portmap.sb   [plain text]


;; Copyright (c) 2007 Apple Inc.  All Rights reserved.
;;
;; WARNING: The sandbox rules in this file currently constitute 
;; Apple System Private Interface and are subject to change at any time and
;; without notice. The contents of this file are also auto-generated and not
;; user editable; it may be overwritten at any time.
;;
(version 1)
(debug deny)
(allow process-exec (regex #"^/usr/sbin/portmap$"))
(allow process-fork)
(allow sysctl-read)
(allow file-read-data file-read-metadata (regex
    #"^/etc"
    #"^/usr/lib/.*\.dylib$"
    #"^/var"
    #"^/private/var/db/dyld/"
    #"^/dev/urandom$"))
(allow file-write-data (regex
    #"^/dev/dtracehelper$"))
(allow network-accept)
(allow network-inbound (to tcp4 "*:111"))
(allow network-inbound (to udp4 "*:111"))
(allow network-outbound)
(allow mach-lookup (global-name
    "com.apple.system.notification_center"
    "com.apple.system.DirectoryService.libinfo_v1"))
(deny default)