(version 1) (deny default) (import "system.sb") (import "com.apple.corefoundation.sb") (corefoundation) (deny mach-task-special-port*) (allow process-info-pidinfo (target self)) (allow file-read-metadata) (allow file-test-existence) (allow user-preference-read (preference-domain "com.apple.gputoolsserviced")) (allow user-preference-read (preference-domain "kCFPreferencesAnyApplication")) (allow process-info-codesignature) (allow lsopen) (allow mach-lookup (global-name "com.apple.coreservices.quarantine-resolver")) (allow file-read* (regex (string-append "^" (param "MTLREPLAYER_DIR_REGEX") "$"))) (allow mach-task-read) (allow process-info-pidinfo) (allow mach-lookup (global-name "com.apple.CoreServices.coreservicesd") (global-name "com.apple.coresymbolicationd") (global-name "com.apple.distributed_notifications@Uv3") (global-name "com.apple.lsd.mapdb") (global-name "com.apple.tccd") (global-name "com.apple.tccd.system") (global-name "com.apple.windowserver.active")) (allow iokit-open-service (iokit-registry-entry-class "IOSurfaceRoot")) (allow iokit-open-user-client (iokit-user-client-class "IOSurfaceRootUserClient")) (allow iokit-get-properties (iokit-property "IOClassNameOverride")) (allow iokit-get-properties (iokit-property "local-mac-address" "udid-version" "IOPlatformSerialNumber" "mac-address-wifi0" "ean-storage-present" "property:syscfg-v2-data" "AppleDiagnosticDataSysCfg" "Product Name" "IORegistryEntryPropertyKeys" "unique-chip-id" "chip-id")) (allow iokit-open-service (iokit-registry-entry-class-prefix "AGX" "AGPM")) (allow iokit-open-user-client (iokit-user-client-class "AGXDeviceUserClient")) (allow iokit-open-service (iokit-registry-entry-class "IntelAccelerator")) (allow iokit-open-user-client (iokit-user-client-class "IGAccelDevice" "IGAccelSharedUserClient" "AGPMClient" "IGAccelCommandQueue")) (allow iokit-open-service (iokit-registry-entry-class-prefix "AMDRadeon")) (allow iokit-open-user-client (iokit-user-client-class-regex "*_AMDAccel*")) (allow iokit-get-properties (iokit-property "SafeEjectRequested" "MetalPluginName" "MetalPluginClassName" "AAPL,slot-name")) (with-filter (iokit-registry-entry-class-prefix "IOPCIDevice") (allow iokit-get-properties (iokit-property "built-in" "ATY,DeviceName" "ATY,FamilyName"))) (allow system-mac-syscall (mac-syscall-number 180)) (allow mach-lookup (global-name "com.apple.SystemConfiguration.configd")) (allow system-mac-syscall (mac-syscall-number 4) (mac-syscall-number 5) (mac-syscall-number 6) (mac-syscall-number 7)) (with-filter (extension "com.apple.app-sandbox.read") (allow file-read*) (allow file-issue-extension (extension-class "com.apple.app-sandbox.read"))) (with-filter (extension "com.apple.app-sandbox.read-write") (allow file-read* file-write*) (allow file-issue-extension (extension-class "com.apple.app-sandbox.read" "com.apple.app-sandbox.read-write"))) (allow file-read* file-write* (subpath (param "TMPDIR")) (subpath (param "DARWIN_CACHE_DIR")) (subpath "/tmp/com.apple.GPUToolsAgent/") (subpath "/private/tmp/com.apple.GPUToolsAgent/")) (let ((cache-path-filter (subpath (param "TMPDIR")))) (allow file-read* file-write* cache-path-filter) (allow file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read" "com.apple.app-sandbox.read-write") cache-path-filter))) (allow syscall-mach (machtrap-number MSC__kernelrpc_mach_port_allocate_trap MSC__kernelrpc_mach_port_construct_trap MSC__kernelrpc_mach_port_deallocate_trap MSC__kernelrpc_mach_port_destruct_trap MSC__kernelrpc_mach_port_guard_trap MSC__kernelrpc_mach_port_insert_member_trap MSC__kernelrpc_mach_port_insert_right_trap MSC__kernelrpc_mach_port_mod_refs_trap MSC__kernelrpc_mach_port_request_notification_trap MSC__kernelrpc_mach_port_type_trap MSC__kernelrpc_mach_vm_allocate_trap MSC__kernelrpc_mach_vm_deallocate_trap MSC__kernelrpc_mach_vm_map_trap MSC__kernelrpc_mach_vm_protect_trap MSC_host_self_trap MSC_mach_generate_activity_id MSC_mach_msg2_trap MSC_mach_msg_overwrite_trap MSC_mach_msg_trap MSC_mk_timer_arm MSC_mk_timer_create MSC_pid_for_task MSC_semaphore_signal_trap MSC_semaphore_timedwait_trap MSC_semaphore_wait_trap MSC_task_name_for_pid MSC_task_self_trap MSC_thread_get_special_reply_port)) (allow syscall-unix (syscall-group-bsdthread) (syscall-group-kevent) (syscall-group-mkdir) (syscall-group-pthread) (syscall-group-pthread-cv) (syscall-group-pthread-locks) (syscall-group-read) (syscall-group-rlimit) (syscall-group-signal) (syscall-group-stat) (syscall-group-statfs) (syscall-group-ulock) (syscall-group-send) (syscall-number SYS___disable_threadsignal SYS___semwait_signal SYS___semwait_signal_nocancel SYS_access SYS_csrctl SYS_faccessat SYS_getattrlist SYS_getattrlistbulk SYS_getaudit_addr SYS_getdirentries64 SYS_getentropy SYS_geteuid SYS_getgid SYS_gethostuuid SYS_getppid SYS_gettimeofday SYS_getuid SYS_iopolicysys SYS_issetugid SYS_kdebug_trace64 SYS_kdebug_trace_string SYS_kdebug_typefilter SYS_lseek SYS_madvise SYS_mmap SYS_mprotect SYS_munmap SYS_pathconf SYS_pipe SYS_socket SYS_symlink SYS_task_read_for_pid SYS_thread_selfid SYS_workq_kernreturn SYS_workq_open)) (allow system-fcntl (fcntl-command F_SETFD)) (allow file-read-data file-write-create file-issue-extension (regex (string-append "^" (param "HOME") "/Library/Developer/CoreSimulator/Devices/" "[a-zA-Z0-9-]+" "/data/Containers/Data/Application/" "[a-zA-Z0-9-]+" "/tmp/" "[a-zA-Z0-9-]+\\.gputrace$"))) (allow file-read-data (subpath "/Library/Developer/PrivateFrameworks/CoreSimulator.framework")) (allow system-fsctl (fsctl-command APFSIOC_MAINTAIN_DIR_STATS)) (allow mach-lookup (global-name "com.apple.CoreSimulator.CoreSimulatorService")) (allow mach-lookup (global-name "com.apple.CoreSimulator.SimLaunchHost-arm64")) (allow mach-lookup (global-name "com.apple.CoreSimulator.simdiskimaged")) (allow mach-lookup (global-name "com.apple.DiskArbitration.diskarbitrationd")) (allow mach-lookup (global-name "com.apple.gputools.service.transportd"))