keychain/KeychainStasher/com.apple.security.KeychainStasher.sb

   1 (version 1)
   2
   3 (deny default)
   4 (deny file-map-executable process-info* nvram*)
   5 (deny dynamic-code-generation)
   6
   7 (import "system.sb")
   8 (import "com.apple.corefoundation.sb")
   9 (corefoundation)
  10
  11 (allow process-info-dirtycontrol (target self))
  12
  13 (allow mach-lookup (global-name "com.apple.securityd.xpc"))
  14
  15 (allow file-read-metadata)
  16
  17 (if (param "ANALYTICSDIR")
  18     (allow file-read* file-write* (subpath (param "ANALYTICSDIR"))))
  19
  20 (allow file-read* (subpath "/usr/libexec"))
  21
  22 (allow user-preference-read (preference-domain "kCFPreferencesAnyApplication"))