com.apple.notifyd.sb [plain text]
;; Copyright (c) 2015 Apple Inc. All Rights reserved.
;;
;; WARNING: The sandbox rules in this file currently constitute
;; Apple System Private Interface and are subject to change at any time and
;; without notice.
;;
(version 1)
(deny default)
(import "system.sb")
;; Allow files to be read
(allow file-read*)
;; Allow debug status files to be written
(allow file-write*
(regex #"^/private/var/run/notifyd")
)
;; Allow UNIX signals
(allow signal)
;; Allow shared memory
(allow ipc-posix-shm)