]> git.saurik.com Git - apple/security.git/blob - OSX/authd/com.apple.authd.sb
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59754.41.1.tar.gz
[apple/security.git] / OSX / authd / com.apple.authd.sb
1 (version 1)
2
3 (deny default)
4
5 (import "system.sb")
6
7 (allow file-ioctl
8 (literal "/dev/auditsessions"))
9
10 (allow file-read*)
11
12 (allow file-read* file-write*
13 (regex #"^/private/var/db/auth\.db.*$")
14 (literal "/private/var/db/mds/system/mds.lock")
15 (subpath (param "TMP_DIR")))
16
17 (allow network-outbound
18 (literal "/private/var/run/systemkeychaincheck.socket"))
19
20 (allow mach-lookup
21 (global-name "com.apple.CoreAuthentication.agent")
22 (global-name "com.apple.CoreAuthentication.daemon")
23 (global-name "com.apple.CoreServices.coreservicesd")
24 (global-name "com.apple.PowerManagement.control")
25 (global-name "com.apple.security.agent")
26 (global-name "com.apple.security.agent.login")
27 (global-name "com.apple.security.authhost")
28 (global-name "com.apple.SecurityServer")
29 (global-name "com.apple.system.opendirectoryd.api")
30 (global-name "com.apple.ocspd")
31 (global-name "com.apple.DiskArbitration.diskarbitrationd")
32 (global-name "com.apple.diskmanagementd"))
33
34 (allow ipc-posix-shm
35 (ipc-posix-name "apple.shm.notification_center")
36 (ipc-posix-name "com.apple.AppleDatabaseChanged"))
37
38 (allow mach-priv-host-port)
39
40 (allow user-preference-read
41 (preference-domain "kCFPreferencesAnyApplication")
42 (preference-domain "com.apple.authd"))
43
44 (allow system-audit system-sched)
45
46 (allow iokit-open
47 (iokit-user-client-class "AppleAPFSUserClient")
48 (iokit-user-client-class "AppleKeyStoreUserClient"))
mirror of Security