Share sandbox macro between WebKit sandboxes

https://bugs.webkit.org/show_bug.cgi?id=271380
rdar://125167227

Reviewed by Chris Dumez.

Share sandbox macro for debugging support between WebKit sandboxes.

* Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb.in:
* Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in:
* Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
* Source/WebKit/Shared/Sandbox/iOS/common.sb:

Canonical link: https://commits.webkit.org/276468@main

Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb.in

@@ -278,35 +278,6 @@
         "com.apple.Metal") ;; <rdar://problem/25535471>
 )
 
-(define-once (internal-debugging-support)
-        (allow file-read* file-map-executable
-               (subpath "/Developer"))
-
-        (allow ipc-posix-shm*
-               (ipc-posix-name-prefix "stack-logs")
-               (ipc-posix-name-prefix "OA-")
-               (ipc-posix-name-prefix "/FSM-"))
-
-        (allow ipc-posix-shm-read* ipc-posix-shm-write-data ipc-posix-shm-write-unlink
-               (ipc-posix-name-regex #"^gdt-[A-Za-z0-9]+-(c|s)$"))
-
-        (with-filter (system-attribute apple-internal)
-            ;; <rdar://problem/8565035>
-            ;; <rdar://problem/23857452>
-            ;; <rdar://problem/72317112>
-            (allow file-read* file-map-executable
-                   (subpath "/AppleInternal")
-                   (subpath "/usr/local/lib")
-                   (subpath "/usr/appleinternal/lib")))
-            (with-elevated-precedence
-                (allow file-read* file-map-executable file-issue-extension
-                   (front-user-home-subpath "/XcodeBuiltProducts")))
-
-        ;; <rdar://problem/8107758>
-        (allow file-read* file-map-executable
-               (subpath "/System/Library/Frameworks")
-               (subpath "/System/Library/PrivateFrameworks")))
-
 (define-once (device-access)
     (deny file-read* file-write*
           (vnode-type BLOCK-DEVICE CHARACTER-DEVICE))
@@ -435,8 +406,7 @@
 )
 
 (with-filter (system-attribute apple-internal)
-    (internal-debugging-support)
-)
+    (internal-debugging-support))
 
 (allow file-read*
     required-etc-files)

Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in

@@ -373,48 +373,6 @@
         (iokit-user-client-class "AppleKeyStoreUserClient") ;; Needed by NSURLCache
 ))
 
-(define-once (internal-debugging-support)
-        ;; <rdar://problem/8379706>
-        ;; <rdar://problem/12868101>
-        ;; <rdar://problem/22766887>
-        ;; <rdar://problem/22880365>
-        (allow file-read* file-map-executable
-               (subpath "/Developer"))
-
-        ;; <rdar://problem/7674121>
-        ;; <rdar://problem/9151290>
-        (allow ipc-posix-shm*
-               (ipc-posix-name-prefix "stack-logs")
-               (ipc-posix-name-prefix "OA-")
-               (ipc-posix-name-prefix "/FSM-"))
-
-        (with-filter (system-attribute apple-internal)
-            ;; <rdar://problem/8565035>
-            ;; <rdar://problem/23857452>
-            ;; <rdar://problem/72317112>
-            (allow file-read* file-map-executable
-                   (subpath "/AppleInternal")
-                   (subpath "/usr/local/lib")
-                   (subpath "/usr/appleinternal/lib")))
-            (with-elevated-precedence
-                (allow file-read* file-map-executable file-issue-extension
-                   (front-user-home-subpath "/XcodeBuiltProducts")))
-
-        ;; <rdar://problem/8107758>
-        (allow file-read* file-map-executable
-               (subpath "/System/Library/Frameworks")
-               (subpath "/System/Library/PrivateFrameworks"))
-
-        ;; <rdar://problem/11455762>
-        (allow mach-lookup
-               (global-name "com.apple.hangtracerd"))
-        ;; <rdar://problem/32544921>
-        (mobile-preferences-read "com.apple.hangtracer")
-
-        ;; <rdar://problem/9090627>
-        (allow mach-lookup
-             (global-name "com.apple.osanalytics.osanalyticshelper")))
-
 (define required-etc-files
   (literal "/private/etc/hosts"
            "/private/etc/passwd"
@@ -503,8 +461,7 @@
                (sysctl-name-prefix "kern.procargs2."))))
 
 (with-filter (system-attribute apple-internal)
-    (internal-debugging-support)
-)
+    (internal-debugging-support))
 
 (allow file-read*
     required-etc-files)
@@ -677,7 +634,9 @@
     (allow mach-lookup
         (global-name "com.apple.diagnosticd")
         (global-name "com.apple.aggregated")
-        (global-name "com.apple.analyticsd")))
+        (global-name "com.apple.analyticsd")
+        (global-name "com.apple.hangtracerd")
+        (global-name "com.apple.osanalytics.osanalyticshelper")))
 
 ;; For reporting progress for active downloads <rdar://problem/44405661>
 (allow mach-lookup

Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in

@@ -200,38 +200,6 @@
     )
 )
 
-(define-once (internal-debugging-support)
-        (allow file-read* file-map-executable
-               (subpath "/Developer"))
-
-        (allow ipc-posix-shm*
-               (ipc-posix-name-prefix "stack-logs")
-               (ipc-posix-name-prefix "OA-")
-               (ipc-posix-name-prefix "/FSM-"))
-
-        (allow ipc-posix-shm-read* ipc-posix-shm-write-data ipc-posix-shm-write-unlink
-               (ipc-posix-name-regex #"^gdt-[A-Za-z0-9]+-(c|s)$"))
-
-        (with-filter (system-attribute apple-internal)
-            ;; <rdar://problem/8565035>
-            ;; <rdar://problem/23857452>
-            ;; <rdar://problem/72317112>
-            (allow file-read* file-map-executable
-                   (subpath "/AppleInternal")
-                   (subpath "/usr/local/lib")
-                   (subpath "/usr/appleinternal/lib")))
-            (with-elevated-precedence
-                (allow file-read* file-map-executable file-issue-extension
-                   (front-user-home-subpath "/XcodeBuiltProducts")))
-
-        ;; <rdar://problem/8107758>
-        (allow file-read* file-map-executable
-               (subpath "/System/Library/Frameworks")
-               (subpath "/System/Library/PrivateFrameworks"))
-
-        ;; <rdar://problem/32544921>
-        (mobile-preferences-read "com.apple.hangtracer"))
-
 (define-once (device-access)
     (deny file-read* file-write*
           (vnode-type BLOCK-DEVICE CHARACTER-DEVICE))
@@ -438,8 +406,7 @@
 )
 
 (with-filter (system-attribute apple-internal)
-    (internal-debugging-support)
-)
+    (internal-debugging-support))
 
 (allow file-read*
     required-etc-files

Source/WebKit/Shared/Sandbox/iOS/common.sb

@@ -89,3 +89,33 @@
                 (home-literal (string-append "/Library/Preferences/" domain ".plist")))))
         domains))
 
+(define-once (internal-debugging-support)
+        (allow file-read* file-map-executable
+               (subpath "/Developer"))
+
+        (allow ipc-posix-shm*
+               (ipc-posix-name-prefix "stack-logs")
+               (ipc-posix-name-prefix "OA-")
+               (ipc-posix-name-prefix "/FSM-"))
+
+        (allow ipc-posix-shm-read* ipc-posix-shm-write-data ipc-posix-shm-write-unlink
+               (ipc-posix-name-regex #"^gdt-[A-Za-z0-9]+-(c|s)$"))
+
+        ;; <rdar://problem/8565035>
+        ;; <rdar://problem/23857452>
+        ;; <rdar://problem/72317112>
+        (allow file-read* file-map-executable
+               (subpath "/AppleInternal")
+               (subpath "/usr/local/lib")
+               (subpath "/usr/appleinternal/lib"))
+        (with-elevated-precedence
+            (allow file-read* file-map-executable file-issue-extension
+               (front-user-home-subpath "/XcodeBuiltProducts")))
+
+        ;; <rdar://problem/8107758>
+        (allow file-read* file-map-executable
+               (subpath "/System/Library/Frameworks")
+               (subpath "/System/Library/PrivateFrameworks"))
+
+        ;; <rdar://problem/32544921>
+        (mobile-preferences-read "com.apple.hangtracer"))