blob: ae9acfb5dbaafe6ceea3b182b98ab827782e5dcb [file] [log] [blame]
; Copyright 2017 The Chromium Authors
; Use of this source code is governed by a BSD-style license that can be
; found in the LICENSE file.
; --- The contents of common.sb implicitly included here. ---
; Put the denials first.
; crbug.com/799149: These operations are allowed by default.
(if (param-true? disable-sandbox-denial-logging)
(deny iokit-get-properties process-info* nvram* (with no-log))
(deny iokit-get-properties process-info* nvram*)
)
; Allow cf prefs to work.
(allow user-preference-read)
; process-info
(allow process-info-pidinfo)
(allow process-info-setcontrol (target self))
; File reads.
; Reads from the home directory.
(allow file-read-data
(path (user-homedir-path "/.CFUserTextEncoding"))
(path (user-homedir-path "/Library/Preferences/com.apple.universalaccess.plist"))
)
; Reads of /dev devices.
(allow file-read-data
(path "/dev/autofs_nowait")
(path "/dev/fd")
)
(allow-cvms-blobs)
(allow file-write-data
(require-all
(path "/dev/null")
(vnode-type CHARACTER-DEVICE)))
; Needed for Fonts.
(allow-font-access)
; Reads from /System.
(allow file-read-data
(path "/System/Library/CoreServices/CoreTypes.bundle/Contents/Library/AppExceptions.bundle/Exceptions.plist")
(path "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/Exceptions.plist")
(path "/System/Library/Preferences/Logging/Subsystems/com.apple.SkyLight.plist")
(subpath "/System/Library/ColorSync/Profiles")
(subpath "/System/Library/CoreServices/SystemAppearance.bundle")
(subpath "/System/Library/CoreServices/SystemVersion.bundle")
(subpath "/System/Library/Extensions") ; https://crbug.com/847518
(subpath "/System/Library/LinguisticData")
)
; Reads from /Library.
(allow file-read-data
(subpath "/Library/GPUBundles") ; https://crbug.com/850021
)
; IOKit
(allow iokit-open
(iokit-registry-entry-class "IOSurfaceRootUserClient")
(iokit-registry-entry-class "RootDomainUserClient")
(iokit-user-client-class "IOSurfaceSendRight")
)
; POSIX IPC
(allow ipc-posix-shm-read-data
(ipc-posix-name "apple.cfprefs.317580v1")
(ipc-posix-name "apple.cfprefs.daemonv1")
(ipc-posix-name "apple.shm.notification_center") ; https://crbug.com/792217
)
; mach IPC
(allow mach-lookup
(global-name "com.apple.cvmsServ") ; https://crbug.com/850021
(global-name "com.apple.distributed_notifications@Uv3") ; https://crbug.com/792257
(global-name "com.apple.lsd.mapdb")
(global-name "com.apple.system.notification_center") ; https://crbug.com/792217
)
; IOKit properties.
(allow iokit-get-properties
(iokit-property "CaseSensitive")
(iokit-property "CoreStorage Encrypted")
(iokit-property "Ejectable")
(iokit-property "Encrypted")
(iokit-property "IOClassNameOverride")
(iokit-property "IOMediaIcon")
(iokit-property "Product Identification")
(iokit-property "Protocol Characteristics")
(iokit-property "Removable")
(iokit-property "image-encrypted")
)
; For V8 to use in thread calculations.
(if (>= os-version 1014)
(begin
(allow sysctl-read (sysctl-name "kern.tcsm_enable"))
(allow sysctl-write (sysctl-name "kern.tcsm_enable"))
(allow sysctl-read (sysctl-name "kern.tcsm_available"))
))
; This is available in 10.15+, and rolled out as a Finch experiment.
(if (param-true? filter-syscalls)
(when (defined? 'syscall-unix)
(deny syscall-unix (with send-signal SIGSYS))
(allow syscall-unix
(syscall-number SYS_change_fdguard_np)
(syscall-number SYS_chdir)
(syscall-number SYS_chmod)
(syscall-number SYS_csops)
(syscall-number SYS_csrctl)
(syscall-number SYS_dup)
(syscall-number SYS_dup2)
(syscall-number SYS_fchmod)
(syscall-number SYS_fcntl_nocancel)
(syscall-number SYS_fgetxattr)
(syscall-number SYS_fileport_makefd)
(syscall-number SYS_fileport_makeport)
(syscall-number SYS_flock)
(syscall-number SYS_fsetattrlist)
(syscall-number SYS_fsgetpath)
(syscall-number SYS_fsync)
(syscall-number SYS_ftruncate)
(syscall-number SYS_getegid)
(syscall-number SYS_getentropy)
(syscall-number SYS_getfsstat64)
(syscall-number SYS_getrusage)
(syscall-number SYS_getsockopt)
(syscall-number SYS_gettid)
(syscall-number SYS_getxattr)
(syscall-number SYS_guarded_close_np)
(syscall-number SYS_guarded_open_np)
(syscall-number SYS_guarded_pwrite_np)
(syscall-number SYS_kdebug_trace)
(syscall-number SYS_kdebug_typefilter)
(syscall-number SYS_listxattr)
(syscall-number SYS_lseek)
(syscall-number SYS_memorystatus_control)
(syscall-number SYS_mkdir)
(syscall-number SYS_mkdirat)
(syscall-number SYS_mlock)
(syscall-number SYS_msync)
(syscall-number SYS_munlock)
(syscall-number SYS_necp_client_action)
(syscall-number SYS_necp_open)
(syscall-number SYS_openat)
(syscall-number SYS_openat_nocancel)
(syscall-number SYS_pathconf)
(syscall-number SYS_pipe)
(syscall-number SYS_pread_nocancel)
(syscall-number SYS_proc_rlimit_control)
(syscall-number SYS_process_policy)
(syscall-number SYS_psynch_cvbroad)
(syscall-number SYS_psynch_cvclrprepost)
(syscall-number SYS_psynch_cvsignal)
(syscall-number SYS_psynch_cvwait)
(syscall-number SYS_psynch_rw_unlock)
(syscall-number SYS_psynch_rw_wrlock)
(syscall-number SYS_pwrite)
(syscall-number SYS_quotactl)
(syscall-number SYS_recvfrom_nocancel)
(syscall-number SYS_rename)
(syscall-number SYS_rmdir)
(syscall-number SYS_select)
(syscall-number SYS_select_nocancel)
(syscall-number SYS_sem_close)
(syscall-number SYS_sem_open)
(syscall-number SYS_sem_post)
(syscall-number SYS_sem_wait)
(syscall-number SYS_sendmsg_nocancel)
(syscall-number SYS_sendto)
(syscall-number SYS_sendto_nocancel)
(syscall-number SYS_setpriority)
(syscall-number SYS_setrlimit)
(syscall-number SYS_setsockopt)
(syscall-number SYS_shared_region_check_np)
(syscall-number SYS_shutdown)
(syscall-number SYS_sigaltstack)
(syscall-number SYS_umask)
(syscall-number SYS_unlink)
(syscall-number SYS_work_interval_ctl)
(syscall-number SYS_write)
(syscall-number SYS_write_nocancel)
(syscall-number SYS_writev)
)))