content/renderer/renderer_v2.sb - Issue 2920353002: Add the V2 sandbox rules for renderer processes.

Side by Side Diff: content/renderer/renderer_v2.sb

Issue 2920353002: Add the V2 sandbox rules for renderer processes. (Closed)

Patch Set: Add the rules file Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
(Empty)
	1 ; Copyright 2017 The Chromium Authors. All rights reserved.

	2 ; Use of this source code is governed by a BSD-style license that can be

	3 ; found in the LICENSE file.

	4 (version 1)

	5

	6 ; The top of this will be the V2 common profile.
	Robert Sesek 2017/06/06 14:56:00 Why not have common_v2.sb now? Why not have common_v2.sb now? Greg K 2017/06/09 20:51:20 It's not clear exactly what will be abstracted out Show quoted text On 2017/06/06 14:56:00, Robert Sesek wrote: > Why not have common_v2.sb now? It's not clear exactly what will be abstracted out, so I thought it made more sense to do the abstraction as soon as another process type uses the sandbox and I know what the actual diff is.
	7

	8 ; Helper function to check if a param is set to true.

	9 (define (param-true? str) (string=? (param str) "TRUE"))

	10

	11 ; Helper function to determine if a parameter is defined or not.

	12 (define (param-defined? str) (string? (param str)))

	13

	14 ; Define constants for all of the parameter strings passed in.

	15 (define disable-sandbox-denial-logging "DISABLE_SANDBOX_DENIAL_LOGGING")

	16 (define enable-logging "ENABLE_LOGGING")

	17 (define homedir-as-literal "USER_HOMEDIR_AS_LITERAL")

	18 (define elcap-or-later "ELCAP_OR_LATER")

	19 (define bundle-path "BUNDLE_PATH")

	20 (define executable-path "EXECUTABLE_PATH")

	21 (define chromium-pid "CHROMIUM_PID")

	22 (define log-file-path "LOG_FILE_PATH")

	23 (define bundle-id "BUNDLE_ID")

	24 (define component-path "COMPONENT_PATH")

	25

	26 ; Backwards compatibility for 10.9

	27 (define (path x) (literal x))

	28

	29 ; --enable-sandbox-logging causes the sandbox to log failures to the syslog.

	30 (if (param-true? disable-sandbox-denial-logging)

	31 (deny default (with no-log))
	Robert Sesek 2017/06/06 14:56:00 Why 4-space indents instead of the usual 2? Why 4-space indents instead of the usual 2? Greg K 2017/06/09 20:51:20 Done. Show quoted text On 2017/06/06 14:56:00, Robert Sesek wrote: > Why 4-space indents instead of the usual 2? Done.
	32 (deny default))

	33

	34 (if (param-true? enable-logging) (debug deny))

	35

	36 ; Allow sending signals to self - https://crbug.com/20370

	37 (allow signal (target self))

	38

	39 ; Consumes a subpath and appends it to the user's homedir path.

	40 (define (user-homedir-path subpath)

	41 (string-append (param homedir-as-literal) subpath))

	42

	43 ; Allow logging for all processes
	Robert Sesek 2017/06/06 14:56:00 nit, and throughout this file: comments need prope nit, and throughout this file: comments need proper punctuation. Greg K 2017/06/09 20:51:20 Done. Show quoted text On 2017/06/06 14:56:00, Robert Sesek wrote: > nit, and throughout this file: comments need proper punctuation. Done.
	44 (allow file-write* (path (param log-file-path)))

	45

	46 ; Allow component builds to work

	47 (if (param-defined? component-path)

	48 (allow file-read* (subpath (param component-path))))

	49

	50 ;TODO: Are these needed once I move the code into the helper executable?

	51 (allow process-exec* (path (param executable-path)))

	52 (allow file-read* (path (param executable-path)))

	53

	54 (allow mach-lookup (global-name (string-append (param bundle-id)

	55 ".rohitfork."

	56 (param chromium-pid))))

	57

	58 ; Allow realpath() to work

	59 (allow file-read-metadata (subpath "/"))

	60

	61 ; Allow cf prefs to work

	62 (allow user-preference-read)

	63

	64 ; All processes can read the bundle contents

	65 (allow file-read* (subpath (param bundle-path)))

	66

	67 ; This is the renderer specific stuff.
	Robert Sesek 2017/06/06 14:56:00 Better put as "; End of common.sb" ? Better put as "; End of common.sb" ? Greg K 2017/06/09 20:51:20 Done. Show quoted text On 2017/06/06 14:56:00, Robert Sesek wrote: > Better put as "; End of common.sb" ? Done.
	68 (allow file-ioctl file-read-data file-write-data (path "/dev/dtracehelper"))

	69

	70 ; File reads

	71 ; Reads from the home directory.

	72 (allow file-read-data (path (user-homedir-path "/.CFUserTextEncoding")))

	73

	74 ; Reads of /dev devices.

	75 (allow file-read-data

	76 (path "/dev/autofs_nowait")
	Robert Sesek 2017/06/06 14:56:00 Now 8-space indents? Now 8-space indents? Greg K 2017/06/09 20:51:20 Done. Show quoted text On 2017/06/06 14:56:00, Robert Sesek wrote: > Now 8-space indents? Done.
	77 (path "/dev/urandom"))

	78

	79 ; Reads from /usr.

	80 (allow file-read-data

	81 (path "/usr/lib/libexpat.1.dylib")

	82 (subpath "/usr/share/zoneinfo"))

	83

	84 (allow file-read* (path "/usr/share/icu/icudt57l.dat"))

	85

	86 ; Reads from /Library.

	87 (allow file-read-data (subpath "/Library/Fonts"))

	88

	89 ; Reads from /System.

	90 (allow file-read-data

	91 (path "/System/Library/CoreServices/CoreTypes.bundle/Contents/Library/App Exceptions.bundle/Exceptions.plist")

	92 (path "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/E xceptions.plist")

	93 (path "/System/Library/CoreServices/SystemVersion.plist")

	94 (path "/System/Library/Preferences/Logging/Subsystems/com.apple.SkyLight. plist")

	95 (subpath "/System/Library/ColorSync/Profiles")

	96 (subpath "/System/Library/CoreServices/SystemAppearance.bundle")

	97 (subpath "/System/Library/CoreServices/SystemVersion.bundle")

	98 (subpath "/System/Library/Fonts")

	99 (subpath "/System/Library/Frameworks"))

	100

	101 ; IOKit

	102 (allow iokit-open (iokit-registry-entry-class "IOSurfaceRootUserClient"))

	103

	104 ; POSIX IPC

	105 (allow ipc-posix-shm-read-data

	106 (ipc-posix-name "apple.cfprefs.317580v1")

	107 (ipc-posix-name "apple.cfprefs.daemonv1")

	108 (ipc-posix-name "apple.shm.notification_center"))

	109

	110 ; mach IPC

	111 (allow mach-lookup

	112 ; TODO(kerrnel): audit coreservicesd.

	113 (global-name "com.apple.CoreServices.coreservicesd")

	114 ; TODO(kerrnel): nix if possible.
	Robert Sesek 2017/06/06 14:56:00 Can these be resolved before landing? Can these be resolved before landing?
	115 (global-name "com.apple.GameController.gamecontrollerd")

	116 ; TODO(kerrnel): nix if possible.

	117 (global-name "com.apple.cfprefsd.agent")

	118 ; TODO(kerrnel): nix if possible.

	119 (global-name "com.apple.cfprefsd.daemon")

	120 (global-name "com.apple.coreservices.launchservicesd")

	121 ; TODO(kerrnel): nix if possible.

	122 (global-name "com.apple.diagnosticd")

	123 (global-name "com.apple.distributed_notifications@Uv3")

	124 (global-name "com.apple.fonts")

	125 (global-name "com.apple.logd")

	126 (global-name "com.apple.lsd.mapdb")

	127 (global-name "com.apple.system.logger")

	128 (global-name "com.apple.system.notification_center")

	129 (global-name "com.apple.system.opendirectoryd.libinfo")

	130 (global-name "com.apple.windowserver.active"))

	131

	132 ; sysctl

	133 (allow sysctl-read

	134 (sysctl-name "hw.activecpu")

	135 (sysctl-name "hw.busfrequency_compat")

	136 (sysctl-name "hw.byteorder")

	137 (sysctl-name "hw.cachelinesize_compat")

	138 (sysctl-name "hw.cpufrequency_compat")

	139 (sysctl-name "hw.cputype")

	140 (sysctl-name "hw.machine")

	141 (sysctl-name "hw.ncpu")

	142 (sysctl-name "hw.pagesize_compat")

	143 (sysctl-name "hw.physicalcpu_max")

	144 (sysctl-name "hw.tbfrequency_compat")

	145 (sysctl-name "hw.vectorunit")

	146 (sysctl-name "kern.hostname")

	147 (sysctl-name "kern.osrelease")

	148 (sysctl-name "kern.ostype")

	149 (sysctl-name "kern.osversion")

	150 (sysctl-name "kern.version"))

OLD	NEW

« no previous file with comments | « content/content_resources.grd ('k') | no next file » | no next file with comments »