]> git.saurik.com Git - apple/security.git/blobdiff - keychain/KeychainStasher/com.apple.security.KeychainStasher.sb
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-59754.41.1.tar.gz
[apple/security.git] / keychain / KeychainStasher / com.apple.security.KeychainStasher.sb
diff --git a/keychain/KeychainStasher/com.apple.security.KeychainStasher.sb b/keychain/KeychainStasher/com.apple.security.KeychainStasher.sb
new file mode 100644 (file)
index 0000000..5c86637
--- /dev/null
+++ b/keychain/KeychainStasher/com.apple.security.KeychainStasher.sb
@@ -0,0 +1,22 @@
+(version 1)
+
+(deny default)
+(deny file-map-executable process-info* nvram*)
+(deny dynamic-code-generation)
+
+(import "system.sb")
+(import "com.apple.corefoundation.sb")
+(corefoundation)
+
+(allow process-info-dirtycontrol (target self))
+
+(allow mach-lookup (global-name "com.apple.securityd.xpc"))
+
+(allow file-read-metadata)
+
+(if (param "ANALYTICSDIR")
+    (allow file-read* file-write* (subpath (param "ANALYTICSDIR"))))
+
+(allow file-read* (subpath "/usr/libexec"))
+
+(allow user-preference-read (preference-domain "kCFPreferencesAnyApplication"))
mirror of Security