com.apple.security.KeychainStasher.sb   [plain text]

(version 1)

(deny default)
(deny file-map-executable process-info* nvram*)
(deny dynamic-code-generation)

(import "system.sb")
(import "com.apple.corefoundation.sb")
(corefoundation)

(allow process-info-dirtycontrol (target self))

(allow mach-lookup (global-name "com.apple.securityd.xpc"))

(allow file-read-metadata)

(if (param "ANALYTICSDIR")
    (allow file-read* file-write* (subpath (param "ANALYTICSDIR"))))

(allow file-read* (subpath "/usr/libexec"))

(allow user-preference-read (preference-domain "kCFPreferencesAnyApplication"))