; ; Copyright (C) 2017-2022 Apple Inc. All Rights Reserved. ; ; Sandbox profile for rapportd. ; (version 1) (deny default) (import "com.apple.corefoundation.sb") (import "system.sb") (corefoundation) (import "contacts.sb") (define (home-subpath home-relative-subpath) (subpath (string-append (param "_HOME") home-relative-subpath))) (allow distributed-notification-post) (allow file-read* (subpath "/")) (allow file-write* (subpath "/Library/Application Support/Rapport") (home-subpath "/Library/Caches") (home-subpath "/Library/Keychains") (regex #"^/Library/Keychains/System.keychain") (literal "/private/var/db/mds/system/mds.lock") (regex #"^/private/var/folders/[^/]+/[^/]+/C/mds/mds\.lock$") (regex #"^(/private)?/var/folders/[^/]+/[^/]+/C($|/)") (regex #"^(/private)?/var/folders/[^/]+/[^/]+/T($|/)") ) (allow file-read* file-write* (home-subpath "/Library/Caches/com.apple.HomeKit/com.apple.rapportd") (home-subpath "/Library/Caches/com.apple.HomeKit.configurations") ) (allow iokit-open (iokit-user-client-class "AppleKeyStoreUserClient") (iokit-user-client-class "RootDomainUserClient") (iokit-user-client-class "IOHIDResourceDeviceUserClient") ) (allow ipc-posix-shm-read-data (ipc-posix-name "com.apple.AppleDatabaseChanged") ) (allow ipc-posix-shm-write-data (ipc-posix-name "com.apple.AppleDatabaseChanged") ) (allow mach-lookup (global-name "com.apple.airportd") (global-name "com.apple.ak.auth.xpc") (global-name "com.apple.analyticsd") (global-name "com.apple.accountsd.accountmanager") (global-name "com.apple.AutoUnlock.AuthenticationHintsProvider") (global-name "com.apple.awdd") (global-name "com.apple.bluetoothd") (global-name "com.apple.bluetooth.xpc") (global-name "com.apple.chronod") (global-name "com.apple.cdp.daemon") (global-name "com.apple.cloudd") (global-name "com.apple.cmio.registerassistantservice.system-extensions") (global-name "com.apple.commcenter.coretelephony.xpc") (global-name "com.apple.coreduetd.context") (global-name "com.apple.coreduetd.knowledgebase") (global-name "com.apple.coreduetd.people") (global-name "com.apple.CompanionLink") (global-name "com.apple.CoreServices.coreservicesd") (global-name "com.apple.coresymbolicationd") (global-name "com.apple.distributed_notifications@1v3") (global-name "com.apple.distributed_notifications@Uv3") (global-name "com.apple.familycircle.agent") (global-name "com.apple.homed.xpc") (global-name "com.apple.findmy.findmylocate.settings") (global-name "com.apple.findmy.findmylocate.friendshipservice") (global-name "com.apple.findmy.findmylocate.locationservice") (global-name "com.apple.identityservicesd.desktop.auth") (global-name "com.apple.identityservicesd.idquery.desktop.auth") (global-name "com.apple.iohideventsystem") (global-name "com.apple.logind") (global-name "com.apple.managedconfiguration.profiled") (global-name "com.apple.marco") (global-name "com.apple.nesessionmanager.content-filter") (global-name "com.apple.network.EAPOLController") (global-name "com.apple.networkd") (global-name "com.apple.ocspd") (global-name "com.apple.PairingManager") (global-name "com.apple.powerlog.plxpclogger.xpc") (global-name "com.apple.PowerManagement.control") (global-name "com.apple.rapport") (global-name "com.apple.securityd.ckks") (global-name "com.apple.securityd.xpc") (global-name "com.apple.SecurityServer") (global-name "com.apple.security.octagon") (global-name "com.apple.server.bluetooth") (global-name "com.apple.server.bluetooth.le.att.xpc") (global-name "com.apple.SharingServices") (global-name "com.apple.sharingd.pairedcontactmanager") (global-name "com.apple.StatusKit.local") (global-name "com.apple.SystemConfiguration.configd") (global-name "com.apple.tccd") (global-name "com.apple.wifi.manager") (global-name "com.apple.wifip2pd") (global-name "com.apple.windowserver.active") (global-name "com.apple.wirelessproxd") (global-name "com.apple.nehelper") (global-name "com.apple.networkd_privileged") (global-name "com.apple.sharing.airdrop.service") ) (contacts-client (param "_HOME") (param "_DARWIN_USER_TEMP")) (allow network*) (allow system-socket) (allow user-preference-read (preference-domain "com.apple.homed") ) (allow user-preference-read user-preference-write (preference-domain "com.apple.facetime.bag") (preference-domain "com.apple.imessage.bag") (preference-domain "com.apple.rapport") ) (allow mach-task-name) (allow file-read* file-write* (extension "com.apple.sandbox.application-group")) (allow mach-lookup (global-name "com.apple.containermanagerd"))