| (allow signal network-inbound) |
| (allow process-fork) |
| (allow process-exec |
| (subpath "/System/Library/Java/JavaVirtualMachines") |
| (subpath "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin")) |
| |
| (allow mach-lookup (global-name "com.apple.coreservices.launchservicesd")) |
| |
| (allow file-read* |
| (literal "/dev/fd") |
| (literal "/usr/bin") |
| (literal "/private/etc/hosts") |
| (subpath "/Library/Java") |
| (subpath "/System/Library/Java")) |
| |
| (shared-preferences-read |
| "com.apple.java.JavaPreferences" |
| "com.apple.java.util.prefs") |
| (shared-preferences-read-write "com.oracle.javadeployment.plist") |
| |
| (allow file-read* file-write* |
| (home-library-subpath "/Saved Application State/net.java.openjdk.cmd.savedState") |
| (home-library-subpath "/Application Support/Oracle/Java/Deployment") |
| (home-library-subpath "/Caches/Java")) |
| |
| (allow file-write-create |
| (home-library-literal "/Application Support/Oracle") |
| (home-library-literal "/Application Support/Oracle/Java")) |
| |
| (allow network-bind network-outbound (subpath (param "DARWIN_USER_TEMP_DIR"))) |
| |
| (deny mach-lookup (with no-log) |
| (global-name "com.apple.ls.boxd") |
| (global-name-regex #"^PlaceHolderServerName-")) |
| |
| (deny job-creation (with no-log)) |
| (deny file-write* (with no-log) (subpath "/Library/Application Support/Oracle")) |
