1(version 1) 2 3(deny default) 4 5(import "system.sb") 6 7(allow file-read*) 8 9(allow file-read* 10 (literal "/usr/libexec") 11 (literal "/usr/libexec/securityd_service") 12 (literal "/usr/sbin") 13 (literal "/usr/sbin/securityd")) 14 15(allow file-read* file-write* 16 (subpath "/private/var/keybags") 17 (regex #"/Keychains/") 18 (subpath "/private/var/db/mds")) 19 20(allow mach-lookup 21 (global-name "com.apple.SecurityServer")) 22 23(allow iokit-open 24 (iokit-user-client-class "AppleFDEKeyStoreUserClient") 25 (iokit-user-client-class "AppleKeyStoreUserClient")) 26 27(allow ipc-posix-shm 28 (ipc-posix-name "apple.shm.notification_center") 29 (ipc-posix-name "com.apple.AppleDatabaseChanged")) 30 31(allow system-audit) 32