tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

SandboxPolicySocket.h (4314B)

      1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* This Source Code Form is subject to the terms of the Mozilla Public
      3 * License, v. 2.0. If a copy of the MPL was not distributed with this
      4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      5 
      6 #ifndef mozilla_SandboxPolicySocket_h
      7 #define mozilla_SandboxPolicySocket_h
      8 
      9 namespace mozilla {
     10 
     11 static const char SandboxPolicySocket[] = R"SANDBOX_LITERAL(
     12  (version 1)
     13 
     14  (define should-log (param "SHOULD_LOG"))
     15  (define app-path (param "APP_PATH"))
     16  (define crashPort (param "CRASH_PORT"))
     17  (define home-path (param "HOME_PATH"))
     18  (define isRosettaTranslated (param "IS_ROSETTA_TRANSLATED"))
     19 
     20  (define (moz-deny feature)
     21    (if (string=? should-log "TRUE")
     22      (deny feature)
     23      (deny feature (with no-log))))
     24 
     25  (define (home-subpath home-relative-subpath)
     26    (subpath (string-append home-path home-relative-subpath)))
     27  (define (home-literal home-relative-literal)
     28    (literal (string-append home-path home-relative-literal)))
     29  (define (home-regex home-relative-regex)
     30    (regex (string-append "^" (regex-quote home-path) home-relative-regex)))
     31 
     32  (moz-deny default)
     33  ; These are not included in (deny default)
     34  (moz-deny process-info*)
     35  (moz-deny nvram*)
     36  (moz-deny file-map-executable)
     37 
     38  (if (string=? should-log "TRUE")
     39    (debug deny))
     40 
     41  ; Needed for things like getpriority()/setpriority()/pthread_setname()
     42  (allow process-info-pidinfo process-info-setcontrol (target self))
     43 
     44  (if (string=? isRosettaTranslated "TRUE")
     45    (allow file-map-executable (subpath "/private/var/db/oah")))
     46 
     47  (allow file-map-executable file-read*
     48    (subpath "/System/Library")
     49    (subpath "/usr/lib")
     50    (subpath app-path))
     51 
     52  (if (string? crashPort)
     53    (allow mach-lookup (global-name crashPort)))
     54 
     55  (allow signal (target self))
     56  (allow sysctl-read)
     57  (allow file-read*
     58    (literal "/dev/random")
     59    (literal "/dev/urandom")
     60    (subpath "/usr/share/icu"))
     61 
     62  ; For stat and symlink resolution
     63  (allow file-read-metadata (subpath "/"))
     64 
     65  ; Timezone
     66  (allow file-read*
     67    (subpath "/private/var/db/timezone")
     68    (subpath "/usr/share/zoneinfo")
     69    (subpath "/usr/share/zoneinfo.default")
     70    (literal "/private/etc/localtime"))
     71 
     72  ; Needed for some global preferences
     73  (allow file-read-data
     74    (literal "/Library/Preferences/.GlobalPreferences.plist")
     75    (home-literal "/Library/Preferences/.GlobalPreferences.plist")
     76    (home-regex #"/Library/Preferences/ByHost/\.GlobalPreferences.*")
     77    (home-literal "/Library/Preferences/com.apple.universalaccess.plist"))
     78 
     79  (allow file-read-data (literal "/private/etc/passwd"))
     80 
     81  (allow network-outbound
     82    (control-name "com.apple.netsrc")
     83    (literal "/private/var/run/mDNSResponder")
     84    (remote tcp)
     85    (remote udp))
     86 
     87  (allow system-socket
     88    (require-all (socket-domain AF_SYSTEM)
     89      (socket-protocol 2)) ; SYSPROTO_CONTROL
     90      (socket-domain AF_ROUTE))
     91 
     92  (allow network-bind network-inbound
     93    (local tcp)
     94    (local udp))
     95 
     96  ; Distributed notifications memory.
     97  (allow ipc-posix-shm-read-data
     98    (ipc-posix-name "apple.shm.notification_center"))
     99 
    100  ; Notification data from the security server database.
    101  (allow ipc-posix-shm
    102    (ipc-posix-name "com.apple.AppleDatabaseChanged"))
    103 
    104  ; From system.sb
    105  (allow mach-lookup
    106    (global-name "com.apple.bsd.dirhelper")
    107    (global-name "com.apple.coreservices.launchservicesd")
    108    (global-name "com.apple.system.notification_center"))
    109 
    110  ; resolv.conf and hosts file
    111  (allow file-read*
    112    (literal "/")
    113    (literal "/etc")
    114    (literal "/etc/hosts")
    115    (literal "/etc/resolv.conf")
    116    (literal "/private")
    117    (literal "/private/etc")
    118    (literal "/private/etc/hosts")
    119    (literal "/private/etc/resolv.conf")
    120    (literal "/private/var")
    121    (literal "/private/var/run")
    122    (literal "/private/var/run/resolv.conf")
    123    (literal "/var")
    124    (literal "/var/run"))
    125 
    126  ; Certificate databases
    127  (allow file-read*
    128    (subpath "/private/var/db/mds")
    129    (subpath "/Library/Keychains")
    130    (subpath "/System/Library/Keychains")
    131    (subpath "/System/Library/Security")
    132    (home-subpath "/Library/Keychains"))
    133 
    134  ; For enabling TCSM
    135  (allow sysctl-write
    136    (sysctl-name "kern.tcsm_enable"))
    137 )SANDBOX_LITERAL";
    138 
    139 }  // namespace mozilla
    140 
    141 #endif  // mozilla_SandboxPolicySocket_h