X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/lib/framework.sb

diff --git a/OSX/lib/framework.sb b/OSX/lib/framework.sb
index 74907d8d..e37bf7c4 100644
--- a/OSX/lib/framework.sb
+++ b/OSX/lib/framework.sb
@@ -1,4 +1,11 @@
 ;; allow clients to communicate with secd
 (allow mach-lookup (global-name "com.apple.secd"))
 ;; allow clients to communicate with coreauthd
-(allow mach-lookup (global-name "com.apple.CoreAuthentication.daemon.libxpc"))
+(allow mach-lookup (global-name "com.apple.CoreAuthentication.daemon"))
+(allow mach-lookup (global-name "com.apple.CoreAuthentication.agent"))
+;; allow clients to communicate with ctkd
+(allow mach-lookup (global-name "com.apple.ctkd.token-client"))
+
+;; On internal builds, allow clients to read the AMFITrustedKeys NVRAM variable
+(with-filter (system-attribute apple-internal)
+    (allow nvram-get (nvram-variable "AMFITrustedKeys")))