|
|
| Line 557: |
Line 557: |
| </pre> | | </pre> |
| || File read and write access for $HOME excluding ~/Library and the current profile directory. We need write access for printing. We need read access to allow user to read files from $HOME. i.e., file:// resources. | | || File read and write access for $HOME excluding ~/Library and the current profile directory. We need write access for printing. We need read access to allow user to read files from $HOME. i.e., file:// resources. |
| |- id=aar_printing1
| |
| |
| |
| [[#aar_printing1|link]]
| |
| <pre style="border:none;">
| |
| "; printing\n"
| |
| " (allow authorization-right-obtain\n"
| |
| " (right-name \"system.print.operator\")\n"
| |
| " (right-name \"system.printingmanager\"))\n"
| |
| " (allow mach-lookup\n"
| |
| " (global-name \"com.apple.printuitool.agent\")\n"
| |
| " (global-name \"com.apple.printtool.agent\")\n"
| |
| " (global-name \"com.apple.printtool.daemon\")\n"
| |
| " (global-name \"com.apple.sharingd\")\n"
| |
| " (global-name \"com.apple.metadata.mds\")\n"
| |
| " (global-name \"com.apple.mtmd.xpc\")\n"
| |
| " (global-name \"com.apple.FSEvents\")\n"
| |
| " (global-name \"com.apple.locum\")\n"
| |
| " (global-name \"com.apple.ImageCaptureExtension2.presence\"))\n"
| |
| " (allow file-read*\n"
| |
| " (home-literal \"/.cups/lpoptions\")\n"
| |
| " (home-literal \"/.cups/client.conf\")\n"
| |
| " (literal \"/private/etc/cups/lpoptions\")\n"
| |
| " (literal \"/private/etc/cups/client.conf\")\n"
| |
| " (subpath \"/private/etc/cups/ppd\")\n"
| |
| " (literal \"/private/var/run/cupsd\"))\n"
| |
| " (allow-shared-preferences-read \"org.cups.PrintingPrefs\")\n"
| |
| " (allow-shared-preferences-read \"com.apple.finder\")\n"
| |
| " (allow-shared-preferences-read \"com.apple.LaunchServices\")\n"
| |
| " (allow-shared-preferences-read \".GlobalPreferences\")\n"
| |
| " (allow network-outbound\n"
| |
| " (literal \"/private/var/run/cupsd\")\n"
| |
| " (literal \"/private/var/run/mDNSResponder\"))\n"
| |
| "\n"
| |
|
| |
| </pre>
| |
| || Printing
| |
| |- id=aar_misc1
| |
| |
| |
| [[#aar_misc1|link]]
| |
| <pre style="border:none;">
| |
| "; print preview\n"
| |
| " (if (> macosMinorVersion 9)\n"
| |
| " (allow lsopen))\n"
| |
| " (allow file-write* file-issue-extension (var-folders2-regex \"/\"))\n"
| |
| " (allow file-read-xattr (literal \"/Applications/Preview.app\"))\n"
| |
| " (allow mach-task-name)\n"
| |
| " (allow mach-register)\n"
| |
| " (allow file-read-data\n"
| |
| " (regex \"^/Library/Printers/[^/]+/PDEs/[^/]+.plugin\")\n"
| |
| " (subpath \"/Library/PDF Services\")\n"
| |
| " (subpath \"/Applications/Preview.app\")\n"
| |
| " (home-literal \"/Library/Preferences/com.apple.ServicesMenu.Services.plist\"))\n"
| |
| " (allow mach-lookup\n"
| |
| " (global-name \"com.apple.pbs.fetch_services\")\n"
| |
| " (global-name \"com.apple.tsm.uiserver\")\n"
| |
| " (global-name \"com.apple.ls.boxd\")\n"
| |
| " (global-name \"com.apple.coreservices.quarantine-resolver\")\n"
| |
| " (global-name-regex \"_OpenStep$\"))\n"
| |
| " (allow appleevent-send\n"
| |
| " (appleevent-destination \"com.apple.preview\")\n"
| |
| " (appleevent-destination \"com.apple.imagecaptureextension2\"))\n"
| |
| </pre>
| |
| || Print preview
| |
| |- id=aar_printpreview | | |- id=aar_printpreview |
| | | | | |