;;; Copyright (c) 2017 Apple Inc.  All Rights reserved.
;;;
;;; WARNING: The sandbox rules in this file currently constitute
;;; Apple System Private Interface and are subject to change at any time and
;;; without notice.
;;;
(version 1)

(deny default)
(deny file-map-executable process-info* nvram*)
(deny dynamic-code-generation)

(deny mach-priv-host-port)

(import "system.sb")
(import "com.apple.corefoundation.sb")
(corefoundation)

;;; Homedir-relative path filters
(define (home-regex home-relative-regex)
    (regex (string-append "^" (regex-quote (param "HOME")) home-relative-regex)))

(define (home-subpath home-relative-subpath)
    (subpath (string-append (param "HOME") home-relative-subpath)))

(define (home-prefix home-relative-prefix)
    (prefix (string-append (param "HOME") home-relative-prefix)))

(define (home-literal home-relative-literal)
    (literal (string-append (param "HOME") home-relative-literal)))


(allow process-info* (target self))
(allow process-info-pidinfo (target others))

;; For resolving symlinks, realpath(3), and equivalents.
(allow file-read-metadata)

;; For validating the entitlements of clients.
(allow process-info-codesignature)

(allow mach-lookup
    (global-name "com.apple.biome.access.user") ; For GenerativeFunctionsInstrumentation
    (global-name "com.apple.biome.access.system")
    (global-name "com.apple.biome.compute.source.user")
    (global-name "com.apple.ctkd.token-client") ; For DeviceIdentityCopyAttestationDictionary
    (global-name "com.apple.modelcatalog.catalog")
    (global-name "com.apple.powerlog.plxpclogger.xpc")
    (global-name "com.apple.appleneuralengine")
    (global-name "com.apple.coreservices.quarantine-resolver")
    (global-name "com.apple.lsd.mapdb")
    (global-name "com.apple.securityd.systemkeychain")
    (global-name "com.apple.networkserviceproxy")
    (global-name "com.apple.networkserviceproxy.fetch-token")
    (global-name "com.apple.nehelper")
    (global-name "com.apple.SystemConfiguration.configd")
    (global-name "com.apple.tests.callbackService")
    (global-name "com.apple.privatecloudcompute")
    (global-name "com.apple.tccd.system")
    (global-name "com.apple.windowserver.active")
    (global-name "com.apple.remoted")
    (global-name "com.apple.mobileassetd.v2")
    (global-name "com.apple.containermanagerd")
)

(allow file-read*
    (subpath "/private/var/db/com.apple.modelcatalog/sideload")
    (subpath "/private/var/db/modelmanagerd/Library")
    (subpath "/private/var/db/mds/messages/se_SecurityMessages")
    (subpath "/Library/Preferences/com.apple.networkd.plist")
    (subpath "/Library/Preferences/com.apple.networkextension.uuidcache.plist")
    (subpath "/Library/Caches/com.apple.InferenceProviderService")
    (subpath "/Users/local/Library/IntelligencePlatform/Artifacts/siri/remembers/view.db")
    (subpath "/private/var/folders/zz")
    (subpath "/private/var/db/AppleIntelligencePlatform/AppModelAssets")
    (subpath "/private/var/tmp")
    (subpath "/private/var/db/com.apple.countryd")
)

(allow file-write*
    (subpath "/private/var/db/modelmanagerd/Library")
    (subpath "/private/var/db/AppleIntelligencePlatform/AppModelAssets")
    (subpath "/private/var/folders/zz")
    (subpath "/private/var/tmp")
    (subpath "/Library/Caches/com.apple.InferenceProviderService")
)

(allow network-outbound
    (subpath "/private/var/run/mDNSResponder")
)

(allow user-preference-read
    (preference-domain "kcfpreferencesanyapplication")
)

(allow iokit-open-user-client
    (iokit-user-client-class "AppleParavirtDeviceUserClient")
    (iokit-user-client-class "AGXDeviceUserClient")
    (iokit-user-client-class "H11ANEInDirectPathClient")
    (iokit-user-client-class "IOSurfaceAcceleratorClient")
    (iokit-user-client-class "IOSurfaceRootUserClient")
    (iokit-user-client-class "AppleVirtIONeuralEngineDeviceUserClient")
    (iokit-user-client-class "H1xANELoadBalancerDirectPathClient")
    (iokit-user-client-class "ANEClientHintsUserClient")
    (iokit-user-client-class "AppleKeyStoreUserClient")
)

(allow iokit-set-properties
    (iokit-property "ANEHintClientSessionStart")
    (iokit-property "ANEHintClientSessionStop")
)

(with-filter (extension-class "com.apple.cfprefsd.read" "com.apple.cfprefsd.read-write")
  (allow file-issue-extension
    (require-any
         (subpath "/private/var/db/modelmanagerd/Library/Preferences"))))

(with-filter (extension-class "com.apple.app-sandbox.read")
  (allow file-issue-extension
    (require-any
         (subpath "/private/var/db/AppleIntelligencePlatform/AppModelAssets")
         (subpath "/private/var/db/com.apple.modelcatalog/sideload/assets")
         (subpath "/private/var/folders/zz")
         (subpath "/private/var/tmp")
         (subpath "/private/var/db/modelmanagerd/Library")
         )))

(with-filter (extension-class "com.apple.app-sandbox.read-write")
  (allow file-issue-extension
    (require-any
         (subpath "/private/var/folders/zz")
         (subpath "/private/var/tmp")
         (subpath "/private/var/db/modelmanagerd/Library")
         )))

(allow system-socket (socket-domain AF_SYSTEM))

(allow network-outbound)

(allow syscall-mach)