Skip to content

Instantly share code, notes, and snippets.

@inC3ASE

inC3ASE/blued.sb

Created October 14, 2016 02:05
Show Gist options
  • Save inC3ASE/98a4caf253ecb6351fac8a70f71b4c2e to your computer and use it in GitHub Desktop.
Save inC3ASE/98a4caf253ecb6351fac8a70f71b4c2e to your computer and use it in GitHub Desktop.
Download ZIP
usr/share/sandbox
Raw
blued.sb
;; Copyright (c) 2012 Apple Inc. All Rights reserved.
;;
;; WARNING: The sandbox rules in this file currently constitute
;; Apple System Private Interface and are subject to change at any time and
;; without notice. The contents of this file are also auto-generated and not
;; user editable; it may be overwritten at any time.
;;
(version 1)
(deny default)
(import "system.sb")
(allow distributed-notification-post)
(allow mach-per-user-lookup)
(allow mach-lookup
(global-name "com.apple.distributed_notifications@1v3")
(global-name "com.apple.CoreServices.coreservicesd")
(global-name "com.apple.bluetoothUIServer")
(global-name "com.apple.bluetoothuserd")
(global-name "com.apple.cloudpaird")
(global-name "com.apple.bnepd")
(global-name "com.apple.blued")
(global-name "com.apple.airportd")
(global-name "com.apple.BluetoothDOServer")
(global-name "com.apple.SystemConfiguration.configd")
(global-name "com.apple.SecurityServer")
(global-name "com.apple.btsa")
(global-name "com.apple.bluetoothaudiod")
(global-name "com.apple.lsd.mapdb")
(global-name "com.apple.bluetoothReporter"))
(allow file-write-create
(regex #"^/private/var/log/bluetoothCoreDump-\..*\.log$")
)
(allow file-read* file-write*
(literal "/private/var/root/Library/Preferences/blued.plist")
(literal "/private/var/root/Library/Preferences/com.apple.blued.plist")
(regex #"^/private/var/root/Library/Preferences/ByHost/com\.apple\.blued\..*\.plist$")
(regex #"^/private/var/root/Library/Preferences/ByHost/\.GlobalPreferences\..*\.plist$")
(regex #"^/private/var/root/Library/Preferences/ByHost/com\.apple\.Bluetooth\..*\.plist$")
(regex #"^/Library/Preferences/com\.apple\.Bluetooth\.plist")
(literal "/private/tmp/com.apple.Bluetooth.plist")
(literal "/dev/io8log")
(literal "/dev/io8logtemp")
(literal "/private/var/log/blued.log")
(literal "/private/var/log/bluetoothAudio.log")
(literal "/private/var/log/bluetoothUserAgent.log")
(literal "/private/var/log/bluetoothFramework.log")
(literal "/private/var/log/bluetoothCoreDump.log")
(literal "/private/var/log/cloudpaird.log")
(literal "/Library/Preferences/SystemConfiguration/com.apple.Bluetooth")
(literal "/Library/Preferences/SystemConfiguration/com.apple.Bluetooth-lock")
(literal "/Library/Preferences/SystemConfiguration/com.apple.Bluetooth-new"))
(allow file-read*
(literal "/Library/Preferences/SystemConfiguration/preferences.plist")
(literal "/private/var/root/Library/Preferences/.GlobalPreferences.plist")
(literal "/Library/Preferences/.GlobalPreferences.plist")
(literal "/AppleInternal")
(literal "/usr/sbin")
(literal "/usr/sbin/blued")
(literal "/private/var/root")
(literal "/dev/console")
(literal "/private/var/log/Bluetooth")
(literal "/private/var/log/bluetooth.pklg")
(literal "/private/var/db/.AppleSetupDone")
(literal "/Library/Preferences/SystemConfiguration/com.apple.nat.plist"))
(allow ipc-posix-shm
(ipc-posix-name "apple.shm.notification_center")
(ipc-posix-name-regex #"^/tmp/com.apple.csseed.[0-9]+$"))
(allow iokit-open
(iokit-user-client-class "IOBluetoothDeviceUserClient")
(iokit-user-client-class "IOHIDResourceDeviceUserClient")
(iokit-user-client-class "IOBluetoothHCIUserClient")
(iokit-user-client-class "IOBluetoothL2CAPChannelUserClient")
(iokit-user-client-class "IOHIDLibUserClient")
(iokit-user-client-class "RootDomainUserClient"))
(allow iokit-set-properties)
(allow system-socket)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment