;;
;; Speech Recognition broker daemon - sandbox profile
;; Copyright (c) 2013-2014 Apple Inc. All Rights reserved.
;;
;; WARNING: The sandbox rules in this file currently constitute
;; Apple System Private Interface and are subject to change at any time and
;; without notice. The contents of this file are also auto-generated and not
;; user editable; it may be overwritten at any time.
;;

(version 1)
(deny default)
(import "system.sb")
(import "com.apple.corefoundation.sb")
(corefoundation)
    

;;; Home Directory
(define (home-subpath home-relative-subpath)
    (subpath (string-append (param "_HOME") home-relative-subpath)))
(define (home-literal home-relative-literal)
    (literal (string-append (param "_HOME") home-relative-literal)))
(define (home-regex home-relative-regex)
    (regex (string-append "^" (regex-quote (param "_HOME")) home-relative-regex)))
    
(allow user-preference-read
    (preference-domain "com.apple.SpeechRecognitionCore")
    (preference-domain "com.apple.SpeechRecognitionCore.Vocabulary")
    (preference-domain "com.apple.speech.recognition.AppleSpeechRecognition.prefs"))
    
(allow user-preference-write
    (preference-domain "com.apple.SpeechRecognitionCore.Vocabulary"))
    
(allow mach-lookup
        (global-name "com.apple.SpeechRecognitionCore.speechrecognitiond")
        (global-name "com.apple.coreservices.launchservicesd")
        (global-name "com.apple.mobileassetd.v2")
        (global-name "com.apple.windowserver.active")
        (global-name "com.apple.distributed_notifications@1v3")
        (global-name "com.apple.distributed_notifications@Uv3")
        (global-name "com.apple.DictationIM.feedback")
        (global-name "com.apple.triald.namespace-management")
        (global-name "com.apple.syncdefaultsd")
        (global-name "com.apple.kvsd"))

(allow file-read*
    (home-literal "/Library/Preferences/com.apple.SpeechRecognitionCore.plist")
    (home-literal "/Library/Preferences/com.apple.SpeechRecognitionCore.Vocabulary.plist")
    (home-literal "/Library/Preferences/.GlobalPreferences.plist")
    (home-regex #"/Library/Preferences/ByHost/\.GlobalPreferences\.")
    (literal "/Library/Preferences/.GlobalPreferences.plist"))

(allow file-read* file-write* file-read-metadata
    (home-subpath "/Library/Caches/com.apple.SpeechRecognitionCore"))

;; Allow read-only access to $HOME/Library/Trial
(allow file-read*
    (home-subpath "/Library/Trial"))
    
(allow file-read-metadata
   (home-subpath "/"))