;;;;;; Sandbox profile for com.apple.AirPlayXPCHelper ;;;;;; ;;;;;; Copyright (c) 2015 Apple Inc. All Rights reserved. ;;;;;; ;;;;;; WARNING: The sandbox rules in this file currently constitute ;;;;;; Apple System Private Interface and are subject to change at any time and ;;;;;; without notice. The contents of this file are also auto-generated and ;;;;;; not user editable; it may be overwritten at any time. (version 1) (deny default) (import "system.sb") (system-graphics) (import "com.apple.corefoundation.sb") ;;; initialize CF sandbox actions (corefoundation) (system-network) (allow network-outbound (literal "/private/var/run/mDNSResponder") (control-name "com.apple.network.statistics") (control-name "com.apple.netsrc") (remote ip)) (allow network-inbound ) (allow network-bind (remote ip)) (allow file-read-metadata) ;;; allow reading files for which we have a read-only app-sandbox extension (allow file-read* (extension "com.apple.app-sandbox.read")) ;;; allow writing of files for which we have an extension (allow file-read* file-write* (extension "com.apple.app-sandbox.read-write")) ;;; Temp Directory for AirPlayXPCHelper (allow file-read* file-write* (subpath (param "TMPDIR") ) ) (allow file-read* (literal "/dev") (literal "/usr/libexec") (literal "/usr/local/bin") (literal "/usr/local/bin/CADebug") (literal "/private/var/root/Library/Logs/awdd/awd-AirPlayXPCHelper.log") (literal "/private/etc/hosts") (subpath "/Library/Video/Plug-Ins") (subpath "/Library/Audio/Plug-Ins/HAL") (subpath "/private/var/db/mds/system") (subpath "/usr/libexec/AirPlayXPCHelper") (subpath "/private/var/root/Library/Caches/com.apple.airplay") (subpath "/private/var/root/Library/Caches/com.apple.CUBonjourCache") (regex #"^/private/var/folders/[^/]+/[^/]+/[A-Z]/TemporaryItems(/|$)") ) (allow file-write* (literal "/private/var/db/mds/system/mds.lock") (literal "/private/var/root/Library/Logs/awdd/awd-AirPlayXPCHelper.log") (subpath "/private/tmp") (subpath "/private/var/root/Library/Caches") (subpath "/private/var/root/Library/Caches/com.apple.airplay") (subpath "/private/var/root/Library/Caches/com.apple.CUBonjourCache") (regex #"^/private/var/folders/[^/]+/[^/]+/[A-Z]/TemporaryItems(/|$)") ) (allow iokit-open (iokit-user-client-class "IOAudioControlUserClient") (iokit-user-client-class "IOAudioEngineUserClient") (iokit-user-client-class "IOAudio2DeviceUserClient") (iokit-user-client-class "RootDomainUserClient") (iokit-user-client-class "IOReportUserClient") (iokit-user-client-class "IOTimeSyncUserClient") (iokit-user-client-class "IOTimeSyncClockManagerUserClient") (iokit-user-client-class "IOTimeSyncgPTPManagerUserClient") (iokit-user-client-class "IOTimeSyncDomainUserClient") (iokit-user-client-class "IOTimeSyncNetworkPortUserClient") (iokit-user-client-class "IOUSBDeviceUserClientV2") (iokit-user-client-class "IOUSBInterfaceUserClientV2") (iokit-user-client-class "AppleKeyStoreUserClient") (iokit-user-client-class "AppleVideoToolboxParavirtualizationUserClient") (iokit-user-client-class "IOUserUserClient") (iokit-user-client-class "IO80211APIUserClient") (iokit-user-client-class "IOMobileFramebufferUserClient") ) (allow iokit-set-properties (iokit-property "AuthenticationAttempted") (iokit-property "ClassOfDevice") (iokit-property "OpenConnectionAuthenticationRequired") ) (allow mach-lookup (global-name "com.apple.SecurityServer") (global-name "com.apple.SystemConfiguration.DNSConfiguration") (global-name "com.apple.SystemConfiguration.configd") (global-name "com.apple.metadata.mds") (global-name "com.apple.ocspd") (global-name "com.apple.pluginkit.pkd") (global-name "com.apple.spindump") (global-name "com.apple.PairingManager") (global-name "com.apple.analyticsd") (global-name "com.apple.PowerManagement.control") (global-name "com.apple.powerlog.plxpclogger.xpc") (global-name "com.apple.audio.audiohald") (global-name "com.apple.audio.AudioComponentRegistrar") (global-name "com.apple.audio.driver-registrar") (global-name "com.apple.windowserver.active") (global-name "com.apple.AirPlayXPCHelper") (global-name "com.apple.coremedia.endpoint.xpc") (global-name "com.apple.coremedia.endpointstream.xpc") (global-name "com.apple.coremedia.endpointstreamaudioengine.xpc") (global-name "com.apple.coremedia.samplebufferconsumer.xpc") (global-name "com.apple.coremedia.bufferedairplayglobalroutingregistry.xpc") (global-name "com.apple.coremedia.endpointplaybacksession.xpc") (global-name "com.apple.coremedia.endpointpicker.xpc") (global-name "com.apple.coremedia.endpointmanager.xpc") (global-name "com.apple.AirPlayAgent.xpc") (global-name "com.apple.AirPlayUIAgent.xpc") (global-name "com.apple.coremedia.virtualdisplaycg") (global-name "com.apple.airplay.agent.services") (global-name "com.apple.CompanionLink") (global-name "com.apple.coresymbolicationd") (global-name "com.apple.awdd") (global-name "com.apple.SharingServices") (global-name "com.apple.bluetooth.xpc") (global-name "com.apple.bluetoothd") (global-name "com.apple.bluetoothaudiod") (global-name "com.apple.BluetoothDOServer") (global-name "com.apple.server.bluetooth") (global-name "com.apple.server.bluetooth.le.att.xpc") (global-name "com.apple.server.bluetooth.classic.xpc") (global-name "com.apple.server.bluetooth.general.xpc") (global-name "com.apple.airportd") (global-name "com.apple.rtcreportingd") (global-name "com.apple.mediaremoted.xpc") (global-name "com.apple.distributed_notifications@1v3") (global-name "com.apple.distributed_notifications@Uv3") (global-name "com.apple.runningboard") (global-name "com.apple.remoted") ;; Required for SameAccount discovery and SnapInSnapOutManager (global-name "com.apple.rapport") (global-name "com.apple.wifip2pd") (global-name "com.apple.private.corewifi-xpc") ;;; Required to query macOS firewall state before attempting connections. (global-name "com.apple.ALF.ApplicationFirewall.message") (global-name "com.apple.timesync.expositor") (global-name "com.apple.timesync.manager") (global-name "com.apple.timesync.ptp.manager") ;; Required for SnapInSnapOutManager (global-name "com.apple.nearbyd.xpc.nearbyinteraction") ) ;; ;; Preferences ;; (allow file-read* (literal "/private/var/root/Library/Preferences/.GlobalPreferences.plist") (literal "/Library/Preferences/.GlobalPreferences.plist") (literal "/Library/Preferences/com.apple.security.plist") (literal "/Library/Preferences/com.apple.Bluetooth.plist") (literal "/Library/Preferences/com.apple.alf.plist") (literal "/Library/Preferences/SystemConfiguration/preferences.plist") (regex #"^/private/var/root/Library/Preferences/ByHost/\.GlobalPreferences\..*\.plist$") ) (allow user-preference-read (preference-domain "com.apple.airplay") (preference-domain "com.apple.coremedia") (preference-domain "com.apple.security") (preference-domain "com.apple.Bluetooth") (preference-domain "com.apple.alf") (preference-domain "com.apple.mediaremote") (preference-domain "com.apple.VideoConference") (preference-domain "com.apple.VideoProcessing") ) (allow user-preference-write (preference-domain "com.apple.airplay") ) (allow ipc-posix-shm-read-data (ipc-posix-name-regex #"^/tmp/com\.apple\.csseed\.[0-9]+$") (ipc-posix-name "FNetwork.defaultStorageSession") (ipc-posix-name "com.apple.AppleDatabaseChanged") (ipc-posix-name-regex #"^AudioIO[0-9A-F]+$") ) (allow ipc-posix-shm-write-data (ipc-posix-name "com.apple.AppleDatabaseChanged") (ipc-posix-name-regex #"^AudioIO[0-9A-F]+$") ) (allow ipc-posix-shm-read-metadata (ipc-posix-name-regex #"^AudioIO[0-9A-F]+$") ) (allow system-socket)