X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/fa7225c82381bac4432a6edf16f53b5370238d85..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/lib/framework.sb?ds=sidebyside

diff --git a/OSX/lib/framework.sb b/OSX/lib/framework.sb
index 7fa76f2d..e37bf7c4 100644
--- a/OSX/lib/framework.sb
+++ b/OSX/lib/framework.sb
@@ -1,7 +1,11 @@
 ;; allow clients to communicate with secd
 (allow mach-lookup (global-name "com.apple.secd"))
 ;; allow clients to communicate with coreauthd
-(allow mach-lookup (global-name "com.apple.CoreAuthentication.daemon.libxpc"))
-(allow mach-lookup (global-name "com.apple.CoreAuthentication.agent.libxpc"))
+(allow mach-lookup (global-name "com.apple.CoreAuthentication.daemon"))
+(allow mach-lookup (global-name "com.apple.CoreAuthentication.agent"))
 ;; allow clients to communicate with ctkd
 (allow mach-lookup (global-name "com.apple.ctkd.token-client"))
+
+;; On internal builds, allow clients to read the AMFITrustedKeys NVRAM variable
+(with-filter (system-attribute apple-internal)
+    (allow nvram-get (nvram-variable "AMFITrustedKeys")))