(define TMPDIR (param "_GLOBAL_TMP_DIR")) ; obvious (allow process-fork) ; allow reading system information like #CPUs, etc. (allow sysctl-read) ; IPC (allow ipc-posix*) ; Unix sockets (allow system-socket) ; all runtime dependencies of libSystem.dylib (allow file-read* (literal "/usr/lib/libSystem.dylib") (literal "/usr/lib/libSystem.B.dylib") (literal "/usr/lib/libobjc.A.dylib") (literal "/usr/lib/libobjc.dylib") (literal "/usr/lib/libauto.dylib") (literal "/usr/lib/libc++abi.dylib") (literal "/usr/lib/libc++.1.dylib") (literal "/usr/lib/libDiagnosticMessagesClient.dylib") (subpath "/usr/lib/system")) ; tmp (allow file* process-exec (literal "/tmp") (subpath TMPDIR)) ; clang likes to read the system version (allow file-read* (literal "/System/Library/CoreServices/SystemVersion.plist")) ; used for bootstrap builders (allow process-exec* (literal "/bin/sh")) ; without this line clang cannot write to /dev/null, breaking some configure tests (allow file-read-metadata (literal "/dev")) ; standard devices (allow file* (literal "/dev/null") (literal "/dev/random") (literal "/dev/stdin") (literal "/dev/stdout") (literal "/dev/tty") (literal "/dev/urandom") (literal "/dev/zero") (subpath "/dev/fd")) ; does nothing, but reduces build noise (allow file* (literal "/dev/dtracehelper")) ; ICU data and zoneinfo data are hardcoded ; both are in libicucore and zoneinfo is in libsystem_c as well (allow file-read* (subpath "/usr/share/icu") (subpath "/usr/share/zoneinfo")) ; no idea what this is (allow file-read-data (literal "/dev/autofs_nowait")) ; lots of autoconf projects want to list this directory (allow file-read-metadata (literal "/var") (literal "/private/var/tmp")) ; send signals (allow signal (target same-sandbox)) ; allow getpwuid (for git and other packages) (allow mach-lookup (global-name "com.apple.system.notification_center") (global-name "com.apple.system.opendirectoryd.libinfo")) ; allow networking on localhost (allow network* (local ip) (remote unix-socket))