1;; 2;; syslogd - sandbox profile 3;; Copyright (c) 2007 Apple Inc. All Rights reserved. 4;; 5;; WARNING: The sandbox rules in this file currently constitute 6;; Apple System Private Interface and are subject to change at any time and 7;; without notice. The contents of this file are also auto-generated and not 8;; user editable; it may be overwritten at any time. 9;; 10(version 1) 11(debug deny) 12 13(import "bsd.sb") 14 15(deny default) 16(allow process*) 17(deny signal) 18(allow sysctl-read) 19(allow network*) 20 21;;; Allow syslogd specific files 22 23(allow file-write* file-read-data file-read-metadata 24 (regex #"^(/private)?/var/run/syslog$" 25 #"^(/private)?/var/run/syslog\.pid$" 26 #"^(/private)?/var/run/asl_input$")) 27 28(allow file-write* file-read-data file-read-metadata 29 (regex #"^(/private)?/dev/console$" 30 #"^(/private)?/var/log/.*\.log$" 31 #"^(/private)?/var/log/asl\.db$")) 32 33(allow file-read-data file-read-metadata 34 (regex #"^(/private)?/dev/klog$" 35 #"^(/private)?/etc/asl\.conf$" 36 #"^(/private)?/etc/syslog\.conf$" 37 #"^/usr/lib/asl/.*\.so$")) 38(allow mach-lookup (global-name "com.apple.system.notification_center")) 39