FCL/sf/mw/qtwebkit: WebKit2/WebProcess/com.apple.WebProcess.sb@303757a437d3 (annotated)

0 4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1	(version 1)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	2	(deny default)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	3
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	4	(allow ipc-posix-shm sysctl-read system-audit system-socket file-read-metadata)
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	5
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	6	(allow file-read*
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	7	;; Basic system paths
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	8	(subpath "/System")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	9	(subpath "/usr/share")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	10	(subpath "/Library/Fonts")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	11	(literal "/dev/dtracehelper")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	12	(literal "/dev/urandom")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	13	(literal "/private/var/db/mds/messages/se_SecurityMessages")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	14
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	15	;; System and user preferences
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	16	(literal "/Library/Preferences/.GlobalPreferences.plist")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	17	(literal (string-append (param "_HOME") "/Library/Preferences/.GlobalPreferences.plist"))
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	18	(regex (string-append "^" (param "_HOME") "/Library/Preferences/ByHost/\.GlobalPreferences\."))
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	19	(literal (string-append (param "_HOME") "/Library/Preferences/com.apple.LaunchServices.plist"))
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	20
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	21	;; On-disk WebKit2 framework location, to account for debug installations
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	22	;; outside of /System/Library/Frameworks
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	23	(subpath (param "webkit2_framework_path"))
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	24
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	25	;; Extensions from UIProcess
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	26	(extension))
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	27
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	28	(allow file*
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	29	;; Our caches are writable
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	30	(subpath (string-append (param "_HOME") "/Library/Caches/com.apple.WebProcess"))
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	31	(literal "/dev/dtracehelper"))
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	32
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	33	(allow iokit-open
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	34	;; This will need to be rethought once we're using accelerated graphics,
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	35	;; since we probably can't pre-enumerate the client classes for graphics cards
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	36	(iokit-user-client-class "IOHIDParamUserClient")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	37	(iokit-user-client-class "RootDomainUserClient"))
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	38
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	39	(allow mach-lookup
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	40	;; Various services required by AppKit and other frameworks
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	41	(global-name "com.apple.CoreServices.coreservicesd")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	42	(global-name "com.apple.FontObjectsServer")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	43	(global-name "com.apple.FontServer")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	44	(global-name "com.apple.SystemConfiguration.configd")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	45	(global-name "com.apple.cookied")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	46	(global-name "com.apple.distributed_notifications.2")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	47	(global-name "com.apple.dock.server")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	48	(global-name "com.apple.system.logger")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	49	(global-name "com.apple.system.notification_center")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	50	(global-name "com.apple.window_proxies")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	51	(global-name "com.apple.windowserver.active")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	52	(global-name "com.apple.SecurityServer")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	53	(global-name "com.apple.ocspd")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	54	(local-name "com.apple.WebKit.WebProcess"))
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	55
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	56	(allow network-outbound
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	57	;; Local mDNSResponder for DNS, arbitrary outbound TCP
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	58	(literal "/private/var/run/mDNSResponder")
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	59	(remote tcp))

author	Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
	Mon, 04 Oct 2010 01:32:07 +0300
changeset 2	303757a437d3
parent 0	4f2f89ce4247
permissions	-rw-r--r--