ipsec-286.1.1.tar.gz

[apple/ipsec.git] / racoon.sb

diff --git a/racoon.sb b/racoon.sb
index 8aefd9cb9f8bed66c2a49cb061f873d140dd5690..ec523137f423882d3f832e0ea9409f2918f69c6c 100644 (file)
--- a/racoon.sb
+++ b/racoon.sb
@@ -23,7 +23,9 @@
     (subpath "/Library/Managed\ Preferences")
     (subpath "/Library/Preferences")
     (subpath "/private/var/root")
-    (literal "/private/var/db/mds/messages/se_SecurityMessages"))
+    (literal "/private/var/mobile/Library/Caches/com.apple.MobileGestalt.plist")
+    (literal "/private/var/db/mds/messages/se_SecurityMessages")
+    (literal "/private/var/db/icu"))
 
 (allow file-write*
     (literal "/private/var/run/racoon.sock")
@@ -50,7 +52,16 @@
 (allow mach-lookup
     (global-name "com.apple.SecurityServer")
     (global-name "com.apple.SystemConfiguration.configd")
-    (global-name "com.apple.ocspd"))
+    (global-name "com.apple.ocspd")
+    (global-name "com.apple.commcenter.xpc")
+    (global-name "com.apple.aggregated")
+    (global-name "com.apple.cfprefsd.daemon")
+    (global-name "com.apple.cfprefsd.agent")
+    (local-name "com.apple.cfprefsd.agent")
+    (global-name "com.apple.nehelper"))
+       
+(allow ipc-posix-shm-read*
+    (ipc-posix-name-regex #"^apple\.shm\.cfprefsd\."))
 
 ;;;;;; Common system sandbox rules
 ;;;;;;