OSX/lib/framework.sb

   1 ;; allow clients to communicate with secd
   2 (allow mach-lookup (global-name "com.apple.secd"))
   3 ;; allow clients to communicate with coreauthd
   4 (allow mach-lookup (global-name "com.apple.CoreAuthentication.daemon"))
   5 (allow mach-lookup (global-name "com.apple.CoreAuthentication.agent"))
   6 ;; allow clients to communicate with ctkd
   7 (allow mach-lookup (global-name "com.apple.ctkd.token-client"))
   8
   9 ;; On internal builds, allow clients to read the AMFITrustedKeys NVRAM variable
  10 (with-filter (system-attribute apple-internal)
  11     (allow nvram-get (nvram-variable "AMFITrustedKeys")))