keychain/TrustedPeersHelper/com.apple.TrustedPeersHelper.sb

   1 (version 1)
   2
   3 (define (home-subpath home-relative-subpath)
   4     (subpath (string-append (param "HOME") home-relative-subpath)))
   5
   6 (deny default)
   7 (deny file-map-executable iokit-get-properties process-info* nvram*)
   8 (deny dynamic-code-generation)
   9
  10 (deny mach-priv-host-port)
  11 (import "system.sb")
  12 (import "com.apple.corefoundation.sb")
  13 (corefoundation)
  14
  15 (allow distributed-notification-post)
  16
  17 (allow process-info* (target self))
  18 (allow process-info-codesignature)
  19
  20 (allow file-read-metadata)
  21
  22 (allow file-read* file-write*
  23     (home-subpath "/Library/Keychains/"))
  24
  25 (allow mach-lookup
  26     (global-name "com.apple.cloudd")
  27     (global-name "com.apple.apsd")
  28     (global-name "com.apple.securityd.xpc")
  29     (global-name "com.apple.security.sfkeychainserver")
  30     (global-name "com.apple.SecurityServer")
  31     (global-name "com.apple.lsd.mapdb")
  32 )
  33
  34 (allow user-preference-read
  35     (preference-domain "kCFPreferencesAnyApplication")
  36 )
  37
  38 (allow file-read* file-write*
  39     (subpath "/private/var/db/mds/")
  40     (subpath "/Library/Keychains/")
  41 )