]> git.saurik.com Git - apple/security.git/blobdiff - OSX/lib/framework.sb
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-59306.61.1.tar.gz
[apple/security.git] / OSX / lib / framework.sb
diff --git a/OSX/lib/framework.sb b/OSX/lib/framework.sb
index 7fa76f2d65e29a159ce828bc801a3ecc7380c15b..e37bf7c47def841913609503094eb5d8198ec524 100644 (file)
--- a/OSX/lib/framework.sb
+++ b/OSX/lib/framework.sb
@@ -1,7 +1,11 @@
 ;; allow clients to communicate with secd
 (allow mach-lookup (global-name "com.apple.secd"))
 ;; allow clients to communicate with coreauthd
 ;; allow clients to communicate with secd
 (allow mach-lookup (global-name "com.apple.secd"))
 ;; allow clients to communicate with coreauthd
-(allow mach-lookup (global-name "com.apple.CoreAuthentication.daemon.libxpc"))
-(allow mach-lookup (global-name "com.apple.CoreAuthentication.agent.libxpc"))
+(allow mach-lookup (global-name "com.apple.CoreAuthentication.daemon"))
+(allow mach-lookup (global-name "com.apple.CoreAuthentication.agent"))
 ;; allow clients to communicate with ctkd
 (allow mach-lookup (global-name "com.apple.ctkd.token-client"))
 ;; allow clients to communicate with ctkd
 (allow mach-lookup (global-name "com.apple.ctkd.token-client"))
+
+;; On internal builds, allow clients to read the AMFITrustedKeys NVRAM variable
+(with-filter (system-attribute apple-internal)
+    (allow nvram-get (nvram-variable "AMFITrustedKeys")))
mirror of Security