1;;; Copyright (c) 2012 Apple Inc. All rights reserved.
2;;; Sandbox profile for webdav_agent.
3
4(version 1)
5(deny default)
6(import "system.sb")
7(import "gss-acceptor.sb")
8
9(system-network)
10
11(allow network-outbound)
12  
13(allow system-socket)
14
15(allow mach-register
16	(global-name-regex #"^com\.apple\.webdavfs\.msgport..*"))
17
18(allow file-read-metadata
19	(literal "/private/tmp"))
20
21(allow mach-lookup 
22	(global-name-regex #"^com\.apple\.webdavfs\.msgport..*"))
23	
24(allow mach-lookup 
25	(global-name "com.apple.networkd"))
26
27(allow file*
28	(regex #"^/private/tmp/.webdavUDS\..+"))
29
30(allow file* 
31	(regex #"^/private/tmp/\.webdavcache\..+"))
32	
33(allow file-read*
34	(regex #"^.*/Library/Preferences/com\.apple\.security\.plist"))
35