;;;;;; Copyright 2016 Apple Inc. All rights reserved. ;;;;;; ;;;;;; Sandbox profile for /usr/libexec/captiveagent (version 1) (deny default) (import "system.sb") (system-network) (allow file-read* (literal "/usr/libexec") (literal "/usr/libexec/captiveagent") (literal "/Library/Keychains/System.keychain") (literal "/Library/Preferences/com.apple.security.plist") (literal "/Library/Preferences/.GlobalPreferences.plist") (regex #"^/private/var/folders/[^/]+/[^/]+/C/mds/mdsDirectory\.db$") (regex #"^/private/var/folders/[^/]+/[^/]+/C/mds/mdsObject\.db$") (regex #"^/private/var/folders/[^/]+/[^/]+/C/mds/mds\.lock$") (literal "/private/var/db/mds/messages/se_SecurityMessages") (literal "/private/var/db/mds/system/mdsDirectory.db") (literal "/private/var/db/mds/system/mdsObject.db")) (allow file-write* (regex #"^/private/var/folders/[^/]+/[^/]+/C/mds/mdsDirectory\.db$") (regex #"^/private/var/folders/[^/]+/[^/]+/C/mds/mdsDirectory\.db_$") (regex #"^/private/var/folders/[^/]+/[^/]+/C/mds/mdsObject\.db$") (regex #"^/private/var/folders/[^/]+/[^/]+/C/mds/mdsObject\.db_$") (regex #"^/private/var/folders/[^/]+/[^/]+/C/mds/mds\.lock$") (regex #"^/private/var/.*")) (allow ipc-posix-shm-read-data (ipc-posix-name "com.apple.AppleDatabaseChanged")) (allow ipc-posix-shm-write-data (ipc-posix-name "com.apple.AppleDatabaseChanged")) (allow file-read-metadata) (allow network-outbound) (allow mach-register (global-name "com.apple.captiveagent")) (allow mach-lookup (global-name "com.apple.SystemConfiguration.configd") (global-name "com.apple.system.logger") (global-name "com.apple.distributed_notifications@1v3") (global-name "com.apple.distributed_notifications@Uv3") (global-name "com.apple.system.notification_center") (global-name "com.apple.CoreServices.coreservicesd") (global-name "com.apple.securityd.xpc") (global-name "com.apple.cfnetwork.cfnetworkagent") (global-name "com.apple.NetworkDiagnostic.agent") (global-name "com.apple.WebKit.PluginAgent") (global-name "com.apple.SecurityServer") (global-name "com.apple.TrustEvaluationAgent") (global-name "com.apple.ocspd") (global-name "com.apple.nehelper"))