Source/WebKit2/WebProcess/com.apple.WebProcess.sb

(version 1)
(deny default (with partial-symbolication))
(allow ipc-posix-shm system-audit system-socket file-read-metadata)

(import "system.sb")
(import "com.apple.corefoundation.sb")

;; Distributed notifications, local pasteboard client
(corefoundation)

;; Read-only preferences and data
(allow file-read*
    ;; Basic system paths
    (subpath "/Library/Dictionaries")
    (subpath "/Library/Fonts")
    (subpath "/Library/Frameworks")
    (subpath "/Library/Keychains")
    (subpath "/private/var/db/mds")
    (subpath "/private/var/db/DetachedSignatures")
    (regex #"^/private/etc/(hosts|group|passwd)$")

    ;; Plugins
    (subpath "/Library/Internet Plug-Ins")
    (subpath (string-append (param "HOME_DIR") "/Library/Internet Plug-Ins"))

    ;; System and user preferences
    (literal "/Library/Preferences/.GlobalPreferences.plist")
    (literal "/Library/Preferences/com.apple.crypto.plist")
    (literal "/Library/Preferences/com.apple.security.plist")
    (literal "/Library/Preferences/com.apple.security.common.plist")
    (literal "/Library/Preferences/com.apple.security.revocation.plist")
    (literal (string-append (param "HOME_DIR") "/Library/Preferences/.GlobalPreferences.plist"))
    (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/\.GlobalPreferences\."))
    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.ATS.plist"))
    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.HIToolbox.plist"))
    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.LaunchServices.plist"))
    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.WebFoundation.plist"))
    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.security.plist"))
    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.security.revocation.plist"))
    (literal (string-append (param "HOME_DIR") "/Library/Application Support/SyncServices/Local/ClientsWithChanges/com.apple.Keychain"))
    (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/com\.apple\.driver\.(AppleBluetoothMultitouch\.mouse|AppleBluetoothMultitouch\.trackpad|AppleHIDMouse)\.plist$"))

    ;; On-disk WebKit2 framework location, to account for debug installations
    ;; outside of /System/Library/Frameworks
    (subpath (param "WEBKIT2_FRAMEWORK_DIR"))

    ;; FIXME: This should be removed when <rdar://problem/8957845> is fixed.
    (subpath (string-append (param "HOME_DIR") "/Library/Fonts"))

    ;; FIXME: These should be removed when <rdar://problem/9217757> is fixed.
    (subpath (string-append (param "HOME_DIR") "/Library/Audio/Plug-Ins/Components"))
    (subpath (string-append (param "HOME_DIR") "/Library/Preferences/QuickTime Preferences"))
    (subpath "/Library/Audio/Plug-Ins/Components")
    (subpath "/Library/Audio/Plug-Ins/HAL")
    (subpath "/Library/Video/Plug-Ins")
    (subpath "/Library/QuickTime")

    ;; FIXME: This should be removed when <rdar://problem/9237619> is fixed.
    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.universalaccess.plist"))

    ;; FIXME: This should be removed when <rdar://problem/9276253> is fixed.
    (subpath (string-append (param "HOME_DIR") "/Library/Keyboard Layouts"))

    ;; FIXME: This should be removed when <rdar://problem/9276268> is fixed.
    (subpath (string-append (param "HOME_DIR") "/Library/Input Methods"))

    ;; FIXME: This should be removed when <rdar://problem/9276430> is fixed.
    (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2"))

    (subpath (string-append (param "HOME_DIR") "/Library/Dictionaries"))

    ;; Extensions from UIProcess
    (extension)
)

(allow file-write*
    ;; Extensions from UIProcess
    (extension)
)

;; Writable preferences and temporary files
(allow file*
    (subpath (string-append (param "HOME_DIR") "/Library/Caches/com.apple.WebProcess"))
    (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/com\.apple\.HIToolbox\."))
    (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/com\.apple\.WebProcess\."))
    (subpath (string-append (param "HOME_DIR") "/Library/Keychains"))

    ;; FIXME: This should be removed when <rdar://problem/9217757> is fixed.
    (literal (string-append (param "HOME_DIR") "/Library/Caches/com.apple.coreaudio.components.plist"))
)

;; Darwin temporary files and caches, if present
(if (positive? (string-length (param "DARWIN_USER_CACHE_DIR")))
    (allow file* (subpath (param "DARWIN_USER_CACHE_DIR"))))
(if (positive? (string-length (param "DARWIN_USER_TEMP_DIR")))
    (allow file* (subpath (param "DARWIN_USER_TEMP_DIR"))))

;; Database dir
(if (positive? (string-length (param "WEBKIT_DATABASE_DIR")))
    (allow file* (subpath (param "WEBKIT_DATABASE_DIR"))))

;; LocalStorage dir
(if (positive? (string-length (param "WEBKIT_LOCALSTORAGE_DIR")))
    (allow file* (subpath (param "WEBKIT_LOCALSTORAGE_DIR"))))
    
;; The NSURLCache directory.
(if (positive? (string-length (param "NSURL_CACHE_DIR")))
    (allow file* (subpath (param "NSURL_CACHE_DIR"))))

;; The bundle resource path of the UI process.
(if (positive? (string-length (param "UI_PROCESS_BUNDLE_RESOURCE_DIR")))
    (allow file-read* (subpath (param "UI_PROCESS_BUNDLE_RESOURCE_DIR"))))

;; FIXME: overly permissive since we can't pre-enumerate the client
;; classes for graphics cards
(allow iokit-open
   ;;(iokit-user-client-class "IOHIDParamUserClient")
   ;;(iokit-user-client-class "RootDomainUserClient")
)

;; Various services required by AppKit and other frameworks
(allow mach-lookup
    (global-name "com.apple.CoreServices.coreservicesd")
    (global-name "com.apple.DiskArbitration.diskarbitrationd")
    (global-name "com.apple.FileCoordination")
    (global-name "com.apple.FontObjectsServer")
    (global-name "com.apple.FontServer")
    (global-name "com.apple.SecurityServer")
    (global-name "com.apple.SystemConfiguration.configd")
    (global-name "com.apple.audio.VDCAssistant")
    (global-name "com.apple.audio.audiohald")
    (global-name "com.apple.audio.coreaudiod")
    (global-name "com.apple.cookied")
    (global-name "com.apple.cvmsServ")
    (global-name "com.apple.networkd")
    (global-name "com.apple.dock.server")
    (global-name "com.apple.ocspd")
    (global-name "com.apple.pasteboard.1")
    (global-name "com.apple.system.opendirectoryd.api")
    (global-name "com.apple.window_proxies")
    (global-name "com.apple.windowserver.active")
    (global-name-regex #"^com\.apple\.WebKit\.WebProcess-")
    (global-name-regex #"^com\.apple\.qtkitserver\.")

    ;; FIXME: This should be removed when <rdar://problem/9276393> is fixed.
    (global-name "com.apple.metadata.mds")
)

;; FIXME: <rdar://problem/9263428> These rules are required to avoid
;; sandbox violation spam, but some narrower rule should be
;; sufficient.
(allow network-outbound)
(deny network-outbound (regex ""))
(deny network-outbound (local ip))

(allow network-outbound
   ;; Local mDNSResponder for DNS, arbitrary outbound TCP
   (literal "/private/var/run/mDNSResponder")
   (remote tcp)
)

;; FIXME: Once <rdar://problem/8900275> has been fixed, these rules can be removed.
(allow mach-lookup (global-name "com.apple.pubsub.ipc"))
(allow network-outbound (regex #"^/private/tmp/launch-[^/]+/Render"))
(allow file-read*
   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.Safari.RSS.plist"))
   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.Syndication.plist"))
)

;; FIXME: Investigate these.
(allow appleevent-send (appleevent-destination "com.apple.WebProcess"))
(allow mach-lookup (global-name-regex #"^EPPC-"))