidSupport
    154     (allow mach-lookup
    155         (xpc-service-name "com.apple.accessibility.heard"))
    156 
    157     ;; MediaAccessibility (captions)
    158     ;; <rdar://problem/12801477>
    159     (mobile-preferences-read "com.apple.mediaaccessibility")
    160         (allow mach-lookup (global-name "com.apple.accessibility.mediaaccessibilityd"))
    161 
    162     ;; MobileAssistantFramework's AFContextManager
    163     ;; <rdar://problem/13742083> & <rdar://problem/13717391> & <rdar://problem/13811297>
    164     (allow mach-register mach-lookup
    165         (local-name-regex #"^com\.apple\.assistant\.contextprovider\."))
    166 
    167     ;; Permit reading assets via MobileAsset framework.
    168     (asset-access 'with-media-playback)
    169 
    170     ;; Permit access to on-demand resources.
    171     (allow mach-lookup
    172         (global-name "com.apple.ondemandd.client"))
    173     (with-filter
    174         (require-all
    175             (require-any
    176                 (home-subpath "/Library/OnDemandResources/AssetPacks")
    177                 (well-known-system-group-container-subpath "/systemgroup.com.apple.ondemandresources/Library/AssetPacks"))
    178             (extension "com.apple.odr-assets"))
    179         (allow file-read*)
    180         (allow file-issue-extension
    181             (extension-class "com.apple.app-sandbox.read" "com.apple.mediaserverd.read")))
    182 
    183     ;; allow 3rd party applications to access nsurlstoraged's top level domain data cache
    184     (allow-well-known-system-group-container-literal-read
    185         "/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
    186 
    187     ;; allow replayd to extend read access to its data
    188     (allow file-read*
    189         (require-all
    190             (extension "com.apple.replayd.read-only")
    191             (home-subpath "/Library/ReplayKit")))
    192 
    193     ;; AirPlay
    194     (allow mach-lookup
    195         (global-name "com.apple.airplaydiagnostics.server"))
    196 
    197     ;; Access the keyboards
    198     (allow file-read*
    199         (home-subpath "/Library/Caches/com.apple.keyboards"))
    200 
    201     ;; NSExtension helper for supplying information not provided by PlugInKit
    202     (allow mach-lookup
    203         (xpc-service-name "com.apple.uifoundation-bundle-helper"))
    204 
    205     ;; <rdar://problem/19525887>
    206     (allow mach-lookup (xpc-service-name-regex #"\.apple-extension-service$"))
    207     ;; <rdar://problem/31252371>
    208     (allow mach-lookup (xpc-service-name-regex #"\.viewservice$"))
    209 
    210     ;; DataDetectors -> CallKit so user can place calls by tapping on phone numbers.
    211     (allow mach-lookup
    212         (global-name "com.apple.callkit.callcontrollerhost"))
    213 
    214     ;; DataDetectors; update CoreRecents with recently-detected addresses, etc.
    215     (allow mach-lookup
    216         (xpc-service-name "com.apple.datadetectors.AddToRecentsService"))
    217 
    218     ;; Accessoryd
    219     (allow mach-lookup
    220         (global-name "com.apple.accessories.externalaccessory-server"))
    221 
    222     ;; Power logging
    223     (allow mach-lookup
    224         (global-name "com.apple.powerlog.plxpclogger.xpc"))
    225 
    226     ;; <rdar://problem/19460486>
    227     (nano-preferences-read ".GlobalPreferences")
    228 
    229     (mobile-preferences-read
    230         ; To determine whether the dictation opt-in alert should be suppressed.
    231         "com.apple.assistant.backedup"
    232         ; Keyboard Dictation reads the list of supported languages from com.apple.assistant.support.plist.
    233         ; And Dictation checks whether Assistant is enabled by reading the same plist.
    234         ; <rdar://problem/9883999> com.apple.assistant.support preference domain needs to be unsandboxed
    235         "com.apple.assistant.support"
    236         "com.apple.EmojiPreferences"
    237         ; For CarPlay screen aspect ratio (rdar://problem/20062770).
    238         "com.apple.iapd"
    239         ; <rdar://problem/8477596> com.apple.InputModePreferences
    240         "com.apple.InputModePreferences"
    241         ; <rdar://problem/8206632> Weather(1038) deny file-read-data ~/Library/Preferences/com.apple.keyboard.plist
    242         "com.apple.keyboard"
    243         ; <rdar://problem/25130834> Spotlight suggestions in Lookup preference should be readable by any process
    244         "com.apple.lookup.shared"
    245         ; <rdar://problem/9384085>
    246         "com.apple.Preferences")
    247 
    248     ;; <rdar://problem/12985925> Need read access to /var/mobile/Library/Fonts to all apps
    249     (allow file-read*
    250         (home-subpath "/Library/Fonts"))
    251 
    252     ;; <rdar://problem/23803332>, <rdar://problem/9457549>, <rdar://problem/13237899>
    253     (allow mach-lookup
    254         (global-name "com.apple.assistant.analytics")
    255         (global-name "com.apple.assistant.dictation")
    256         (global-name "com.apple.dictationd.recognition"))
    257 
    258     ;; For copy-and-paste.
    259     (allow mach-lookup
    260         (global-name "com.apple.UIKit.pasteboardd")
    261         (global-name "com.apple.pasteboard.pasted"))
    262 
    263     ;; <rdar://problem/9749387>
    264     (allow file-read*
    265         (literal "/private/var/preferences/SystemConfiguration/com.apple.accounts.exists.plist"))
    266 
    267     ;; For Social.framework
    268     ;; <rdar://problem/13239172>
    269     (allow file-read*
    270         (literal "/private/var/preferences/SystemConfiguration/com.apple.sinaweibo.plist")
    271         (literal "/private/var/preferences/SystemConfiguration/com.apple.twitter.plist")
    272         (literal "/private/var/preferences/SystemConfiguration/com.apple.facebook.plist")
    273         (literal "/private/var/preferences/SystemConfiguration/com.apple.linkedin.plist"))
    274 
    275     ;; <rdar://problem/7344719&26323449> LaunchServices app icons
    276     (allow file-read*
    277         (well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
    278     (allow mach-lookup
    279         (xpc-service-name "com.apple.lsdiconservice"))
    280 
    281     ;; <rdar://problem/14184130> SpringBoard needs read/write to statusbar cache folder - all apps need read
    282     (allow file-read*
    283         (home-subpath "/Library/Caches/com.apple.UIStatusBar"))
    284 
    285     ;; <rdar://problem/22346174> Allow read-only access from the container profile to ~/Library/TVWallpaper
    286     (when tv?
    287         (allow file-read*
    288         (home-subpath "/Library/TVWallpaper")))
    289 
    290     ;; Common mach services needed by UIKit.
    291     (allow mach-lookup
    292         (global-name "com.apple.CARenderServer")
    293         (global-name "com.apple.KeyboardServices.TextReplacementService")
    294         (global-name "com.apple.UIKit.statusbarserver")
    295         (global-name "com.apple.uikit.GestureServer")
    296         (global-name "com.apple.assertiond.applicationstateconnection")
    297         (global-name "com.apple.assertiond.expiration")
    298         (global-name "com.apple.assertiond.processinfoservice")
    299         (global-name "com.apple.audio.hapticd")
    300         (global-name "com.apple.audio.SystemSoundServer-iOS")
    301         (global-name "com.apple.backboard.TouchDeliveryPolicyServer")
    302         (global-name "com.apple.backboard.animation-fence-arbiter")
    303         (global-name "com.apple.backboard.display.services")
    304         (global-name "com.apple.backboard.hid.focus")
    305         (global-name "com.apple.backboard.hid.services")
    306         (global-name "com.apple.iohideventsystem")
    307         (global-name "com.apple.iphone.axserver-systemwide")
    308         (global-name "com.apple.frontboard.workspace")
    309         (global-name "com.apple.frontboard.systemappservices")
    310         (global-name "com.apple.progressd"))
    311 
    312     (pasteboard-client)
    313     (springboard-services)
    314 
    315     (when gizmo?
    316         (mobile-preferences-read "com.apple.nano")
    317         (allow mach-lookup
    318             (global-name "com.apple.appaudiod")
    319             (global-name "com.apple.Carousel.ButtonTapAssertion")
    320             (global-name "com.apple.Carousel.CSLSBackgroundTaskRequestService")
    321             (global-name "com.apple.Carousel.CSLSDockStatusService")
    322             (global-name "com.apple.Carousel.activatingUIAssertion")
    323             (global-name "com.apple.Carousel.alertSuppression")
    324             (global-name "com.apple.Carousel.appOnWake")
    325             (global-name "com.apple.Carousel.suspendSystemGestureAssertion")
    326             (global-name "com.apple.carousel.backlightxpc")
    327             (global-name "com.apple.carousel.brightnesscalculator")
    328             (global-name "com.apple.carousel.connectionstatusservice")
    329             (global-name "com.apple.Carousel.contextuallock")
    330             (global-name "com.apple.carousel.fetchschedulingservice")
    331             (global-name "com.apple.carousel.snapshotservice")
    332             (global-name "com.apple.carousel.uiscalingservice")
    333             (global-name "com.apple.carousel.unblankingsynchronization")
    334             (global-name "com.apple.pepperuicore.statusbaritemserver")))
    335 
    336     ;; AirDrop from the activity sheet.
    337     ;; <rdar://problem/12715391>, <rdar://problem/12847034>, <rdar://problem/16400661>
    338     (allow mach-lookup
    339         (global-name "com.apple.sharingd")
    340         (global-name "com.apple.sharingd.nsxpc")
    341         (with report)
    342         (with message "This rule is being removed in rdar://15713112 -- please report this violation to Sandbox_profiles | all"))
    343     (allow-preferences-common)
    344     (allow user-preference-read
    345         (preference-domain "com.apple.Sharing")
    346         (with report)
    347         (with message "This rule is being removed in rdar://15713112 -- please report this violation to Sandbox_profiles | all"))
    348 
    349     ;; <rdar://problem/30874167> Create a new CacheDelete mach service to allow for public API for purgeable space requests
    350     (allow mach-lookup
    351         (global-name "com.apple.cache_delete.public"))
    352 
    353     ;; MIDI
    354     (allow ipc-posix-shm-read* ipc-posix-shm-write-data
    355         (ipc-posix-name-regex #"^Apple MIDI (in|out) [0-9]+$"))
    356 
    357     ;; CoreMotion
    358     (mobile-preferences-read "com.apple.CoreMotion")
    359 
    360     ;; CoreMotion’s deviceMotion API
    361     (with-filter
    362         (require-any
    363             (iokit-registry-entry-class "AppleOscarNub")
    364             (iokit-registry-entry-class "AppleSPUHIDInterface"))
    365         (allow iokit-get-properties
    366             (iokit-property "gyro-interrupt-calibration")))
    367     (with-filter (iokit-registry-entry-class "IOHIDEventServiceFastPathUserClient")
    368     (allow iokit-open)
    369     (allow iokit-get-properties iokit-set-properties
    370         (iokit-property "interval"
    371                         "mode"
    372                         "QueueSize"
    373                         "useMag"))
     234        (global-name "com.apple.appaudiod")
     235        (global-name "com.apple.Carousel.ButtonTapAssertion")
     236        (global-name "com.apple.Carousel.CSLSBackgroundTaskRequestService")
     237        (global-name "com.apple.Carousel.CSLSDockStatusService")
     238        (global-name "com.apple.Carousel.activatingUIAssertion")
     239        (global-name "com.apple.Carousel.alertSuppression")
     240        (global-name "com.apple.Carousel.appOnWake")
     241        (global-name "com.apple.Carousel.suspendSystemGestureAssertion")
     242        (global-name "com.apple.carousel.backlightxpc")
     243        (global-name "com.apple.carousel.brightnesscalculator")
     244        (global-name "com.apple.carousel.connectionstatusservice")
     245        (global-name "com.apple.Carousel.contextuallock")
     246        (global-name "com.apple.carousel.fetchschedulingservice")
     247        (global-name "com.apple.carousel.snapshotservice")
     248        (global-name "com.apple.carousel.uiscalingservice")
     249        (global-name "com.apple.carousel.unblankingsynchronization")
     250        (global-name "com.apple.pepperuicore.statusbaritemserver")))
     251
     252;; AirDrop from the activity sheet.
     253;; <rdar://problem/12715391>, <rdar://problem/12847034>, <rdar://problem/16400661>
     254(allow mach-lookup
     255    (global-name "com.apple.sharingd")
     256    (global-name "com.apple.sharingd.nsxpc")
     257    (with report)
     258    (with message "This rule is being removed in rdar://15713112 -- please report this violation to Sandbox_profiles | all"))
     259(allow-preferences-common)
     260(allow user-preference-read
     261    (preference-domain "com.apple.Sharing")
     262    (with report)
     263    (with message "This rule is being removed in rdar://15713112 -- please report this violation to Sandbox_profiles | all"))
     264
     265;; CoreMotion
     266(mobile-preferences-read "com.apple.CoreMotion")
     267
     268;; CoreMotion’s deviceMotion API
     269(with-filter
     270    (require-any
     271        (iokit-registry-entry-class "AppleOscarNub")
     272        (iokit-registry-entry-class "AppleSPUHIDInterface"))
    374273    (allow iokit-get-properties
    375     (iokit-property "client")))
    376 
    377     ;; Common preferences read by UIKit.
    378     (mobile-preferences-read "com.apple.Accessibility"
    379         "com.apple.UIKit"
    380         "com.apple.WebUI"
    381         "com.apple.airplay"
    382         "com.apple.avkit"
    383         "com.apple.coreanimation"
    384         "com.apple.mt"
    385         "com.apple.preferences.sounds"
    386         "com.apple.telephonyutilities.dialassist")
    387 
    388     ;; Silence sandbox violations from apps trying to create the empty plist if it doesn't exist.
    389     ;; <rdar://problem/13796537>
    390     (deny file-write-create
    391         (home-prefix "/Library/Preferences/com.apple.UIKit.plist")
    392         (with no-report))
    393 
    394     ;; <rdar://problem/10809394>
    395     (deny file-write-create
    396         (home-prefix "/Library/Preferences/com.apple.Accessibility.plist")
    397         (with no-report))
    398 
    399     ;; <rdar://problem/9404009>
    400     (mobile-preferences-read "kCFPreferencesAnyApplication")
    401 
    402     ;; <rdar://problem/10266866>
    403     (marco-logging-client)
    404 
    405     ;; <rdar://problem/12250145>
    406     (mobile-preferences-read "com.apple.mediaaccessibility")
    407 
    408     ; Dictionary Services used by UITextFields.
    409     ; <rdar://problem/9386926>
    410     (allow-create-directory
    411         (home-literal "/Library/Caches/com.apple.DictionaryServices"))
    412 
    413     ; <rdar://problem/11204655>
    414     (mobile-preferences-read "com.apple.MapKit.internal")
    415 
    416     ;; Required to detect whether Airplane mode is enabled.
    417     (allow file-read*
    418         (literal "/private/var/preferences/SystemConfiguration/com.apple.radios.plist"))
    419 
    420     (when (memq 'with-printing rest)
    421         (allow file-read-metadata network-outbound
    422             (literal "/private/var/run/printd"))
    423         (allow mach-lookup
    424             (xpc-service-name "com.apple.PrintKit.PrinterTool")))
    425 
    426     ; <rdar://problem/9007191> , <rdar://problem/9244785>
    427     (when (memq 'with-gamekit-data rest)
    428         (allow file-read*
    429             (home-regex "/Library/GameKit/Data/[^/]+\.gcdata$"))
    430         (allow file-read-metadata
    431             (home-literal "/Library/GameKit/Data")))
    432 
    433     ; rfc3484 -- from common.sb
    434     (unless (memq 'without-network rest)
    435         (allow-network-common))
    436 
    437     ; <rdar://problem/8548856> Sub-TLF: Sandbox change for apps for read-only access to the dictionary directory/data
    438     (allow file-read*
    439         ; XXX - /Library ought to be allowed in all UI profiles but isn't (CF, MobileSafari)
    440         (subpath "/Library/Dictionaries")
    441         (home-subpath "/Library/Dictionaries"))
    442 
    443     ; <rdar://problem/8440231>
    444     (allow file-read*
    445         (home-literal "/Library/Caches/DateFormats.plist"))
    446     ; Silently deny writes when CFData attempts to write to the cache directory.
    447     (deny file-write*
    448         (home-literal "/Library/Caches/DateFormats.plist")
    449         (with no-log))
    450 
    451     ; UIKit-required IOKit nodes.
    452     (allow iokit-open
    453         (iokit-user-client-class "AppleJPEGDriverUserClient")
    454         (iokit-user-client-class "IOSurfaceAcceleratorClient")
    455         (iokit-user-client-class "IOSurfaceSendRight")
    456         ;; Requires by UIView -> UITextMagnifierRenderer -> UIWindow
    457         (iokit-user-client-class "IOSurfaceRootUserClient"))
    458 
    459     ;; <rdar://problem/12675621>
    460     (allow iokit-open
    461         (iokit-user-client-class "IOHIDLibUserClient"))
    462 
    463     (framebuffer-access)
    464 
    465     ;; <rdar://problem/7822790>
    466     (mobile-keybag-access)
    467 
    468     ; <rdar://problem/7595408> , <rdar://problem/7643881>
    469     (if (memq 'with-opengl rest)
    470         (opengl))
    471 
    472     (if (memq 'with-geoservices rest)
    473         (geoservices))
    474 
    475     (if (memq 'with-location-services rest)
    476         (location-services))
    477 
    478     ; <rdar://problem/8181749> Allow access to iTunes database files in container.sb
    479     (if (memq 'with-itunes-db rest)
    480         (itunes-db-read))
    481 
    482     (if (memq 'with-push-notifications rest)
    483         (push-notifications))
    484 
    485     (if (memq 'with-in-app-purchases rest)
    486         (in-app-purchases))
    487 
    488     ; CRCopyRestrictionsDictionary periodically tries to CFPreferencesAppSynchronize com.apple.springboard.plist
    489     ; which will attempt to create the plist if it doesn't exist -- from any application.  Only SpringBoard is
    490     ; allowed to write its plist; ignore all others, they don't know what they are doing.
    491     ; See <rdar://problem/9375027> for sample backtraces.
    492     (deny file-write*
    493         (home-prefix "/Library/Preferences/com.apple.springboard.plist")
    494         (with no-log))
    495 
    496     ;; For <rdar://problem/29428318> Allow DragUI mach service lookups for all UIKit apps
    497     (allow mach-lookup
    498         (global-name "com.apple.DragUI.druid.destination")
    499         (global-name "com.apple.DragUI.druid.source"))
    500 
    501     ;; <rdar://problem/30544378> Allow global lookup of com.apple.contactsd
    502     (allow mach-lookup
    503         (global-name "com.apple.contactsd"))
    504 
    505     ;; <rdar://problem/31571441> need AX Drag-and-drop mach services added to default sandbox profile
    506     (allow mach-lookup
    507         (global-name "com.apple.VoiceOverTouch.drag.xpc")
    508         (global-name "com.apple.assistivetouchd.drag.xpc"))
    509 
    510     ;; <rdar://problem/34092690>
    511     (allow mach-lookup
    512         (xpc-service-name "com.apple.avkit.SharedPreferences"))
    513 
    514     ;; <rdar://problem/34437589>
    515     (allow mach-lookup
    516         (global-name "com.apple.ap.adtrackingd.attribution"))
    517 
    518     ;; <rdar://problem/34986314> Sandbox Profiles changes for indigo pref
    519     (mobile-preferences-read "com.apple.indigo")
    520 
    521     ;; <rdar://problem/35417382>, <rdar://problem/35518557>
    522     (allow mach-lookup
    523         (global-name "com.apple.corespotlightservice"))
    524 
    525     ;; <rdar://problem/35446577>
    526     (allow mach-lookup
    527         (global-name "com.apple.coremedia.endpointplaybacksession.xpc"))
    528 
    529     ;; For the (define... nesting.
    530     )
     274        (iokit-property "gyro-interrupt-calibration")))
     275(with-filter (iokit-registry-entry-class "IOHIDEventServiceFastPathUserClient")
     276(allow iokit-open)
     277(allow iokit-get-properties iokit-set-properties
     278    (iokit-property "interval"
     279                    "mode"
     280                    "QueueSize"
     281                    "useMag"))
     282(allow iokit-get-properties
     283(iokit-property "client")))
     284
     285;; Common preferences read by UIKit.
     286(mobile-preferences-read "com.apple.Accessibility"
     287    "com.apple.UIKit"
     288    "com.apple.WebUI"
     289    "com.apple.airplay"
     290    "com.apple.avkit"
     291    "com.apple.coreanimation"
     292    "com.apple.mt"
     293    "com.apple.preferences.sounds"
     294    "com.apple.telephonyutilities.dialassist")
     295
     296;; Silence sandbox violations from apps trying to create the empty plist if it doesn't exist.
     297;; <rdar://problem/13796537>
     298(deny file-write-create
     299    (home-prefix "/Library/Preferences/com.apple.UIKit.plist")
     300    (with no-report))
     301
     302;; <rdar://problem/10809394>
     303(deny file-write-create
     304    (home-prefix "/Library/Preferences/com.apple.Accessibility.plist")
     305    (with no-report))
     306
     307;; <rdar://problem/9404009>
     308(mobile-preferences-read "kCFPreferencesAnyApplication")
     309
     310;; <rdar://problem/10266866>
     311(marco-logging-client)
     312
     313;; <rdar://problem/12250145>
     314(mobile-preferences-read "com.apple.mediaaccessibility")
     315
     316; Dictionary Services used by UITextFields.
     317; <rdar://problem/9386926>
     318(allow-create-directory
     319    (home-literal "/Library/Caches/com.apple.DictionaryServices"))
     320
     321(allow-network-common))
     322
     323; <rdar://problem/8548856> Sub-TLF: Sandbox change for apps for read-only access to the dictionary directory/data
     324(allow file-read*
     325    ; XXX - /Library ought to be allowed in all UI profiles but isn't (CF, MobileSafari)
     326    (subpath "/Library/Dictionaries")
     327    (home-subpath "/Library/Dictionaries"))
     328
     329; <rdar://problem/8440231>
     330(allow file-read*
     331    (home-literal "/Library/Caches/DateFormats.plist"))
     332; Silently deny writes when CFData attempts to write to the cache directory.
     333(deny file-write*
     334    (home-literal "/Library/Caches/DateFormats.plist")
     335    (with no-log))
     336
     337; UIKit-required IOKit nodes.
     338(allow iokit-open
     339    (iokit-user-client-class "AppleJPEGDriverUserClient")
     340    (iokit-user-client-class "IOSurfaceAcceleratorClient")
     341    (iokit-user-client-class "IOSurfaceSendRight")
     342    ;; Requires by UIView -> UITextMagnifierRenderer -> UIWindow
     343    (iokit-user-client-class "IOSurfaceRootUserClient"))
     344
     345;; <rdar://problem/12675621>
     346(allow iokit-open
     347    (iokit-user-client-class "IOHIDLibUserClient"))
     348
     349(framebuffer-access)
     350
     351;; <rdar://problem/7822790>
     352(mobile-keybag-access)
     353
     354; <rdar://problem/7595408> , <rdar://problem/7643881>
     355(opengl)
     356
     357(location-services)
     358
     359; CRCopyRestrictionsDictionary periodically tries to CFPreferencesAppSynchronize com.apple.springboard.plist
     360; which will attempt to create the plist if it doesn't exist -- from any application.  Only SpringBoard is
     361; allowed to write its plist; ignore all others, they don't know what they are doing.
     362; See <rdar://problem/9375027> for sample backtraces.
     363(deny file-write*
     364    (home-prefix "/Library/Preferences/com.apple.springboard.plist")
     365    (with no-log))
     366
     367;; For <rdar://problem/29428318> Allow DragUI mach service lookups for all UIKit apps
     368(allow mach-lookup
     369    (global-name "com.apple.DragUI.druid.destination")
     370    (global-name "com.apple.DragUI.druid.source"))
     371
     372;; <rdar://problem/30544378> Allow global lookup of com.apple.contactsd
     373(allow mach-lookup
     374    (global-name "com.apple.contactsd"))
     375
     376;; <rdar://problem/31571441> need AX Drag-and-drop mach services added to default sandbox profile
     377(allow mach-lookup
     378    (global-name "com.apple.VoiceOverTouch.drag.xpc")
     379    (global-name "com.apple.assistivetouchd.drag.xpc"))
     380
     381;; <rdar://problem/34092690>
     382(allow mach-lookup
     383    (xpc-service-name "com.apple.avkit.SharedPreferences"))
     384
     385;; <rdar://problem/34986314>
     386(mobile-preferences-read "com.apple.indigo")
     387
     388;; <rdar://problem/35417382>, <rdar://problem/35518557>
     389(allow mach-lookup
     390    (global-name "com.apple.corespotlightservice"))
     391
     392;; <rdar://problem/35446577>
     393(allow mach-lookup
     394    (global-name "com.apple.coremedia.endpointplaybacksession.xpc"))
    531395
    532396;;;
    533397;;; End UIKit-apps.sb content
    534398;;;
    535 
    536 (uikit-app 'with-opengl 'with-location-services)
    537399
    538400;; Access to media controls
Note: See TracChangeset for help on using the changeset viewer.