com.apple.authd.sb [plain text]
(version 1)
(deny default)
(import "system.sb")
(allow file-ioctl
(literal "/dev/auditsessions"))
(allow file-read*)
(allow file-read* file-write*
(regex #"^/private/var/db/auth\.db.*$")
(literal "/private/var/db/mds/system/mds.lock")
(subpath (param "TMP_DIR")))
(allow network-outbound
(literal "/private/var/run/systemkeychaincheck.socket"))
(allow mach-lookup
(global-name "com.apple.CoreAuthentication.agent")
(global-name "com.apple.CoreAuthentication.daemon")
(global-name "com.apple.CoreServices.coreservicesd")
(global-name "com.apple.PowerManagement.control")
(global-name "com.apple.security.agent")
(global-name "com.apple.security.agent.login")
(global-name "com.apple.security.authhost")
(global-name "com.apple.SecurityServer")
(global-name "com.apple.system.opendirectoryd.api")
(global-name "com.apple.ocspd")
(global-name "com.apple.DiskArbitration.diskarbitrationd")
(global-name "com.apple.diskmanagementd"))
(allow ipc-posix-shm
(ipc-posix-name "apple.shm.notification_center")
(ipc-posix-name "com.apple.AppleDatabaseChanged"))
(allow mach-priv-host-port)
(allow user-preference-read
(preference-domain "kCFPreferencesAnyApplication")
(preference-domain "com.apple.authd"))
(allow system-audit system-sched)
(allow iokit-open
(iokit-user-client-class "AppleAPFSUserClient")
(iokit-user-client-class "AppleKeyStoreUserClient"))