Changeset 85407 in webkit

Timestamp:

May 1, 2011 12:10:39 AM (13 years ago)

Author:

ike@apple.com

Message:

2011-04-30 Ivan Krstić <​ike@apple.com>

Reviewed by Sam Weinig.

Reindent WebProcess sandbox to standard scheme style
​https://bugs.webkit.org/show_bug.cgi?id=59870

• WebProcess/com.apple.WebProcess.sb:

Location:

trunk/Source/WebKit2

Files:

• ChangeLog (modified) (1 diff)
• WebProcess/com.apple.WebProcess.sb (modified) (5 diffs)

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2011-04-30  Ivan Krstić  <ike@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Reindent WebProcess sandbox to standard scheme style
+        https://bugs.webkit.org/show_bug.cgi?id=59870
+
+        * WebProcess/com.apple.WebProcess.sb:
+
 2011-04-28  Jer Noble  <jer.noble@apple.com>
 

trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb

@@ -11 +11 @@
 ;; Read-only preferences and data
 (allow file-read*
-    ;; Basic system paths
-    (subpath "/Library/Dictionaries")
-    (subpath "/Library/Fonts")
-    (subpath "/Library/Frameworks")
-    (subpath "/Library/Keychains")
-    (subpath "/private/var/db/mds")
-    (subpath "/private/var/db/DetachedSignatures")
-    (regex #"^/private/etc/(hosts|group|passwd)$")
+       ;; Basic system paths
+       (subpath "/Library/Dictionaries")
+       (subpath "/Library/Fonts")
+       (subpath "/Library/Frameworks")
+       (subpath "/Library/Keychains")
+       (subpath "/private/var/db/mds")
+       (subpath "/private/var/db/DetachedSignatures")
+       (regex #"^/private/etc/(hosts|group|passwd)$")
 
-    ;; Plugins
-    (subpath "/Library/Internet Plug-Ins")
-    (subpath (string-append (param "HOME_DIR") "/Library/Internet Plug-Ins"))
+       ;; Plugins
+       (subpath "/Library/Internet Plug-Ins")
+       (subpath (string-append (param "HOME_DIR") "/Library/Internet Plug-Ins"))
 
-    ;; System and user preferences
-    (literal "/Library/Preferences/.GlobalPreferences.plist")
-    (literal "/Library/Preferences/com.apple.crypto.plist")
-    (literal "/Library/Preferences/com.apple.security.plist")
-    (literal "/Library/Preferences/com.apple.security.common.plist")
-    (literal "/Library/Preferences/com.apple.security.revocation.plist")
-    (literal (string-append (param "HOME_DIR") "/Library/Preferences/.GlobalPreferences.plist"))
-    (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/\.GlobalPreferences\."))
-    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.ATS.plist"))
-    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.HIToolbox.plist"))
-    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.LaunchServices.plist"))
-    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.WebFoundation.plist"))
-    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.security.plist"))
-    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.security.revocation.plist"))
-    (literal (string-append (param "HOME_DIR") "/Library/Application Support/SyncServices/Local/ClientsWithChanges/com.apple.Keychain"))
-    (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/com\.apple\.driver\.(AppleBluetoothMultitouch\.mouse|AppleBluetoothMultitouch\.trackpad|AppleHIDMouse)\.plist$"))
+       ;; System and user preferences
+       (literal "/Library/Preferences/.GlobalPreferences.plist")
+       (literal "/Library/Preferences/com.apple.crypto.plist")
+       (literal "/Library/Preferences/com.apple.security.plist")
+       (literal "/Library/Preferences/com.apple.security.common.plist")
+       (literal "/Library/Preferences/com.apple.security.revocation.plist")
+       (literal (string-append (param "HOME_DIR") "/Library/Preferences/.GlobalPreferences.plist"))
+       (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/\.GlobalPreferences\."))
+       (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.ATS.plist"))
+       (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.HIToolbox.plist"))
+       (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.LaunchServices.plist"))
+       (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.WebFoundation.plist"))
+       (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.security.plist"))
+       (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.security.revocation.plist"))
+       (literal (string-append (param "HOME_DIR") "/Library/Application Support/SyncServices/Local/ClientsWithChanges/com.apple.Keychain"))
+       (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/com\.apple\.driver\.(AppleBluetoothMultitouch\.mouse|AppleBluetoothMultitouch\.trackpad|AppleHIDMouse)\.plist$"))
 
-    ;; On-disk WebKit2 framework location, to account for debug installations
-    ;; outside of /System/Library/Frameworks
-    (subpath (param "WEBKIT2_FRAMEWORK_DIR"))
+       ;; On-disk WebKit2 framework location, to account for debug installations
+       ;; outside of /System/Library/Frameworks
+       (subpath (param "WEBKIT2_FRAMEWORK_DIR"))
 
-    ;; FIXME: This should be removed when <rdar://problem/8957845> is fixed.
-    (subpath (string-append (param "HOME_DIR") "/Library/Fonts"))
+       ;; FIXME: This should be removed when <rdar://problem/8957845> is fixed.
+       (subpath (string-append (param "HOME_DIR") "/Library/Fonts"))
 
-    ;; FIXME: These should be removed when <rdar://problem/9217757> is fixed.
-    (subpath (string-append (param "HOME_DIR") "/Library/Audio/Plug-Ins/Components"))
-    (subpath (string-append (param "HOME_DIR") "/Library/Preferences/QuickTime Preferences"))
-    (literal (string-append (param "HOME_DIR") "/Library/Caches/com.apple.coreaudio.components.plist"))
-    (subpath "/Library/Audio/Plug-Ins/Components")
-    (subpath "/Library/Audio/Plug-Ins/HAL")
-    (subpath "/Library/Video/Plug-Ins")
-    (subpath "/Library/QuickTime")
+       ;; FIXME: These should be removed when <rdar://problem/9217757> is fixed.
+       (subpath (string-append (param "HOME_DIR") "/Library/Audio/Plug-Ins/Components"))
+       (subpath (string-append (param "HOME_DIR") "/Library/Preferences/QuickTime Preferences"))
+       (literal (string-append (param "HOME_DIR") "/Library/Caches/com.apple.coreaudio.components.plist"))
+       (subpath "/Library/Audio/Plug-Ins/Components")
+       (subpath "/Library/Audio/Plug-Ins/HAL")
+       (subpath "/Library/Video/Plug-Ins")
+       (subpath "/Library/QuickTime")
 
-    ;; FIXME: This should be removed when <rdar://problem/9237619> is fixed.
-    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.universalaccess.plist"))
+       ;; FIXME: This should be removed when <rdar://problem/9237619> is fixed.
+       (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.universalaccess.plist"))
 
-    ;; FIXME: This should be removed when <rdar://problem/9276253> is fixed.
-    (subpath (string-append (param "HOME_DIR") "/Library/Keyboard Layouts"))
+       ;; FIXME: This should be removed when <rdar://problem/9276253> is fixed.
+       (subpath (string-append (param "HOME_DIR") "/Library/Keyboard Layouts"))
 
-    ;; FIXME: This should be removed when <rdar://problem/9276268> is fixed.
-    (subpath (string-append (param "HOME_DIR") "/Library/Input Methods"))
+       ;; FIXME: This should be removed when <rdar://problem/9276268> is fixed.
+       (subpath (string-append (param "HOME_DIR") "/Library/Input Methods"))
 
-    ;; FIXME: This should be removed when <rdar://problem/9276430> is fixed.
-    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2"))
+       ;; FIXME: This should be removed when <rdar://problem/9276430> is fixed.
+       (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2"))
 
-    (subpath (string-append (param "HOME_DIR") "/Library/Dictionaries"))
-)
+       (subpath (string-append (param "HOME_DIR") "/Library/Dictionaries")))
 
 ;; This should be updated when <rdar://problem/9355830> is fixed.
@@ -82 +81 @@
 ;; Writable preferences and temporary files
 (allow file*
-    (subpath (string-append (param "HOME_DIR") "/Library/Caches/com.apple.WebProcess"))
-    (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/com\.apple\.HIToolbox\."))
-    (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/com\.apple\.WebProcess\."))
-    (subpath (string-append (param "HOME_DIR") "/Library/Keychains"))
-)
+       (subpath (string-append (param "HOME_DIR") "/Library/Caches/com.apple.WebProcess"))
+       (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/com\.apple\.HIToolbox\."))
+       (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/com\.apple\.WebProcess\."))
+       (subpath (string-append (param "HOME_DIR") "/Library/Keychains")))
 
 ;; Darwin temporary files and Security mds caches, if present
@@ -101 +99 @@
 (if (positive? (string-length (param "WEBKIT_LOCALSTORAGE_DIR")))
     (allow file* (subpath (param "WEBKIT_LOCALSTORAGE_DIR"))))
-    
+
 ;; The NSURLCache directory.
 (if (positive? (string-length (param "NSURL_CACHE_DIR")))
@@ -112 +110 @@
 ;; IOKit user clients
 (allow iokit-open
-    (iokit-connection "IOAccelerator")
-    (iokit-user-client-class "IOAccelerationUserClient")
-    (iokit-user-client-class "IOFramebufferSharedUserClient")
-    (iokit-user-client-class "AppleGraphicsControlClient")
-    (iokit-user-client-class "AGPMClient")
-    (iokit-user-client-class "IOHIDParamUserClient")
-    (iokit-user-client-class "RootDomainUserClient")
-    (iokit-user-client-class "IOSurfaceRootUserClient")
-    (iokit-user-client-class "IOSurfaceSendRight")
-    (iokit-user-client-class "IOAudioControlUserClient")
-    (iokit-user-client-class "IOAudioEngineUserClient")
-)
+       (iokit-connection "IOAccelerator")
+       (iokit-user-client-class "IOAccelerationUserClient")
+       (iokit-user-client-class "IOFramebufferSharedUserClient")
+       (iokit-user-client-class "AppleGraphicsControlClient")
+       (iokit-user-client-class "AGPMClient")
+       (iokit-user-client-class "IOHIDParamUserClient")
+       (iokit-user-client-class "RootDomainUserClient")
+       (iokit-user-client-class "IOSurfaceRootUserClient")
+       (iokit-user-client-class "IOSurfaceSendRight")
+       (iokit-user-client-class "IOAudioControlUserClient")
+       (iokit-user-client-class "IOAudioEngineUserClient"))
 
 ;; Various services required by AppKit and other frameworks
 (allow mach-lookup
-    (global-name "com.apple.CoreServices.coreservicesd")
-    (global-name "com.apple.DiskArbitration.diskarbitrationd")
-    (global-name "com.apple.FileCoordination")
-    (global-name "com.apple.FontObjectsServer")
-    (global-name "com.apple.FontServer")
-    (global-name "com.apple.SecurityServer")
-    (global-name "com.apple.SystemConfiguration.configd")
-    (global-name "com.apple.audio.VDCAssistant")
-    (global-name "com.apple.audio.audiohald")
-    (global-name "com.apple.audio.coreaudiod")
-    (global-name "com.apple.cookied")
-    (global-name "com.apple.cvmsServ")
-    (global-name "com.apple.networkd")
-    (global-name "com.apple.dock.server")
-    (global-name "com.apple.ocspd")
-    (global-name "com.apple.pasteboard.1")
-    (global-name "com.apple.system.opendirectoryd.api")
-    (global-name "com.apple.window_proxies")
-    (global-name "com.apple.windowserver.active")
-    (global-name-regex #"^com\.apple\.WebKit\.WebProcess-")
+       (global-name "com.apple.CoreServices.coreservicesd")
+       (global-name "com.apple.DiskArbitration.diskarbitrationd")
+       (global-name "com.apple.FileCoordination")
+       (global-name "com.apple.FontObjectsServer")
+       (global-name "com.apple.FontServer")
+       (global-name "com.apple.SecurityServer")
+       (global-name "com.apple.SystemConfiguration.configd")
+       (global-name "com.apple.audio.VDCAssistant")
+       (global-name "com.apple.audio.audiohald")
+       (global-name "com.apple.audio.coreaudiod")
+       (global-name "com.apple.cookied")
+       (global-name "com.apple.cvmsServ")
+       (global-name "com.apple.networkd")
+       (global-name "com.apple.dock.server")
+       (global-name "com.apple.ocspd")
+       (global-name "com.apple.pasteboard.1")
+       (global-name "com.apple.system.opendirectoryd.api")
+       (global-name "com.apple.window_proxies")
+       (global-name "com.apple.windowserver.active")
+       (global-name-regex #"^com\.apple\.WebKit\.WebProcess-")
 
-    ;; FIXME: This should be removed when <rdar://problem/9276393> is fixed.
-    (global-name "com.apple.metadata.mds")
-)
+       ;; FIXME: This should be removed when <rdar://problem/9276393> is fixed.
+       (global-name "com.apple.metadata.mds"))
 
 (allow system-socket (socket-domain AF_ROUTE))
 (allow system-socket (require-all (socket-domain AF_SYSTEM) (socket-protocol 2))) ; SYSPROTO_CONTROL
 (allow network-outbound
-   ;; Kernel controls
-   (control-name "com.apple.network.statistics")
-   (control-name "com.apple.netsrc")
+       ;; Kernel controls
+       (control-name "com.apple.network.statistics")
+       (control-name "com.apple.netsrc")
 
-   ;; Local mDNSResponder for DNS, arbitrary outbound TCP
-   (literal "/private/var/run/mDNSResponder")
-   (remote tcp)
-)
+       ;; Local mDNSResponder for DNS, arbitrary outbound TCP
+       (literal "/private/var/run/mDNSResponder")
+       (remote tcp))
 
 ;; FIXME: Once <rdar://problem/8900275> has been fixed, these rules can be removed.
@@ -168 +163 @@
 (allow network-outbound (regex #"^/private/tmp/launch-[^/]+/Render"))
 (allow file-read*
-   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.Safari.RSS.plist"))
-   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.Syndication.plist"))
-)
+       (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.Safari.RSS.plist"))
+       (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.Syndication.plist")))
 
 ;; Mute violations