(version 1)
(deny default)

(import "system.sb")
(import "com.apple.CodeSigningHelper.sb")

(allow file*
       (literal "/private/var/db/mds/system/mds.lock")
       (literal "/dev/dtracehelper"))

(allow file-read* file-write*
       (regex #"^/private/var/db/auth\.db.*$")
       (subpath "/private/var/folders"))

(allow file-read*
       (subpath "/System")
       (subpath "/usr/share")
       (subpath "/Library/Video/Plug-Ins")
       (subpath "/Library/Video/Professional Video Workflow Plug-Ins"))

(allow file-read-metadata)

(allow mach-lookup
       (global-name "com.apple.coreservices.launchservicesd")
       (global-name "com.apple.ocspd")
       (global-name "com.apple.CoreServices.coreservicesd")
       (global-name "com.apple.windowserver.active")
       (global-name "com.apple.SecurityServer")
       (global-name "com.apple.remoted")
       (global-name "com.apple.powerlog.plxpclogger.xpc"))

(system-graphics)
       
(allow ipc-posix-shm 
		(ipc-posix-name "apple.shm.notification_center")
		(ipc-posix-name "com.apple.AppleDatabaseChanged"))

(allow iokit-open-service
		(iokit-registry-entry-class "AppleJPEGDriver"))

(allow iokit-open
		(iokit-user-client-class "com_apple_AVEBridgeUserClient")
		(iokit-user-client-class "AppleProResUserClient")
		(iokit-user-client-class "AppleJPEGDriverUserClient")
		(iokit-user-client-class "AppleAVE2UserClient")
		(iokit-user-client-class "AppleVideoToolboxParavirtualizationUserClient"))