tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

SandboxPolicyGMP.h (2701B)

      1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* This Source Code Form is subject to the terms of the Mozilla Public
      3 * License, v. 2.0. If a copy of the MPL was not distributed with this
      4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      5 
      6 #ifndef mozilla_SandboxPolicyGMP_h
      7 #define mozilla_SandboxPolicyGMP_h
      8 
      9 #define MAX_GMP_TESTING_READ_PATHS 2
     10 
     11 namespace mozilla {
     12 
     13 static const char SandboxPolicyGMP[] = R"SANDBOX_LITERAL(
     14  (version 1)
     15 
     16  (define should-log (param "SHOULD_LOG"))
     17  (define app-path (param "APP_PATH"))
     18  (define plugin-path (param "PLUGIN_PATH"))
     19  (define plugin-binary-path (param "PLUGIN_BINARY_PATH"))
     20  (define crashPort (param "CRASH_PORT"))
     21  (define hasWindowServer (param "HAS_WINDOW_SERVER"))
     22  (define testingReadPath1 (param "TESTING_READ_PATH1"))
     23  (define testingReadPath2 (param "TESTING_READ_PATH2"))
     24  (define isRosettaTranslated (param "IS_ROSETTA_TRANSLATED"))
     25 
     26  (define (moz-deny feature)
     27    (if (string=? should-log "TRUE")
     28      (deny feature)
     29      (deny feature (with no-log))))
     30 
     31  (moz-deny default)
     32  ; These are not included in (deny default)
     33  (moz-deny process-info*)
     34  (moz-deny nvram*)
     35  (moz-deny file-map-executable)
     36  (allow process-info-pidinfo (target self))
     37 
     38  ; Needed for things like getpriority()/setpriority()/pthread_setname()
     39  (allow process-info-pidinfo process-info-setcontrol (target self))
     40 
     41  (if (string=? isRosettaTranslated "TRUE")
     42    (allow file-map-executable (subpath "/private/var/db/oah")))
     43 
     44  (allow file-map-executable file-read*
     45    (subpath "/System/Library")
     46    (subpath "/usr/lib")
     47    (subpath plugin-path)
     48    (subpath app-path))
     49 
     50  (when plugin-binary-path
     51    (allow file-read* file-map-executable (subpath plugin-binary-path)))
     52  (when testingReadPath1
     53    (allow file-read* file-map-executable (subpath testingReadPath1)))
     54  (when testingReadPath2
     55    (allow file-read* file-map-executable (subpath testingReadPath2)))
     56 
     57  (if (string? crashPort)
     58    (allow mach-lookup (global-name crashPort)))
     59 
     60  (allow signal (target self))
     61  (allow sysctl-read)
     62  (allow iokit-open (iokit-user-client-class "IOHIDParamUserClient"))
     63  (allow file-read*
     64      (literal "/etc")
     65      (literal "/dev/random")
     66      (literal "/dev/urandom")
     67      (literal "/usr/share/icu/icudt51l.dat"))
     68 
     69  ; Timezone
     70  (allow file-read*
     71    (subpath "/private/var/db/timezone")
     72    (subpath "/usr/share/zoneinfo")
     73    (subpath "/usr/share/zoneinfo.default")
     74    (literal "/private/etc/localtime"))
     75 
     76  (if (string=? hasWindowServer "TRUE")
     77    (allow mach-lookup (global-name "com.apple.windowserver.active")))
     78 )SANDBOX_LITERAL";
     79 
     80 }  // namespace mozilla
     81 
     82 #endif  // mozilla_SandboxPolicyGMP_h