;;;;;;  Copyright 2010-2011 Apple Inc. All rights reserved.
;;;;;;
;;;;;;  Sandbox profile for revisiond. This file allows:
;;;;;;      mach named port lookups
;;;;;;      file reads anywhere on disk (only to verify access, since that isn't a separate sandbox call)
;;;;;;      file writes to paths inside a "/.DocumentRevisions-V100" directory, the directory itself, or "/.DocumentRevisions-V100-old-..." on a volume
;;;;;;      certain write operations to paths inside of "/.MobileBackups/Computer/" on a volume
;;;;;;      IPC lookups
;;;;;;      sysctl-read
;;;;;;
;;;;;;

(version 1)

(deny default)

(import "system.sb")
(import "com.apple.corefoundation.sb")
(corefoundation)

(allow mach-lookup
    (global-name "com.apple.PowerManagement.control")
    (global-name "com.apple.system.notification_center")
    (global-name "com.apple.CoreServices.coreservicesd")
    (global-name "com.apple.lsd.mapdb")
    (global-name "com.apple.system.DirectoryService.membership_v1")
    (global-name "com.apple.system.DirectoryService.libinfo_v1")
    (global-name "com.apple.DiskArbitration.diskarbitrationd")
    (global-name "com.apple.system.logger")
    (global-name "com.apple.FSEvents")
    (global-name "com.apple.metadata.mds")
    (global-name "com.apple.backupd.sandbox.xpc")
)

(define (revisiond-store-paths) (require-any
    (mount-relative-regex #"^/\.DocumentRevisions-V100($|/)")
    (mount-relative-regex #"^/\.DocumentRevisions-V100-bad-[0-9]+($|/)")
    (subpath (param "GENSTORE_TEMPDIR"))
    (subpath (param "GENSTORE_USER_CACHEDIR"))
))

;; Preferences access
(define (preference-read domain)
    (allow file-read*
        (literal (string-append "/Library/Preferences/" domain ".plist"))
        (literal (string-append "/private/var/root/Library/Preferences/" domain ".plist"))))

(preference-read ".GlobalPreferences")
(preference-read "com.apple.revisiond")

;; allow doc id allocation. Necessary for Cab To Syrah migration.
(allow file-write-flags)

(allow file-read-metadata)

(allow file-read-xattr)

(allow file-read* (mount-relative-literal "/"))

(allow file-write* file-read*
    (revisiond-store-paths)
    (subpath (param "DARWIN_USER_TEMP_DIR"))
    (mount-relative-literal "/.TemporaryItems")
    (mount-relative-regex #"^/\.TemporaryItems/folders.0(/|$)")
    (mount-relative-regex #"^/\.MobileBackups/Computer/")
    (subpath "/private/var/log/com.apple.revisiond")
)
(allow file-issue-extension (require-all
    (require-any
        (extension-class "com.apple.app-sandbox.read")
        (extension-class "com.apple.app-sandbox.read-write"))
    (revisiond-store-paths)
))
(allow file-write-data file-read-data
    (literal "/dev/afsc_type5")
)

(allow ipc-posix-shm
    (ipc-posix-name "apple.shm.notification_center")
    (ipc-posix-name-regex #"^/tmp/com\.apple\.csseed\.[0-9]+$")
)

;; from application.sb
(allow system-fsctl
       (fsctl-command
            HFSIOC_VOLUME_STATUS
            HFSIOC_TRANSFER_DOCUMENT_ID
            APFSIOC_DOC_ID_TO_FILE_ID)
)

(allow sysctl-read)
(allow system-sched)

;; Retrieve APFS volume role to exclude system volumes
(with-filter (iokit-registry-entry-class "AppleAPFSVolume")
    (allow iokit-get-properties))

(with-filter (iokit-registry-entry-class "AppleAPFSVolumeBSDClient")
    (allow iokit-get-properties))