;;; Copyright (c) 2022-2025 Apple Inc.  All Rights reserved.
;;;
;;; WARNING: The sandbox rules in this file currently constitute
;;; Apple System Private Interface and are subject to change at any time and
;;; without notice.
;;;
(version 1)
(import "system.sb")
(disable-full-symbolication)
(deny default)
(deny file-map-executable process-info* process-info-codesignature nvram* dynamic-code-generation darwin-notification-post iokit-get-properties syscall* socket-ioctl fs-snapshot*)
(deny syscall-unix (with partial-symbolication))
(allow syscall-unix
    (syscall-number SYS_abort_with_payload)
    (syscall-number SYS_exit)
    (syscall-number SYS_kdebug_trace64)
    (syscall-group-kevent)
    (syscall-number SYS_socket)
    (syscall-number SYS_getattrlist)
    (syscall-number SYS_sigsuspend_nocancel)
    (syscall-number SYS_workq_kernreturn)
    (syscall-group-bsdthread)
    (syscall-group-pthread-cv)
    (syscall-group-ulock)
    (syscall-number SYS___disable_threadsignal)
    (syscall-number SYS___pthread_kill)
    (syscall-number SYS___pthread_sigmask)
    (syscall-number SYS___semwait_signal)
    (syscall-number SYS___semwait_signal_nocancel)
    (syscall-number SYS_getrlimit)
    (syscall-number SYS_sigaction)
    (syscall-number SYS_sigprocmask)
    (syscall-number SYS_thread_selfid)
    (syscall-number SYS_gettimeofday)
    (syscall-number SYS_issetugid)
    (syscall-number SYS_open_nocancel)
    (syscall-number SYS_connect)
    (syscall-number SYS_getgid)
    (syscall-number SYS_getuid)
    (syscall-number SYS_sendmsg_x)
    (syscall-number SYS_sendto)
    (syscall-number SYS_shm_open)
    (syscall-number SYS_access)
    (syscall-number SYS_getrusage)
    (syscall-number SYS_madvise)
    (syscall-number SYS_getaudit_addr)
    (syscall-number SYS_mmap)
    (syscall-number SYS_munmap)
    (syscall-number SYS___mac_syscall)
    (syscall-number SYS_kdebug_trace_string)
    (syscall-number SYS_mprotect)
    (syscall-number SYS_getegid)
    (syscall-number SYS_geteuid)
    (syscall-number SYS_fstat64)
    (syscall-number SYS_lseek)
    (syscall-group-read)
    (syscall-group-write)
    (syscall-number SYS_lstat64)
    (syscall-number SYS_stat64)
    (syscall-number SYS_fstatfs64)
    (syscall-number SYS_mkdir)
    (syscall-number SYS_getdirentries64)
    (syscall-number SYS_fcntl)
    (syscall-number SYS_csrctl)
    (syscall-number SYS_getentropy)
    (syscall-number SYS_statfs64)
    (syscall-number SYS_flock)
    (syscall-number SYS_fsetxattr)
    (syscall-number SYS_ftruncate)
    (syscall-number SYS_rename)
    (syscall-number SYS_setrlimit)
    (syscall-number SYS_mkdirat)
    (syscall-number SYS_guarded_open_np)
    (syscall-number SYS_necp_open)
    (syscall-number SYS_necp_client_action)
    (syscall-number SYS_fcntl_nocancel)
    (syscall-number SYS_setsockopt)
    (syscall-number SYS_fstatat64)
    (syscall-number SYS_guarded_close_np)
    (syscall-number SYS_change_fdguard_np)
    (syscall-number SYS_sendto_nocancel)
    (syscall-number SYS_getsockopt)
    (syscall-number SYS_select_nocancel)
    (syscall-number SYS_recvfrom_nocancel)
    (syscall-number SYS_socketpair)
    (syscall-number SYS_sendmsg_nocancel)
    (syscall-number SYS_shutdown)
    (syscall-number SYS_sendmsg)
    (syscall-number SYS_recvmsg)
    (syscall-number SYS_getsockname)
    (syscall-number SYS_recvfrom)
    (syscall-number SYS_fsync)
    (syscall-number SYS_readlink)
    (syscall-number SYS_rmdir)
    (syscall-number SYS_getattrlistbulk)
    (syscall-number SYS_getxattr)
    (syscall-number SYS_unlink)
    (syscall-number SYS_audit_session_self)
    (syscall-number SYS_fsgetpath)
    (syscall-number SYS_gettid)
)
(deny syscall-mach (with partial-symbolication))
(allow syscall-mach
    (machtrap-number MSC__kernelrpc_mach_port_allocate_trap)
    (machtrap-number MSC__kernelrpc_mach_port_construct_trap)
    (machtrap-number MSC__kernelrpc_mach_port_deallocate_trap)
    (machtrap-number MSC__kernelrpc_mach_port_destruct_trap)
    (machtrap-number MSC__kernelrpc_mach_port_extract_member_trap)
    (machtrap-number MSC__kernelrpc_mach_port_get_attributes_trap)
    (machtrap-number MSC__kernelrpc_mach_port_guard_trap)
    (machtrap-number MSC__kernelrpc_mach_port_insert_member_trap)
    (machtrap-number MSC__kernelrpc_mach_port_insert_right_trap)
    (machtrap-number MSC__kernelrpc_mach_port_mod_refs_trap)
    (machtrap-number MSC__kernelrpc_mach_port_request_notification_trap)
    (machtrap-number MSC__kernelrpc_mach_port_type_trap)
    (machtrap-number MSC__kernelrpc_mach_vm_allocate_trap)
    (machtrap-number MSC__kernelrpc_mach_vm_deallocate_trap)
    (machtrap-number MSC__kernelrpc_mach_vm_map_trap)
    (machtrap-number MSC__kernelrpc_mach_vm_protect_trap)
    (machtrap-number MSC__kernelrpc_mach_vm_purgable_control_trap)
    (machtrap-number MSC_host_create_mach_voucher_trap)
    (machtrap-number MSC_host_self_trap)
    (machtrap-number MSC_mach_generate_activity_id)
    (machtrap-number MSC_mach_msg_overwrite_trap)
    (machtrap-number MSC_mach_msg_trap)
    (machtrap-number MSC_mach_msg2_trap)
    (machtrap-number MSC_mach_reply_port)
    (machtrap-number MSC_mach_vm_reclaim_update_kernel_accounting_trap)
    (machtrap-number MSC_mach_voucher_extract_attr_recipe_trap)
    (machtrap-number MSC_mk_timer_arm_leeway)
    (machtrap-number MSC_mk_timer_arm)
    (machtrap-number MSC_mk_timer_cancel)
    (machtrap-number MSC_mk_timer_create)
    (machtrap-number MSC_mk_timer_destroy)
    (machtrap-number MSC_pid_for_task)
    (machtrap-number MSC_semaphore_signal_trap)
    (machtrap-number MSC_semaphore_timedwait_trap)
    (machtrap-number MSC_semaphore_wait_trap)
    (machtrap-number MSC_swtch_pri)
    (machtrap-number MSC_syscall_thread_switch)
    (machtrap-number MSC_task_name_for_pid)
    (machtrap-number MSC_task_self_trap)
    (machtrap-number MSC_thread_get_special_reply_port)
    (machtrap-number MSC_thread_self_trap)
)
(allow process-info-codesignature)
(allow process-info-dirtycontrol (target self))
(allow process-info-setcontrol (target self))
(allow process-info-pidinfo)
(deny mach-lookup (xpc-service-name-prefix ""))
(allow mach-lookup
    (global-name "com.apple.AppSSO.service-xpc")
    (global-name "com.apple.AssetCacheLocatorService")
    (global-name "com.apple.CARenderServer")
    (global-name "com.apple.MTLCompilerService")
    (global-name "com.apple.RosettaUpdateService")
    (global-name "com.apple.SecurityServer")
    (global-name "com.apple.ViewBridgeAuxiliary")
    (global-name "com.apple.authd")
    (global-name "com.apple.coreservices.launchservicesd")
    (global-name "com.apple.cvmsServ")
    (global-name "com.apple.dock.fullscreen")
    (global-name "com.apple.hiservices-xpcservice")
    (global-name "com.apple.inputmethodkit.getxpcendpoint")
    (global-name "com.apple.inputmethodkit.launchagent")
    (global-name "com.apple.inputmethodkit.launcher")
    (global-name "com.apple.installd")
    (global-name "com.apple.iohideventsystem")
    (global-name "com.apple.metadata.mds")
    (global-name "com.apple.pasteboard.1")
    (global-name "com.apple.pbs.fetch_services")
    (global-name "com.apple.securityd.xpc")
    (global-name "com.apple.system_installd")
    (global-name "com.apple.tccd.system")
    (global-name "com.apple.tsm.uiserver")
    (global-name "com.apple.usymptomsd")
    (global-name "com.apple.windowmanager.server")
    (global-name "com.apple.windowserver.active")
)
(allow ipc-posix-shm-read-data ipc-posix-shm-write-create ipc-posix-shm-write-data
    (ipc-posix-name "com.apple.AppleDatabaseChanged")
)
(allow file-read-metadata
    (path-ancestors (param "INSTALL_TMP_DIR"))
    (path-ancestors "/private/var/db/mds")
)
(allow file-read* file-write*
    (subpath (param "INSTALL_TMP_DIR"))
    (subpath "/private/var/db/mds")
)
(allow file-read*
    (subpath "/Library/Updates/Rosetta")
    (literal "/Library/Preferences/com.apple.ViewBridge.plist")
    (literal "/Library/Preferences/com.apple.networkd.plist")
    (literal "/Library/Preferences/com.apple.security.plist")
    (literal "/private/var/db/nsurlstoraged/dafsaData.bin")
)
(allow mach-bootstrap
    (apply-message-filter (with report)
        (deny mach-message-send (with partial-symbolication))
        (allow mach-message-send (message-number
            204
            207
            301
            800
            802
            803
            804
            805
            )
         )
    )
)
(deny syscall-mig (with partial-symbolication))
(allow syscall-mig
    (kernel-mig-routine _mach_make_memory_entry)
    (kernel-mig-routine clock_get_time)
    (kernel-mig-routine host_get_io_master)
    (kernel-mig-routine host_info)
    (kernel-mig-routine host_request_notification)
    (kernel-mig-routine io_connect_async_method)
    (kernel-mig-routine io_connect_get_service)
    (kernel-mig-routine io_connect_method_var_output)
    (kernel-mig-routine io_connect_method)
    (kernel-mig-routine io_connect_set_notification_port_64)
    (kernel-mig-routine io_iterator_next)
    (kernel-mig-routine io_object_conforms_to)
    (kernel-mig-routine io_registry_entry_create_iterator)
    (kernel-mig-routine io_registry_entry_from_path)
    (kernel-mig-routine io_registry_entry_get_child_iterator)
    (kernel-mig-routine io_registry_entry_get_parent_iterator)
    (kernel-mig-routine io_registry_entry_get_properties_bin_buf)
    (kernel-mig-routine io_registry_entry_get_property_bin_buf)
    (kernel-mig-routine io_registry_entry_get_registry_entry_id)
    (kernel-mig-routine io_service_add_interest_notification_64)
    (kernel-mig-routine io_service_add_notification_bin_64)
    (kernel-mig-routine io_service_close)
    (kernel-mig-routine io_service_get_matching_service_bin)
    (kernel-mig-routine io_service_get_matching_services_bin)
    (kernel-mig-routine io_service_open_extended)
    (kernel-mig-routine mach_exception_raise)
    (kernel-mig-routine mach_port_get_context_from_user)
    (kernel-mig-routine mach_port_is_connection_for_service)
    (kernel-mig-routine mach_port_request_notification)
    (kernel-mig-routine mach_port_set_attributes)
    (kernel-mig-routine mach_vm_copy)
    (kernel-mig-routine mach_vm_deferred_reclamation_buffer_flush)
    (kernel-mig-routine mach_vm_deferred_reclamation_buffer_resize)
    (kernel-mig-routine mach_vm_map_external)
    (kernel-mig-routine mach_vm_region)
    (kernel-mig-routine mach_vm_remap_external)
    (kernel-mig-routine mach_voucher_attr_command)
    (kernel-mig-routine semaphore_create)
    (kernel-mig-routine semaphore_destroy)
    (kernel-mig-routine task_get_special_port_from_user)
    (kernel-mig-routine task_info_from_user)
    (kernel-mig-routine task_restartable_ranges_synchronize)
    (kernel-mig-routine thread_info)
    (kernel-mig-routine thread_resume)
    (kernel-mig-routine thread_suspend)
)
(allow network-outbound)
(allow socket-ioctl)
(allow system-socket
    (socket-domain AF_SYSTEM)
)
(system-network)
(allow user-preference-read
    (preference-domain "com.apple.AppleMultitouchTrackpad")
    (preference-domain "com.apple.HIToolbox")
    (preference-domain "com.apple.SoftwareUpdate")
    (preference-domain "com.apple.security")
    (preference-domain "kCFPreferencesAnyApplication")
    (preference-domain "pbs")
)
(allow nvram-get
    (nvram-variable "OAHSUCatalogOverride")
    (nvram-variable "OAHSUStagedUpdatesOnly")
)
(allow authorization-right-obtain
    (right-name "system.install.app-store-software")
    (right-name "system.install.app-store-software.standard-user")
    (right-name "system.install.apple-config-data")
    (right-name "system.install.apple-software")
    (right-name "system.install.apple-software.standard-user")
    (right-name "system.install.software")
    (right-name "system.install.software.iap")
    (right-name "system.install.software.mdm-provided")
)
(allow iokit-get-properties)
(allow iokit-open-user-client
    (iokit-user-client-class "AGXDeviceUserClient")
    (iokit-user-client-class "IOSurfaceRootUserClient")
)