forked from gnachman/iTerm2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
image_decoder.sb
38 lines (35 loc) · 1.18 KB
/
image_decoder.sb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
(version 1)
(deny default)
(allow file-read-data file-read-metadata
(regex "^/System/Library/ColorSync/Profiles")
(regex "^/System/Library/Frameworks")
(regex "^/System/Library/PrivateFrameworks")
(regex "^/Library/Fonts$")
(regex "^/Library/Fonts/")
(regex "^/System/Library/Fonts$")
(regex "^/System/Library/Fonts/")
(regex "^@HOME_DIRECTORY@/Library/Fonts$")
(regex "^@HOME_DIRECTORY@/Library/Fonts/")
(regex "^/usr/share/zoneinfo/")
(regex "^/usr/share/icu/")
(literal "/dev/null")
(literal "/dev/random")
(literal "@PATH_TO_EXECUTABLE@")
(literal "@PATH_TO_EXECUTABLE@/@EXECUTABLE@")
(regex "^/private/var")
(regex "^/System/Library/CoreServices/SystemAppearance.bundle")
(regex "^/usr/lib"))
(allow file-read-metadata
(regex "^/System$")
(regex "^/System/Library$")
(regex "^/System/Library/Fonts$")
(regex "^@HOME_DIRECTORY@/Library/Fonts$")
(regex "^/System/Library/Fonts/")
(regex "^/Library$")
(regex "^/Library/Fonts$")
(regex "^/Library/Fonts/")
(regex "^/var$"))
(allow file-write-create file-write-data file-write-unlink
(regex "^/private/var"))
(allow process-exec (literal "@PATH_TO_EXECUTABLE@/@EXECUTABLE@"))
(allow mach* sysctl-read)