summaryrefslogtreecommitdiff
path: root/chromium/sandbox/policy/mac/renderer.sb
blob: 437a1b3485b11101e5b08d7af8ef88b2d6c8513d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193

; Copyright 2017 The Chromium Authors
; Use of this source code is governed by a BSD-style license that can be
; found in the LICENSE file.

; --- The contents of common.sb implicitly included here. ---

; Put the denials first.
; crbug.com/799149: These operations are allowed by default.
(if (>= os-version 1013)
  (if (param-true? disable-sandbox-denial-logging)
    (deny iokit-get-properties process-info* nvram* (with no-log))
    (deny iokit-get-properties process-info* nvram*)
))

; Allow cf prefs to work.
(allow user-preference-read)

; process-info
(if (>= os-version 1013)
  (begin
    (allow process-info-pidinfo)
    (allow process-info-setcontrol (target self))
))

; File reads.
; Reads from the home directory.
(allow file-read-data
  (path (user-homedir-path "/.CFUserTextEncoding"))
  (path (user-homedir-path "/Library/Preferences/com.apple.universalaccess.plist"))
)

; Reads of /dev devices.
(allow file-read-data
  (path "/dev/autofs_nowait")
  (path "/dev/fd")
)

(allow-cvms-blobs)

(allow file-write-data
  (require-all
    (path "/dev/null")
    (vnode-type CHARACTER-DEVICE)))

; Needed for Fonts.
(allow-font-access)

; Reads from /System.
(allow file-read-data
  (path "/System/Library/CoreServices/CoreTypes.bundle/Contents/Library/AppExceptions.bundle/Exceptions.plist")
  (path "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/Exceptions.plist")
  (path "/System/Library/Preferences/Logging/Subsystems/com.apple.SkyLight.plist")
  (subpath "/System/Library/ColorSync/Profiles")
  (subpath "/System/Library/CoreServices/SystemAppearance.bundle")
  (subpath "/System/Library/CoreServices/SystemVersion.bundle")
  (subpath "/System/Library/Extensions")  ; https://crbug.com/847518
  (subpath "/System/Library/LinguisticData")
)

; Reads from /Library.
(allow file-read-data
  (subpath "/Library/GPUBundles")  ; https://crbug.com/850021
)

; IOKit
(allow iokit-open
  (iokit-registry-entry-class "IOSurfaceRootUserClient")
  (iokit-registry-entry-class "RootDomainUserClient")
  (iokit-user-client-class "IOSurfaceSendRight")
)

; POSIX IPC
(allow ipc-posix-shm-read-data
  (ipc-posix-name "apple.cfprefs.317580v1")
  (ipc-posix-name "apple.cfprefs.daemonv1")
  (ipc-posix-name "apple.shm.notification_center")  ; https://crbug.com/792217
)

; mach IPC
(allow mach-lookup
  (global-name "com.apple.cvmsServ")  ; https://crbug.com/850021
  (global-name "com.apple.distributed_notifications@Uv3")  ; https://crbug.com/792257
  (global-name "com.apple.lsd.mapdb")
  (global-name "com.apple.system.notification_center")  ; https://crbug.com/792217
)

; IOKit properties.
(if (>= os-version 1013)
  (allow iokit-get-properties
    (iokit-property "CaseSensitive")
    (iokit-property "CoreStorage Encrypted")
    (iokit-property "Ejectable")
    (iokit-property "Encrypted")
    (iokit-property "IOClassNameOverride")
    (iokit-property "IOMediaIcon")
    (iokit-property "Product Identification")
    (iokit-property "Protocol Characteristics")
    (iokit-property "Removable")
    (iokit-property "image-encrypted")
))

; For V8 to use in thread calculations.
(if (>= os-version 1014)
  (begin
    (allow sysctl-read (sysctl-name "kern.tcsm_enable"))
    (allow sysctl-write (sysctl-name "kern.tcsm_enable"))
    (allow sysctl-read (sysctl-name "kern.tcsm_available"))
))

; This is available in 10.15+, and rolled out as a Finch experiment.
(if (param-true? filter-syscalls)
  (when (defined? 'syscall-unix)
    (deny syscall-unix (with send-signal SIGSYS))
    (allow syscall-unix
      (syscall-number SYS_change_fdguard_np)
      (syscall-number SYS_chdir)
      (syscall-number SYS_chmod)
      (syscall-number SYS_csops)
      (syscall-number SYS_csrctl)
      (syscall-number SYS_dup)
      (syscall-number SYS_dup2)
      (syscall-number SYS_fchmod)
      (syscall-number SYS_fcntl_nocancel)
      (syscall-number SYS_fgetxattr)
      (syscall-number SYS_fileport_makefd)
      (syscall-number SYS_fileport_makeport)
      (syscall-number SYS_flock)
      (syscall-number SYS_fsetattrlist)
      (syscall-number SYS_fsgetpath)
      (syscall-number SYS_fsync)
      (syscall-number SYS_ftruncate)
      (syscall-number SYS_getegid)
      (syscall-number SYS_getentropy)
      (syscall-number SYS_getfsstat64)
      (syscall-number SYS_getrusage)
      (syscall-number SYS_getsockopt)
      (syscall-number SYS_gettid)
      (syscall-number SYS_getxattr)
      (syscall-number SYS_guarded_close_np)
      (syscall-number SYS_guarded_open_np)
      (syscall-number SYS_guarded_pwrite_np)
      (syscall-number SYS_kdebug_trace)
      (syscall-number SYS_kdebug_typefilter)
      (syscall-number SYS_listxattr)
      (syscall-number SYS_lseek)
      (syscall-number SYS_memorystatus_control)
      (syscall-number SYS_mkdir)
      (syscall-number SYS_mkdirat)
      (syscall-number SYS_mlock)
      (syscall-number SYS_msync)
      (syscall-number SYS_munlock)
      (syscall-number SYS_necp_client_action)
      (syscall-number SYS_necp_open)
      (syscall-number SYS_openat)
      (syscall-number SYS_openat_nocancel)
      (syscall-number SYS_pathconf)
      (syscall-number SYS_pipe)
      (syscall-number SYS_pread_nocancel)
      (syscall-number SYS_proc_rlimit_control)
      (syscall-number SYS_process_policy)
      (syscall-number SYS_psynch_cvbroad)
      (syscall-number SYS_psynch_cvclrprepost)
      (syscall-number SYS_psynch_cvsignal)
      (syscall-number SYS_psynch_cvwait)
      (syscall-number SYS_psynch_rw_unlock)
      (syscall-number SYS_psynch_rw_wrlock)
      (syscall-number SYS_pwrite)
      (syscall-number SYS_quotactl)
      (syscall-number SYS_recvfrom_nocancel)
      (syscall-number SYS_rename)
      (syscall-number SYS_rmdir)
      (syscall-number SYS_select)
      (syscall-number SYS_select_nocancel)
      (syscall-number SYS_sem_close)
      (syscall-number SYS_sem_open)
      (syscall-number SYS_sem_post)
      (syscall-number SYS_sem_wait)
      (syscall-number SYS_sendmsg_nocancel)
      (syscall-number SYS_sendto)
      (syscall-number SYS_sendto_nocancel)
      (syscall-number SYS_setpriority)
      (syscall-number SYS_setrlimit)
      (syscall-number SYS_setsockopt)
      (syscall-number SYS_shared_region_check_np)
      (syscall-number SYS_shutdown)
      (syscall-number SYS_sigaltstack)
      (syscall-number SYS_umask)
      (syscall-number SYS_unlink)
      (syscall-number SYS_work_interval_ctl)
      (syscall-number SYS_write)
      (syscall-number SYS_write_nocancel)
      (syscall-number SYS_writev)
)))
View Lorry Controller Status