container.sb

1. (version 1)
2. (deny default)
3. (allow dynamic-code-generation)
4. (allow file-issue-extension
5.     (extension "com.apple.odr-assets")
6.     (require-entitlement "com.apple.private.librarian.container-proxy")
7.     (require-all
8.         (extension "com.apple.sandbox.container")
9.         (require-any
10.             (require-all
11.                 (subpath-prefix "${FRONT_USER_HOME}")
12.                 (require-any
13.                     (require-all
14.                         (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
15.                         (require-any
16.                             (extension-class "com.apple.app-sandbox.read")
17.                             (extension-class "com.apple.mediaserverd.read-write")
18.                             (extension-class "com.apple.quicklook.readonly")
19.                             (extension-class "com.apple.sharing.airdrop.readonly")
20.                             (extension-class "com.apple.nsurlsessiond.readonly")
21.                             (extension-class "com.apple.wcd.readonly")
22.                             (extension-class "com.apple.app-sandbox.read-write")
23.                             (extension-class "com.apple.mediaserverd.read")
24.                         )
25.                     )
26.                     (require-all
27.                         (extension-class "com.apple.corespotlightservice.read-write")
28.                         (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
29.                     )
30.                     (require-all
31.                         (extension-class "com.apple.foundation.upload-prep.read-write")
32.                         (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
33.                     )
34.                     (require-all
35.                         (extension-class "com.apple.nsurlstorage.extension-cache")
36.                         (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
37.                     )
38.                 )
39.             )
40.             (require-all
41.                 (extension-class "com.apple.app-sandbox.read")
42.                 (require-any
43.                     (require-all
44.                         (subpath-prefix "${FRONT_USER_HOME}")
45.                         (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
46.                     )
47.                     (require-all
48.                         (subpath-prefix "${FRONT_USER_HOME}")
49.                         (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
50.                     )
51.                 )
52.             )
53.         )
54.     )
55.     (require-all
56.         (process-attribute 4)
57.         (extension-class "com.apple.webkit.map-executable")
58.         (extension "com.apple.sandbox.executable")
59.     )
60.     (require-all
61.         (extension "com.apple.sandbox.executable")
62.         (require-any
63.             (extension-class "com.apple.sharing.airdrop.readonly")
64.             (extension-class "com.apple.mediaserverd.read")
65.             (extension-class "com.apple.quicklook.readonly")
66.             (extension-class "com.apple.wcd.readonly")
67.         )
68.     )
69.     (require-all
70.         (extension-class "com.apple.app-sandbox.read-write")
71.         (require-any
72.             (extension "com.apple.security.exception.files.absolute-path.read-write")
73.             (extension "com.apple.security.exception.files.home-relative-path.read-write")
74.             (require-all
75.                 (extension-class "com.apple.app-sandbox.read")
76.                 (require-any
77.                     (extension "com.apple.security.exception.files.absolute-path.read-only")
78.                     (extension "com.apple.security.exception.files.home-relative-path.read-only")
79.                     (extension "com.apple.app-sandbox.read")
80.                     (extension "com.apple.app-sandbox.read-write")
81.                 )
82.             )
83.             (require-all
84.                 (extension-class "com.apple.app-sandbox.read-write")
85.                 (extension "com.apple.app-sandbox.read-write")
86.             )
87.         )
88.     )
89.     (require-all
90.         (extension-class "com.apple.app-sandbox.read")
91.         (require-any
92.             (extension "com.apple.security.exception.files.absolute-path.read-write")
93.             (extension "com.apple.security.exception.files.home-relative-path.read-write")
94.             (require-all
95.                 (extension-class "com.apple.app-sandbox.read")
96.                 (require-any
97.                     (extension "com.apple.security.exception.files.absolute-path.read-only")
98.                     (extension "com.apple.security.exception.files.home-relative-path.read-only")
99.                     (extension "com.apple.app-sandbox.read")
100.                     (extension "com.apple.app-sandbox.read-write")
101.                 )
102.             )
103.             (require-all
104.                 (extension-class "com.apple.app-sandbox.read-write")
105.                 (extension "com.apple.app-sandbox.read-write")
106.             )
107.         )
108.     )
109.     (require-all
110.         (extension-class "com.apple.mediaserverd.read-write")
111.         (extension "com.apple.app-sandbox.read-write")
112.     )
113.     (require-all
114.         (extension-class "com.apple.mediaserverd.read")
115.         (require-any
116.             (extension "com.apple.app-sandbox.read")
117.             (extension "com.apple.app-sandbox.read-write")
118.         )
119.     )
120.     (require-all
121.         (extension-class "com.apple.quicklook.readonly")
122.         (require-any
123.             (extension "com.apple.app-sandbox.read")
124.             (extension "com.apple.app-sandbox.read-write")
125.         )
126.     )
127.     (require-all
128.         (extension-class "com.apple.sharing.airdrop.readonly")
129.         (require-any
130.             (extension "com.apple.app-sandbox.read")
131.             (extension "com.apple.app-sandbox.read-write")
132.         )
133.     )
134.     (require-all
135.         (extension-class "com.apple.app-sandbox.read")
136.         (extension "com.apple.sandbox.executable")
137.     )
138.     (require-all
139.         (extension-class "com.apple.mediaserverd.read")
140.         (require-any
141.             (subpath "/System/Library")
142.             (require-all
143.                 (subpath "/System/Library")
144.                 (extension-class "com.apple.app-sandbox.read")
145.             )
146.             (require-all
147.                 (extension-class "com.apple.nsurlsessiond.readonly")
148.                 (extension "com.apple.sandbox.executable")
149.             )
150.             (require-all
151.                 (subpath-prefix "${HOME}/Media/Books")
152.                 (require-any
153.                     (require-all
154.                         (extension-class "com.apple.app-sandbox.read")
155.                         (require-any
156.                             (require-entitlement "com.apple.private.signing-identifier"
157.                                 (require-any
158.                                     (entitlement-value "com.apple.iBooks")
159.                                     (entitlement-value "com.apple.itunesu")
160.                                 )
161.                             )
162.                             (require-entitlement "com.apple.container2")
163.                         )
164.                     )
165.                     (require-all
166.                         (extension-class "com.apple.mediaserverd.read")
167.                         (require-any
168.                             (require-entitlement "com.apple.private.signing-identifier"
169.                                 (require-any
170.                                     (entitlement-value "com.apple.iBooks")
171.                                     (entitlement-value "com.apple.itunesu")
172.                                 )
173.                             )
174.                             (require-entitlement "com.apple.container2")
175.                         )
176.                     )
177.                     (require-all
178.                         (extension-class "com.apple.quicklook.readonly")
179.                         (require-any
180.                             (require-entitlement "com.apple.private.signing-identifier"
181.                                 (require-any
182.                                     (entitlement-value "com.apple.iBooks")
183.                                     (entitlement-value "com.apple.itunesu")
184.                                 )
185.                             )
186.                             (require-entitlement "com.apple.container2")
187.                         )
188.                     )
189.                     (require-all
190.                         (extension-class "com.apple.sharing.airdrop.readonly")
191.                         (require-any
192.                             (require-entitlement "com.apple.private.signing-identifier"
193.                                 (require-any
194.                                     (entitlement-value "com.apple.iBooks")
195.                                     (entitlement-value "com.apple.itunesu")
196.                                 )
197.                             )
198.                             (require-entitlement "com.apple.container2")
199.                         )
200.                     )
201.                 )
202.             )
203.             (require-all
204.                 (subpath-prefix "${HOME}/Media/Podcasts")
205.                 (require-any
206.                     (require-all
207.                         (extension-class "com.apple.app-sandbox.read")
208.                         (require-any
209.                             (require-entitlement "com.apple.private.signing-identifier"
210.                                 (require-any
211.                                     (entitlement-value "com.apple.iBooks")
212.                                     (entitlement-value "com.apple.itunesu")
213.                                 )
214.                             )
215.                             (require-entitlement "com.apple.container2")
216.                         )
217.                     )
218.                     (require-all
219.                         (extension-class "com.apple.mediaserverd.read")
220.                         (require-any
221.                             (require-entitlement "com.apple.private.signing-identifier"
222.                                 (require-any
223.                                     (entitlement-value "com.apple.iBooks")
224.                                     (entitlement-value "com.apple.itunesu")
225.                                 )
226.                             )
227.                             (require-entitlement "com.apple.container2")
228.                         )
229.                     )
230.                     (require-all
231.                         (extension-class "com.apple.quicklook.readonly")
232.                         (require-any
233.                             (require-entitlement "com.apple.private.signing-identifier"
234.                                 (require-any
235.                                     (entitlement-value "com.apple.iBooks")
236.                                     (entitlement-value "com.apple.itunesu")
237.                                 )
238.                             )
239.                             (require-entitlement "com.apple.container2")
240.                         )
241.                     )
242.                     (require-all
243.                         (extension-class "com.apple.sharing.airdrop.readonly")
244.                         (require-any
245.                             (require-entitlement "com.apple.private.signing-identifier"
246.                                 (require-any
247.                                     (entitlement-value "com.apple.iBooks")
248.                                     (entitlement-value "com.apple.itunesu")
249.                                 )
250.                             )
251.                             (require-entitlement "com.apple.container2")
252.                         )
253.                     )
254.                 )
255.             )
256.             (require-all
257.                 (subpath-prefix "${HOME}/Media/Purchases")
258.                 (extension "com.apple.tcc.kTCCServiceMediaLibrary")
259.                 (require-any
260.                     (require-all
261.                         (extension-class "com.apple.app-sandbox.read")
262.                         (require-any
263.                             (require-entitlement "com.apple.private.signing-identifier"
264.                                 (require-any
265.                                     (entitlement-value "com.apple.iBooks")
266.                                     (entitlement-value "com.apple.itunesu")
267.                                 )
268.                             )
269.                             (require-entitlement "com.apple.container2")
270.                         )
271.                     )
272.                     (require-all
273.                         (extension-class "com.apple.sharing.airdrop.readonly")
274.                         (require-any
275.                             (require-entitlement "com.apple.private.signing-identifier"
276.                                 (require-any
277.                                     (entitlement-value "com.apple.iBooks")
278.                                     (entitlement-value "com.apple.itunesu")
279.                                 )
280.                             )
281.                             (require-entitlement "com.apple.container2")
282.                         )
283.                     )
284.                     (require-all
285.                         (extension-class "com.apple.mediaserverd.read")
286.                         (require-any
287.                             (require-entitlement "com.apple.private.signing-identifier"
288.                                 (require-any
289.                                     (entitlement-value "com.apple.iBooks")
290.                                     (entitlement-value "com.apple.itunesu")
291.                                 )
292.                             )
293.                             (require-entitlement "com.apple.container2")
294.                         )
295.                     )
296.                 )
297.             )
298.             (require-all
299.                 (subpath-prefix "${HOME}/Library/SpringBoard/PushStore/Attachments")
300.                 (extension-class "com.apple.mediaserverd.read")
301.                 (extension "com.apple.usernotifications.attachments.read-only")
302.             )
303.             (require-all
304.                 (extension-class "com.apple.mediaserverd.read")
305.                 (require-any
306.                     (extension "com.apple.security.exception.files.absolute-path.read-only")
307.                     (extension "com.apple.security.exception.files.absolute-path.read-write")
308.                     (extension "com.apple.security.exception.files.home-relative-path.read-only")
309.                     (extension "com.apple.security.exception.files.home-relative-path.read-write")
310.                     (require-all
311.                         (subpath-prefix "${HOME}/Media")
312.                         (extension "com.apple.tcc.kTCCServicePhotos")
313.                         (extension "com.apple.avasset.read-only")
314.                     )
315.                     (require-all
316.                         (extension "com.apple.sandbox.application-group")
317.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+$")
318.                         (subpath-prefix "${HOME}")
319.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
320.                     )
321.                     (require-all
322.                         (subpath-prefix "${HOME}/Library/Assets")
323.                         (extension "com.apple.assets.read")
324.                     )
325.                     (require-all
326.                         (subpath "/private/var/MobileAsset")
327.                         (extension "com.apple.assets.read")
328.                     )
329.                     (require-all
330.                         (subpath-prefix "${HOME}/Library/Mobile Documents")
331.                         (require-any
332.                             (extension "com.apple.librarian.ubiquity-container")
333.                             (require-entitlement "com.apple.private.librarian.container-proxy")
334.                         )
335.                     )
336.                 )
337.             )
338.             (require-all
339.                 (subpath-prefix "${HOME}")
340.                 (extension "com.apple.sandbox.application-group")
341.                 (require-any
342.                     (require-all
343.                         (extension-class "com.apple.mediaserverd.read-write")
344.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
345.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
346.                     )
347.                     (require-all
348.                         (extension-class "com.apple.nsurlsessiond.readonly")
349.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
350.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
351.                     )
352.                     (require-all
353.                         (extension-class "com.apple.quicklook.readonly")
354.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
355.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
356.                     )
357.                     (require-all
358.                         (extension-class "com.apple.sharing.airdrop.readonly")
359.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
360.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
361.                     )
362.                     (require-all
363.                         (extension-class "com.apple.wcd.readonly")
364.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
365.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
366.                     )
367.                 )
368.             )
369.             (require-all
370.                 (extension-class "com.apple.app-sandbox.read-write")
371.                 (require-any
372.                     (require-all
373.                         (subpath-prefix "${HOME}")
374.                         (extension "com.apple.sandbox.application-group")
375.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
376.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
377.                     )
378.                     (require-all
379.                         (extension-class "com.apple.app-sandbox.read")
380.                         (extension "com.apple.sandbox.application-group")
381.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+$")
382.                         (subpath-prefix "${HOME}")
383.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
384.                     )
385.                 )
386.             )
387.             (require-all
388.                 (extension-class "com.apple.app-sandbox.read")
389.                 (require-any
390.                     (require-all
391.                         (subpath-prefix "${HOME}")
392.                         (extension "com.apple.sandbox.application-group")
393.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
394.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
395.                     )
396.                     (require-all
397.                         (extension-class "com.apple.app-sandbox.read")
398.                         (extension "com.apple.sandbox.application-group")
399.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+$")
400.                         (subpath-prefix "${HOME}")
401.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
402.                     )
403.                 )
404.             )
405.             (require-all
406.                 (extension-class "com.apple.mediaserverd.read-write")
407.                 (require-any
408.                     (extension "com.apple.security.exception.files.absolute-path.read-write")
409.                     (extension "com.apple.security.exception.files.home-relative-path.read-write")
410.                     (extension "com.apple.app-sandbox.read-write")
411.                     (require-all
412.                         (extension-class "com.apple.mediaserverd.read-write")
413.                         (extension "com.apple.tcc.kTCCServicePhotos")
414.                         (require-any
415.                             (extension "com.apple.security.exception.files.absolute-path.read-write")
416.                             (extension "com.apple.security.exception.files.home-relative-path.read-write")
417.                         )
418.                     )
419.                 )
420.             )
421.             (require-all
422.                 (subpath-prefix "${HOME}/Library/Mobile Documents")
423.                 (require-any
424.                     (require-all
425.                         (extension-class "com.apple.quicklook.readonly")
426.                         (require-any
427.                             (extension "com.apple.librarian.ubiquity-container")
428.                             (require-entitlement "com.apple.private.librarian.container-proxy")
429.                         )
430.                     )
431.                     (require-all
432.                         (extension-class "com.apple.sharing.airdrop.readonly")
433.                         (require-any
434.                             (extension "com.apple.librarian.ubiquity-container")
435.                             (require-entitlement "com.apple.private.librarian.container-proxy")
436.                         )
437.                     )
438.                 )
439.             )
440.             (require-all
441.                 (subpath-prefix "${HOME}/Library/Mobile Documents")
442.                 (require-any
443.                     (require-all
444.                         (extension-class "com.apple.app-sandbox.read-write")
445.                         (require-any
446.                             (extension "com.apple.librarian.ubiquity-container")
447.                             (require-entitlement "com.apple.private.librarian.container-proxy")
448.                         )
449.                     )
450.                     (require-all
451.                         (extension-class "com.apple.app-sandbox.read")
452.                         (require-any
453.                             (extension "com.apple.librarian.ubiquity-container")
454.                             (require-entitlement "com.apple.private.librarian.container-proxy")
455.                         )
456.                     )
457.                 )
458.             )
459.             (require-all
460.                 (extension-class "com.apple.quicklook.readonly")
461.                 (vnode-type REGULAR-FILE)
462.                 (subpath-prefix "${HOME}/Library/Application Support/CloudDocs/session/r")
463.                 (extension "com.apple.clouddocs.version")
464.             )
465.             (require-all
466.                 (extension-class "com.apple.mediaserverd.read")
467.                 (require-any
468.                     (extension "com.apple.app-sandbox.read-write")
469.                     (require-all
470.                         (extension-class "com.apple.mediaserverd.read-write")
471.                         (extension "com.apple.tcc.kTCCServicePhotos")
472.                         (require-any
473.                             (extension "com.apple.security.exception.files.absolute-path.read-write")
474.                             (extension "com.apple.security.exception.files.home-relative-path.read-write")
475.                         )
476.                     )
477.                 )
478.             )
479.             (require-all
480.                 (extension-class "com.apple.mediaserverd.read-write")
481.                 (require-any
482.                     (extension "com.apple.app-sandbox.read-write")
483.                     (require-all
484.                         (extension-class "com.apple.mediaserverd.read-write")
485.                         (extension "com.apple.tcc.kTCCServicePhotos")
486.                         (require-any
487.                             (extension "com.apple.security.exception.files.absolute-path.read-write")
488.                             (extension "com.apple.security.exception.files.home-relative-path.read-write")
489.                         )
490.                     )
491.                 )
492.             )
493.             (require-all
494.                 (extension-class "com.apple.app-sandbox.read")
495.                 (require-any
496.                     (extension "com.apple.app-sandbox.read-write")
497.                     (require-all
498.                         (extension-class "com.apple.mediaserverd.read-write")
499.                         (extension "com.apple.tcc.kTCCServicePhotos")
500.                         (require-any
501.                             (extension "com.apple.security.exception.files.absolute-path.read-write")
502.                             (extension "com.apple.security.exception.files.home-relative-path.read-write")
503.                         )
504.                     )
505.                 )
506.             )
507.             (require-all
508.                 (extension-class "com.apple.app-sandbox.read-write")
509.                 (require-any
510.                     (extension "com.apple.app-sandbox.read-write")
511.                     (require-all
512.                         (extension-class "com.apple.mediaserverd.read-write")
513.                         (extension "com.apple.tcc.kTCCServicePhotos")
514.                         (require-any
515.                             (extension "com.apple.security.exception.files.absolute-path.read-write")
516.                             (extension "com.apple.security.exception.files.home-relative-path.read-write")
517.                         )
518.                     )
519.                 )
520.             )
521.             (require-all
522.                 (extension-class "com.apple.sharing.airdrop.readonly")
523.                 (require-any
524.                     (extension "com.apple.app-sandbox.read-write")
525.                     (require-all
526.                         (extension-class "com.apple.mediaserverd.read-write")
527.                         (extension "com.apple.tcc.kTCCServicePhotos")
528.                         (require-any
529.                             (extension "com.apple.security.exception.files.absolute-path.read-write")
530.                             (extension "com.apple.security.exception.files.home-relative-path.read-write")
531.                         )
532.                     )
533.                 )
534.             )
535.             (require-all
536.                 (extension-class "com.apple.nsurlstorage.extension-cache")
537.                 (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.iTunesStore.NSURLCache")
538.                 (require-entitlement "com.apple.itunesstored.private")
539.             )
540.             (require-all
541.                 (extension-class "com.apple.app-sandbox.read-write")
542.                 (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.iTunesStore.NSURLCache")
543.                 (require-entitlement "com.apple.itunesstored.private")
544.             )
545.             (require-all
546.                 (extension-class "com.apple.app-sandbox.read")
547.                 (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.iTunesStore.NSURLCache")
548.                 (require-entitlement "com.apple.itunesstored.private")
549.             )
550.             (require-all
551.                 (extension "com.apple.sandbox.system-group")
552.                 (require-any
553.                     (require-all
554.                         (require-entitlement "com.apple.security.system-groups")
555.                         (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/[.]com[.]apple[.]")
556.                         (require-any
557.                             (require-all
558.                                 (extension-class "com.apple.mediaserverd.read")
559.                                 (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/" #"^/private/var/containers/Shared/SystemGroup/[^/]+$")
560.                             )
561.                             (require-all
562.                                 (extension-class "com.apple.app-sandbox.read")
563.                                 (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/" #"^/private/var/containers/Shared/SystemGroup/[^/]+$")
564.                             )
565.                             (require-all
566.                                 (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/")
567.                                 (require-any
568.                                     (extension-class "com.apple.mediaserverd.read-write")
569.                                     (extension-class "com.apple.nsurlsessiond.readonly")
570.                                     (extension-class "com.apple.sharing.airdrop.readonly")
571.                                     (extension-class "com.apple.app-sandbox.read-write")
572.                                     (extension-class "com.apple.app-sandbox.read")
573.                                 )
574.                             )
575.                         )
576.                     )
577.                     (require-all
578.                         (require-entitlement "com.apple.security.system-group-containers")
579.                         (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/[.]com[.]apple[.]")
580.                         (require-any
581.                             (require-all
582.                                 (extension-class "com.apple.mediaserverd.read")
583.                                 (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/" #"^/private/var/containers/Shared/SystemGroup/[^/]+$")
584.                             )
585.                             (require-all
586.                                 (extension-class "com.apple.app-sandbox.read")
587.                                 (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/" #"^/private/var/containers/Shared/SystemGroup/[^/]+$")
588.                             )
589.                             (require-all
590.                                 (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/")
591.                                 (require-any
592.                                     (extension-class "com.apple.mediaserverd.read-write")
593.                                     (extension-class "com.apple.nsurlsessiond.readonly")
594.                                     (extension-class "com.apple.sharing.airdrop.readonly")
595.                                     (extension-class "com.apple.app-sandbox.read-write")
596.                                     (extension-class "com.apple.app-sandbox.read")
597.                                 )
598.                             )
599.                         )
600.                     )
601.                 )
602.             )
603.             (require-all
604.                 (extension "com.apple.sandbox.system-container")
605.                 (require-entitlement "com.apple.security.system-container")
606.             )
607.             (require-all
608.                 (require-entitlement "com.apple.private.signing-identifier"
609.                     (require-any
610.                         (require-all
611.                             (entitlement-value "com.apple.mobilemail")
612.                             (require-any
613.                                 (require-all
614.                                     (subpath-prefix "${HOME}/Library/Mail")
615.                                     (require-any
616.                                         (extension-class "com.apple.sharing.airdrop.readonly")
617.                                         (extension-class "com.apple.mediaserverd.read")
618.                                         (extension-class "com.apple.quicklook.readonly")
619.                                         (extension-class "com.apple.app-sandbox.read-write")
620.                                         (extension-class "com.apple.app-sandbox.read")
621.                                     )
622.                                 )
623.                                 (require-all
624.                                     (extension-class "com.apple.mediaserverd.read-write")
625.                                     (require-any
626.                                         (extension "com.apple.security.exception.files.absolute-path.read-write")
627.                                         (extension "com.apple.security.exception.files.home-relative-path.read-write")
628.                                     )
629.                                 )
630.                                 (require-all
631.                                     (extension-class "com.apple.mediaserverd.read")
632.                                     (require-any
633.                                         (extension "com.apple.security.exception.files.absolute-path.read-only")
634.                                         (extension "com.apple.security.exception.files.absolute-path.read-write")
635.                                         (extension "com.apple.security.exception.files.home-relative-path.read-only")
636.                                         (extension "com.apple.security.exception.files.home-relative-path.read-write")
637.                                     )
638.                                 )
639.                             )
640.                         )
641.                         (require-all
642.                             (subpath-prefix "${FRONT_USER_HOME}")
643.                             (entitlement-value "com.apple.SafariViewService")
644.                             (require-any
645.                                 (require-all
646.                                     (extension-class "com.apple.app-sandbox.read-write")
647.                                     (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$")
648.                                 )
649.                                 (require-all
650.                                     (extension-class "com.apple.app-sandbox.read")
651.                                     (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$")
652.                                 )
653.                             )
654.                         )
655.                         (require-all
656.                             (extension-class "com.apple.nsurlstorage.extension-cache")
657.                             (entitlement-value "com.apple.Music")
658.                             (require-any
659.                                 (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioRequestURLCache")
660.                                 (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioImageCache")
661.                             )
662.                         )
663.                         (require-all
664.                             (extension-class "com.apple.app-sandbox.read-write")
665.                             (require-any
666.                                 (require-all
667.                                     (entitlement-value "com.apple.Music")
668.                                     (require-any
669.                                         (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioRequestURLCache")
670.                                         (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioImageCache")
671.                                     )
672.                                 )
673.                                 (require-all
674.                                     (extension-class "com.apple.app-sandbox.read")
675.                                     (require-any
676.                                         (require-all
677.                                             (subpath-prefix "${HOME}/Media/DCIM")
678.                                             (require-any
679.                                                 (entitlement-value "com.apple.mobilesafari")
680.                                                 (entitlement-value "com.apple.webapp")
681.                                             )
682.                                         )
683.                                         (require-all
684.                                             (subpath-prefix "${HOME}/Library/Cookies")
685.                                             (require-any
686.                                                 (entitlement-value "com.apple.mobilesafari")
687.                                                 (entitlement-value "com.apple.webbookmarksd")
688.                                                 (entitlement-value "com.apple.safarifetcherd")
689.                                                 (entitlement-value "com.apple.Safari.SocialHelper")
690.                                             )
691.                                         )
692.                                     )
693.                                 )
694.                                 (require-all
695.                                     (extension-class "com.apple.app-sandbox.read-write")
696.                                     (subpath-prefix "${HOME}/Library/Cookies")
697.                                     (require-any
698.                                         (entitlement-value "com.apple.mobilesafari")
699.                                         (entitlement-value "com.apple.webbookmarksd")
700.                                         (entitlement-value "com.apple.safarifetcherd")
701.                                         (entitlement-value "com.apple.Safari.SocialHelper")
702.                                     )
703.                                 )
704.                             )
705.                         )
706.                         (require-all
707.                             (extension-class "com.apple.app-sandbox.read")
708.                             (require-any
709.                                 (require-all
710.                                     (entitlement-value "com.apple.Music")
711.                                     (require-any
712.                                         (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioRequestURLCache")
713.                                         (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioImageCache")
714.                                     )
715.                                 )
716.                                 (require-all
717.                                     (extension-class "com.apple.app-sandbox.read")
718.                                     (require-any
719.                                         (require-all
720.                                             (subpath-prefix "${HOME}/Media/DCIM")
721.                                             (require-any
722.                                                 (entitlement-value "com.apple.mobilesafari")
723.                                                 (entitlement-value "com.apple.webapp")
724.                                             )
725.                                         )
726.                                         (require-all
727.                                             (subpath-prefix "${HOME}/Library/Cookies")
728.                                             (require-any
729.                                                 (entitlement-value "com.apple.mobilesafari")
730.                                                 (entitlement-value "com.apple.webbookmarksd")
731.                                                 (entitlement-value "com.apple.safarifetcherd")
732.                                                 (entitlement-value "com.apple.Safari.SocialHelper")
733.                                             )
734.                                         )
735.                                     )
736.                                 )
737.                                 (require-all
738.                                     (extension-class "com.apple.app-sandbox.read-write")
739.                                     (subpath-prefix "${HOME}/Library/Cookies")
740.                                     (require-any
741.                                         (entitlement-value "com.apple.mobilesafari")
742.                                         (entitlement-value "com.apple.webbookmarksd")
743.                                         (entitlement-value "com.apple.safarifetcherd")
744.                                         (entitlement-value "com.apple.Safari.SocialHelper")
745.                                     )
746.                                 )
747.                             )
748.                         )
749.                         (require-all
750.                             (subpath-prefix "${HOME}/Library/CallServices/Ringtones")
751.                             (extension-class "com.apple.mediaserverd.read")
752.                             (entitlement-value "com.apple.InCallService")
753.                         )
754.                         (require-all
755.                             (extension-class "com.apple.sharing.airdrop.readonly")
756.                             (require-any
757.                                 (require-all
758.                                     (subpath-prefix "${HOME}/Library/Calendar")
759.                                     (entitlement-value "com.apple.mobilecal")
760.                                 )
761.                                 (require-all
762.                                     (extension-class "com.apple.sharing.airdrop.readonly")
763.                                     (require-any
764.                                         (require-all
765.                                             (subpath-prefix "${HOME}/Library/ReplayKit")
766.                                             (entitlement-value "com.apple.ReplayKit.RPVideoEditorExtension")
767.                                         )
768.                                         (require-all
769.                                             (entitlement-value "com.apple.UIKit.ShareUI")
770.                                             (extension "com.apple.sharing.airdrop.readonly")
771.                                         )
772.                                     )
773.                                 )
774.                             )
775.                         )
776.                         (require-all
777.                             (extension-class "com.apple.quicklook.readonly")
778.                             (require-any
779.                                 (require-all
780.                                     (subpath-prefix "${HOME}/Library/Calendar")
781.                                     (entitlement-value "com.apple.mobilecal")
782.                                 )
783.                                 (require-all
784.                                     (extension-class "com.apple.sharing.airdrop.readonly")
785.                                     (require-any
786.                                         (require-all
787.                                             (subpath-prefix "${HOME}/Library/ReplayKit")
788.                                             (entitlement-value "com.apple.ReplayKit.RPVideoEditorExtension")
789.                                         )
790.                                         (require-all
791.                                             (entitlement-value "com.apple.UIKit.ShareUI")
792.                                             (extension "com.apple.sharing.airdrop.readonly")
793.                                         )
794.                                     )
795.                                 )
796.                             )
797.                         )
798.                     )
799.                 )
800.             )
801.         )
802.     )
803.     (require-all
804.         (require-all
805.             (require-not (literal "/System/Library/Caches/apticket.der"))
806.             (require-not (subpath "/System/Library/Caches/com.apple.kernelcaches"))
807.             (require-not (subpath "/System/Library/Caches/com.apple.factorydata"))
808.         )
809.         (require-any
810.             (require-all
811.                 (subpath "/System/Library")
812.                 (extension-class "com.apple.app-sandbox.read")
813.             )
814.             (require-all
815.                 (extension-class "com.apple.nsurlsessiond.readonly")
816.                 (extension "com.apple.sandbox.executable")
817.             )
818.             (require-all
819.                 (subpath-prefix "${HOME}/Media/Books")
820.                 (require-any
821.                     (require-all
822.                         (extension-class "com.apple.app-sandbox.read")
823.                         (require-any
824.                             (require-entitlement "com.apple.private.signing-identifier"
825.                                 (require-any
826.                                     (entitlement-value "com.apple.iBooks")
827.                                     (entitlement-value "com.apple.itunesu")
828.                                 )
829.                             )
830.                             (require-entitlement "com.apple.container2")
831.                         )
832.                     )
833.                     (require-all
834.                         (extension-class "com.apple.mediaserverd.read")
835.                         (require-any
836.                             (require-entitlement "com.apple.private.signing-identifier"
837.                                 (require-any
838.                                     (entitlement-value "com.apple.iBooks")
839.                                     (entitlement-value "com.apple.itunesu")
840.                                 )
841.                             )
842.                             (require-entitlement "com.apple.container2")
843.                         )
844.                     )
845.                     (require-all
846.                         (extension-class "com.apple.quicklook.readonly")
847.                         (require-any
848.                             (require-entitlement "com.apple.private.signing-identifier"
849.                                 (require-any
850.                                     (entitlement-value "com.apple.iBooks")
851.                                     (entitlement-value "com.apple.itunesu")
852.                                 )
853.                             )
854.                             (require-entitlement "com.apple.container2")
855.                         )
856.                     )
857.                     (require-all
858.                         (extension-class "com.apple.sharing.airdrop.readonly")
859.                         (require-any
860.                             (require-entitlement "com.apple.private.signing-identifier"
861.                                 (require-any
862.                                     (entitlement-value "com.apple.iBooks")
863.                                     (entitlement-value "com.apple.itunesu")
864.                                 )
865.                             )
866.                             (require-entitlement "com.apple.container2")
867.                         )
868.                     )
869.                 )
870.             )
871.             (require-all
872.                 (subpath-prefix "${HOME}/Media/Podcasts")
873.                 (require-any
874.                     (require-all
875.                         (extension-class "com.apple.app-sandbox.read")
876.                         (require-any
877.                             (require-entitlement "com.apple.private.signing-identifier"
878.                                 (require-any
879.                                     (entitlement-value "com.apple.iBooks")
880.                                     (entitlement-value "com.apple.itunesu")
881.                                 )
882.                             )
883.                             (require-entitlement "com.apple.container2")
884.                         )
885.                     )
886.                     (require-all
887.                         (extension-class "com.apple.mediaserverd.read")
888.                         (require-any
889.                             (require-entitlement "com.apple.private.signing-identifier"
890.                                 (require-any
891.                                     (entitlement-value "com.apple.iBooks")
892.                                     (entitlement-value "com.apple.itunesu")
893.                                 )
894.                             )
895.                             (require-entitlement "com.apple.container2")
896.                         )
897.                     )
898.                     (require-all
899.                         (extension-class "com.apple.quicklook.readonly")
900.                         (require-any
901.                             (require-entitlement "com.apple.private.signing-identifier"
902.                                 (require-any
903.                                     (entitlement-value "com.apple.iBooks")
904.                                     (entitlement-value "com.apple.itunesu")
905.                                 )
906.                             )
907.                             (require-entitlement "com.apple.container2")
908.                         )
909.                     )
910.                     (require-all
911.                         (extension-class "com.apple.sharing.airdrop.readonly")
912.                         (require-any
913.                             (require-entitlement "com.apple.private.signing-identifier"
914.                                 (require-any
915.                                     (entitlement-value "com.apple.iBooks")
916.                                     (entitlement-value "com.apple.itunesu")
917.                                 )
918.                             )
919.                             (require-entitlement "com.apple.container2")
920.                         )
921.                     )
922.                 )
923.             )
924.             (require-all
925.                 (subpath-prefix "${HOME}/Media/Purchases")
926.                 (extension "com.apple.tcc.kTCCServiceMediaLibrary")
927.                 (require-any
928.                     (require-all
929.                         (extension-class "com.apple.app-sandbox.read")
930.                         (require-any
931.                             (require-entitlement "com.apple.private.signing-identifier"
932.                                 (require-any
933.                                     (entitlement-value "com.apple.iBooks")
934.                                     (entitlement-value "com.apple.itunesu")
935.                                 )
936.                             )
937.                             (require-entitlement "com.apple.container2")
938.                         )
939.                     )
940.                     (require-all
941.                         (extension-class "com.apple.sharing.airdrop.readonly")
942.                         (require-any
943.                             (require-entitlement "com.apple.private.signing-identifier"
944.                                 (require-any
945.                                     (entitlement-value "com.apple.iBooks")
946.                                     (entitlement-value "com.apple.itunesu")
947.                                 )
948.                             )
949.                             (require-entitlement "com.apple.container2")
950.                         )
951.                     )
952.                     (require-all
953.                         (extension-class "com.apple.mediaserverd.read")
954.                         (require-any
955.                             (require-entitlement "com.apple.private.signing-identifier"
956.                                 (require-any
957.                                     (entitlement-value "com.apple.iBooks")
958.                                     (entitlement-value "com.apple.itunesu")
959.                                 )
960.                             )
961.                             (require-entitlement "com.apple.container2")
962.                         )
963.                     )
964.                 )
965.             )
966.             (require-all
967.                 (subpath-prefix "${HOME}/Library/SpringBoard/PushStore/Attachments")
968.                 (extension-class "com.apple.mediaserverd.read")
969.                 (extension "com.apple.usernotifications.attachments.read-only")
970.             )
971.             (require-all
972.                 (extension-class "com.apple.mediaserverd.read")
973.                 (require-any
974.                     (extension "com.apple.security.exception.files.absolute-path.read-only")
975.                     (extension "com.apple.security.exception.files.absolute-path.read-write")
976.                     (extension "com.apple.security.exception.files.home-relative-path.read-only")
977.                     (extension "com.apple.security.exception.files.home-relative-path.read-write")
978.                     (require-all
979.                         (subpath-prefix "${HOME}/Media")
980.                         (extension "com.apple.tcc.kTCCServicePhotos")
981.                         (extension "com.apple.avasset.read-only")
982.                     )
983.                     (require-all
984.                         (extension "com.apple.sandbox.application-group")
985.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+$")
986.                         (subpath-prefix "${HOME}")
987.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
988.                     )
989.                     (require-all
990.                         (subpath-prefix "${HOME}/Library/Assets")
991.                         (extension "com.apple.assets.read")
992.                     )
993.                     (require-all
994.                         (subpath "/private/var/MobileAsset")
995.                         (extension "com.apple.assets.read")
996.                     )
997.                     (require-all
998.                         (subpath-prefix "${HOME}/Library/Mobile Documents")
999.                         (require-any
1000.                             (extension "com.apple.librarian.ubiquity-container")
1001.                             (require-entitlement "com.apple.private.librarian.container-proxy")
1002.                         )
1003.                     )
1004.                 )
1005.             )
1006.             (require-all
1007.                 (subpath-prefix "${HOME}")
1008.                 (extension "com.apple.sandbox.application-group")
1009.                 (require-any
1010.                     (require-all
1011.                         (extension-class "com.apple.mediaserverd.read-write")
1012.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
1013.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
1014.                     )
1015.                     (require-all
1016.                         (extension-class "com.apple.nsurlsessiond.readonly")
1017.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
1018.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
1019.                     )
1020.                     (require-all
1021.                         (extension-class "com.apple.quicklook.readonly")
1022.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
1023.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
1024.                     )
1025.                     (require-all
1026.                         (extension-class "com.apple.sharing.airdrop.readonly")
1027.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
1028.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
1029.                     )
1030.                     (require-all
1031.                         (extension-class "com.apple.wcd.readonly")
1032.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
1033.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
1034.                     )
1035.                 )
1036.             )
1037.             (require-all
1038.                 (extension-class "com.apple.app-sandbox.read-write")
1039.                 (require-any
1040.                     (require-all
1041.                         (subpath-prefix "${HOME}")
1042.                         (extension "com.apple.sandbox.application-group")
1043.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
1044.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
1045.                     )
1046.                     (require-all
1047.                         (extension-class "com.apple.app-sandbox.read")
1048.                         (extension "com.apple.sandbox.application-group")
1049.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+$")
1050.                         (subpath-prefix "${HOME}")
1051.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
1052.                     )
1053.                 )
1054.             )
1055.             (require-all
1056.                 (extension-class "com.apple.app-sandbox.read")
1057.                 (require-any
1058.                     (require-all
1059.                         (subpath-prefix "${HOME}")
1060.                         (extension "com.apple.sandbox.application-group")
1061.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
1062.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
1063.                     )
1064.                     (require-all
1065.                         (extension-class "com.apple.app-sandbox.read")
1066.                         (extension "com.apple.sandbox.application-group")
1067.                         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+$")
1068.                         (subpath-prefix "${HOME}")
1069.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
1070.                     )
1071.                 )
1072.             )
1073.             (require-all
1074.                 (extension-class "com.apple.mediaserverd.read-write")
1075.                 (require-any
1076.                     (extension "com.apple.security.exception.files.absolute-path.read-write")
1077.                     (extension "com.apple.security.exception.files.home-relative-path.read-write")
1078.                     (extension "com.apple.app-sandbox.read-write")
1079.                     (require-all
1080.                         (extension-class "com.apple.mediaserverd.read-write")
1081.                         (extension "com.apple.tcc.kTCCServicePhotos")
1082.                         (require-any
1083.                             (extension "com.apple.security.exception.files.absolute-path.read-write")
1084.                             (extension "com.apple.security.exception.files.home-relative-path.read-write")
1085.                         )
1086.                     )
1087.                 )
1088.             )
1089.             (require-all
1090.                 (subpath-prefix "${HOME}/Library/Mobile Documents")
1091.                 (require-any
1092.                     (require-all
1093.                         (extension-class "com.apple.quicklook.readonly")
1094.                         (require-any
1095.                             (extension "com.apple.librarian.ubiquity-container")
1096.                             (require-entitlement "com.apple.private.librarian.container-proxy")
1097.                         )
1098.                     )
1099.                     (require-all
1100.                         (extension-class "com.apple.sharing.airdrop.readonly")
1101.                         (require-any
1102.                             (extension "com.apple.librarian.ubiquity-container")
1103.                             (require-entitlement "com.apple.private.librarian.container-proxy")
1104.                         )
1105.                     )
1106.                 )
1107.             )
1108.             (require-all
1109.                 (subpath-prefix "${HOME}/Library/Mobile Documents")
1110.                 (require-any
1111.                     (require-all
1112.                         (extension-class "com.apple.app-sandbox.read-write")
1113.                         (require-any
1114.                             (extension "com.apple.librarian.ubiquity-container")
1115.                             (require-entitlement "com.apple.private.librarian.container-proxy")
1116.                         )
1117.                     )
1118.                     (require-all
1119.                         (extension-class "com.apple.app-sandbox.read")
1120.                         (require-any
1121.                             (extension "com.apple.librarian.ubiquity-container")
1122.                             (require-entitlement "com.apple.private.librarian.container-proxy")
1123.                         )
1124.                     )
1125.                 )
1126.             )
1127.             (require-all
1128.                 (extension-class "com.apple.quicklook.readonly")
1129.                 (vnode-type REGULAR-FILE)
1130.                 (subpath-prefix "${HOME}/Library/Application Support/CloudDocs/session/r")
1131.                 (extension "com.apple.clouddocs.version")
1132.             )
1133.             (require-all
1134.                 (extension-class "com.apple.mediaserverd.read")
1135.                 (require-any
1136.                     (extension "com.apple.app-sandbox.read-write")
1137.                     (require-all
1138.                         (extension-class "com.apple.mediaserverd.read-write")
1139.                         (extension "com.apple.tcc.kTCCServicePhotos")
1140.                         (require-any
1141.                             (extension "com.apple.security.exception.files.absolute-path.read-write")
1142.                             (extension "com.apple.security.exception.files.home-relative-path.read-write")
1143.                         )
1144.                     )
1145.                 )
1146.             )
1147.             (require-all
1148.                 (extension-class "com.apple.mediaserverd.read-write")
1149.                 (require-any
1150.                     (extension "com.apple.app-sandbox.read-write")
1151.                     (require-all
1152.                         (extension-class "com.apple.mediaserverd.read-write")
1153.                         (extension "com.apple.tcc.kTCCServicePhotos")
1154.                         (require-any
1155.                             (extension "com.apple.security.exception.files.absolute-path.read-write")
1156.                             (extension "com.apple.security.exception.files.home-relative-path.read-write")
1157.                         )
1158.                     )
1159.                 )
1160.             )
1161.             (require-all
1162.                 (extension-class "com.apple.app-sandbox.read")
1163.                 (require-any
1164.                     (extension "com.apple.app-sandbox.read-write")
1165.                     (require-all
1166.                         (extension-class "com.apple.mediaserverd.read-write")
1167.                         (extension "com.apple.tcc.kTCCServicePhotos")
1168.                         (require-any
1169.                             (extension "com.apple.security.exception.files.absolute-path.read-write")
1170.                             (extension "com.apple.security.exception.files.home-relative-path.read-write")
1171.                         )
1172.                     )
1173.                 )
1174.             )
1175.             (require-all
1176.                 (extension-class "com.apple.app-sandbox.read-write")
1177.                 (require-any
1178.                     (extension "com.apple.app-sandbox.read-write")
1179.                     (require-all
1180.                         (extension-class "com.apple.mediaserverd.read-write")
1181.                         (extension "com.apple.tcc.kTCCServicePhotos")
1182.                         (require-any
1183.                             (extension "com.apple.security.exception.files.absolute-path.read-write")
1184.                             (extension "com.apple.security.exception.files.home-relative-path.read-write")
1185.                         )
1186.                     )
1187.                 )
1188.             )
1189.             (require-all
1190.                 (extension-class "com.apple.sharing.airdrop.readonly")
1191.                 (require-any
1192.                     (extension "com.apple.app-sandbox.read-write")
1193.                     (require-all
1194.                         (extension-class "com.apple.mediaserverd.read-write")
1195.                         (extension "com.apple.tcc.kTCCServicePhotos")
1196.                         (require-any
1197.                             (extension "com.apple.security.exception.files.absolute-path.read-write")
1198.                             (extension "com.apple.security.exception.files.home-relative-path.read-write")
1199.                         )
1200.                     )
1201.                 )
1202.             )
1203.             (require-all
1204.                 (extension-class "com.apple.nsurlstorage.extension-cache")
1205.                 (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.iTunesStore.NSURLCache")
1206.                 (require-entitlement "com.apple.itunesstored.private")
1207.             )
1208.             (require-all
1209.                 (extension-class "com.apple.app-sandbox.read-write")
1210.                 (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.iTunesStore.NSURLCache")
1211.                 (require-entitlement "com.apple.itunesstored.private")
1212.             )
1213.             (require-all
1214.                 (extension-class "com.apple.app-sandbox.read")
1215.                 (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.iTunesStore.NSURLCache")
1216.                 (require-entitlement "com.apple.itunesstored.private")
1217.             )
1218.             (require-all
1219.                 (extension "com.apple.sandbox.system-group")
1220.                 (require-any
1221.                     (require-all
1222.                         (require-entitlement "com.apple.security.system-groups")
1223.                         (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/[.]com[.]apple[.]")
1224.                         (require-any
1225.                             (require-all
1226.                                 (extension-class "com.apple.mediaserverd.read")
1227.                                 (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/" #"^/private/var/containers/Shared/SystemGroup/[^/]+$")
1228.                             )
1229.                             (require-all
1230.                                 (extension-class "com.apple.app-sandbox.read")
1231.                                 (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/" #"^/private/var/containers/Shared/SystemGroup/[^/]+$")
1232.                             )
1233.                             (require-all
1234.                                 (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/")
1235.                                 (require-any
1236.                                     (extension-class "com.apple.mediaserverd.read-write")
1237.                                     (extension-class "com.apple.nsurlsessiond.readonly")
1238.                                     (extension-class "com.apple.sharing.airdrop.readonly")
1239.                                     (extension-class "com.apple.app-sandbox.read-write")
1240.                                     (extension-class "com.apple.app-sandbox.read")
1241.                                 )
1242.                             )
1243.                         )
1244.                     )
1245.                     (require-all
1246.                         (require-entitlement "com.apple.security.system-group-containers")
1247.                         (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/[.]com[.]apple[.]")
1248.                         (require-any
1249.                             (require-all
1250.                                 (extension-class "com.apple.mediaserverd.read")
1251.                                 (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/" #"^/private/var/containers/Shared/SystemGroup/[^/]+$")
1252.                             )
1253.                             (require-all
1254.                                 (extension-class "com.apple.app-sandbox.read")
1255.                                 (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/" #"^/private/var/containers/Shared/SystemGroup/[^/]+$")
1256.                             )
1257.                             (require-all
1258.                                 (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/")
1259.                                 (require-any
1260.                                     (extension-class "com.apple.mediaserverd.read-write")
1261.                                     (extension-class "com.apple.nsurlsessiond.readonly")
1262.                                     (extension-class "com.apple.sharing.airdrop.readonly")
1263.                                     (extension-class "com.apple.app-sandbox.read-write")
1264.                                     (extension-class "com.apple.app-sandbox.read")
1265.                                 )
1266.                             )
1267.                         )
1268.                     )
1269.                 )
1270.             )
1271.             (require-all
1272.                 (extension "com.apple.sandbox.system-container")
1273.                 (require-entitlement "com.apple.security.system-container")
1274.             )
1275.             (require-all
1276.                 (require-entitlement "com.apple.private.signing-identifier"
1277.                     (require-any
1278.                         (require-all
1279.                             (entitlement-value "com.apple.mobilemail")
1280.                             (require-any
1281.                                 (require-all
1282.                                     (subpath-prefix "${HOME}/Library/Mail")
1283.                                     (require-any
1284.                                         (extension-class "com.apple.sharing.airdrop.readonly")
1285.                                         (extension-class "com.apple.mediaserverd.read")
1286.                                         (extension-class "com.apple.quicklook.readonly")
1287.                                         (extension-class "com.apple.app-sandbox.read-write")
1288.                                         (extension-class "com.apple.app-sandbox.read")
1289.                                     )
1290.                                 )
1291.                                 (require-all
1292.                                     (extension-class "com.apple.mediaserverd.read-write")
1293.                                     (require-any
1294.                                         (extension "com.apple.security.exception.files.absolute-path.read-write")
1295.                                         (extension "com.apple.security.exception.files.home-relative-path.read-write")
1296.                                     )
1297.                                 )
1298.                                 (require-all
1299.                                     (extension-class "com.apple.mediaserverd.read")
1300.                                     (require-any
1301.                                         (extension "com.apple.security.exception.files.absolute-path.read-only")
1302.                                         (extension "com.apple.security.exception.files.absolute-path.read-write")
1303.                                         (extension "com.apple.security.exception.files.home-relative-path.read-only")
1304.                                         (extension "com.apple.security.exception.files.home-relative-path.read-write")
1305.                                     )
1306.                                 )
1307.                             )
1308.                         )
1309.                         (require-all
1310.                             (subpath-prefix "${FRONT_USER_HOME}")
1311.                             (entitlement-value "com.apple.SafariViewService")
1312.                             (require-any
1313.                                 (require-all
1314.                                     (extension-class "com.apple.app-sandbox.read-write")
1315.                                     (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$")
1316.                                 )
1317.                                 (require-all
1318.                                     (extension-class "com.apple.app-sandbox.read")
1319.                                     (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$")
1320.                                 )
1321.                             )
1322.                         )
1323.                         (require-all
1324.                             (extension-class "com.apple.nsurlstorage.extension-cache")
1325.                             (entitlement-value "com.apple.Music")
1326.                             (require-any
1327.                                 (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioRequestURLCache")
1328.                                 (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioImageCache")
1329.                             )
1330.                         )
1331.                         (require-all
1332.                             (extension-class "com.apple.app-sandbox.read-write")
1333.                             (require-any
1334.                                 (require-all
1335.                                     (entitlement-value "com.apple.Music")
1336.                                     (require-any
1337.                                         (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioRequestURLCache")
1338.                                         (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioImageCache")
1339.                                     )
1340.                                 )
1341.                                 (require-all
1342.                                     (extension-class "com.apple.app-sandbox.read")
1343.                                     (require-any
1344.                                         (require-all
1345.                                             (subpath-prefix "${HOME}/Media/DCIM")
1346.                                             (require-any
1347.                                                 (entitlement-value "com.apple.mobilesafari")
1348.                                                 (entitlement-value "com.apple.webapp")
1349.                                             )
1350.                                         )
1351.                                         (require-all
1352.                                             (subpath-prefix "${HOME}/Library/Cookies")
1353.                                             (require-any
1354.                                                 (entitlement-value "com.apple.mobilesafari")
1355.                                                 (entitlement-value "com.apple.webbookmarksd")
1356.                                                 (entitlement-value "com.apple.safarifetcherd")
1357.                                                 (entitlement-value "com.apple.Safari.SocialHelper")
1358.                                             )
1359.                                         )
1360.                                     )
1361.                                 )
1362.                                 (require-all
1363.                                     (extension-class "com.apple.app-sandbox.read-write")
1364.                                     (subpath-prefix "${HOME}/Library/Cookies")
1365.                                     (require-any
1366.                                         (entitlement-value "com.apple.mobilesafari")
1367.                                         (entitlement-value "com.apple.webbookmarksd")
1368.                                         (entitlement-value "com.apple.safarifetcherd")
1369.                                         (entitlement-value "com.apple.Safari.SocialHelper")
1370.                                     )
1371.                                 )
1372.                             )
1373.                         )
1374.                         (require-all
1375.                             (extension-class "com.apple.app-sandbox.read")
1376.                             (require-any
1377.                                 (require-all
1378.                                     (entitlement-value "com.apple.Music")
1379.                                     (require-any
1380.                                         (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioRequestURLCache")
1381.                                         (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioImageCache")
1382.                                     )
1383.                                 )
1384.                                 (require-all
1385.                                     (extension-class "com.apple.app-sandbox.read")
1386.                                     (require-any
1387.                                         (require-all
1388.                                             (subpath-prefix "${HOME}/Media/DCIM")
1389.                                             (require-any
1390.                                                 (entitlement-value "com.apple.mobilesafari")
1391.                                                 (entitlement-value "com.apple.webapp")
1392.                                             )
1393.                                         )
1394.                                         (require-all
1395.                                             (subpath-prefix "${HOME}/Library/Cookies")
1396.                                             (require-any
1397.                                                 (entitlement-value "com.apple.mobilesafari")
1398.                                                 (entitlement-value "com.apple.webbookmarksd")
1399.                                                 (entitlement-value "com.apple.safarifetcherd")
1400.                                                 (entitlement-value "com.apple.Safari.SocialHelper")
1401.                                             )
1402.                                         )
1403.                                     )
1404.                                 )
1405.                                 (require-all
1406.                                     (extension-class "com.apple.app-sandbox.read-write")
1407.                                     (subpath-prefix "${HOME}/Library/Cookies")
1408.                                     (require-any
1409.                                         (entitlement-value "com.apple.mobilesafari")
1410.                                         (entitlement-value "com.apple.webbookmarksd")
1411.                                         (entitlement-value "com.apple.safarifetcherd")
1412.                                         (entitlement-value "com.apple.Safari.SocialHelper")
1413.                                     )
1414.                                 )
1415.                             )
1416.                         )
1417.                         (require-all
1418.                             (subpath-prefix "${HOME}/Library/CallServices/Ringtones")
1419.                             (extension-class "com.apple.mediaserverd.read")
1420.                             (entitlement-value "com.apple.InCallService")
1421.                         )
1422.                         (require-all
1423.                             (extension-class "com.apple.sharing.airdrop.readonly")
1424.                             (require-any
1425.                                 (require-all
1426.                                     (subpath-prefix "${HOME}/Library/Calendar")
1427.                                     (entitlement-value "com.apple.mobilecal")
1428.                                 )
1429.                                 (require-all
1430.                                     (extension-class "com.apple.sharing.airdrop.readonly")
1431.                                     (require-any
1432.                                         (require-all
1433.                                             (subpath-prefix "${HOME}/Library/ReplayKit")
1434.                                             (entitlement-value "com.apple.ReplayKit.RPVideoEditorExtension")
1435.                                         )
1436.                                         (require-all
1437.                                             (entitlement-value "com.apple.UIKit.ShareUI")
1438.                                             (extension "com.apple.sharing.airdrop.readonly")
1439.                                         )
1440.                                     )
1441.                                 )
1442.                             )
1443.                         )
1444.                         (require-all
1445.                             (extension-class "com.apple.quicklook.readonly")
1446.                             (require-any
1447.                                 (require-all
1448.                                     (subpath-prefix "${HOME}/Library/Calendar")
1449.                                     (entitlement-value "com.apple.mobilecal")
1450.                                 )
1451.                                 (require-all
1452.                                     (extension-class "com.apple.sharing.airdrop.readonly")
1453.                                     (require-any
1454.                                         (require-all
1455.                                             (subpath-prefix "${HOME}/Library/ReplayKit")
1456.                                             (entitlement-value "com.apple.ReplayKit.RPVideoEditorExtension")
1457.                                         )
1458.                                         (require-all
1459.                                             (entitlement-value "com.apple.UIKit.ShareUI")
1460.                                             (extension "com.apple.sharing.airdrop.readonly")
1461.                                         )
1462.                                     )
1463.                                 )
1464.                             )
1465.                         )
1466.                     )
1467.                 )
1468.             )
1469.         )
1470.     )
1471.     (require-all
1472.         (regex #"^/private/var/containers/Data/System/[^/]+/[.]com[.]apple[.]")
1473.         (require-any
1474.             (require-all
1475.                 (extension-class "com.apple.mediaserverd.read")
1476.                 (regex #"^/private/var/containers/Data/System/[^/]+/" #"^/private/var/containers/Data/System/[^/]+$")
1477.             )
1478.             (require-all
1479.                 (extension-class "com.apple.app-sandbox.read")
1480.                 (regex #"^/private/var/containers/Data/System/[^/]+/" #"^/private/var/containers/Data/System/[^/]+$")
1481.             )
1482.             (require-all
1483.                 (regex #"^/private/var/containers/Data/System/[^/]+/")
1484.                 (require-any
1485.                     (extension-class "com.apple.mediaserverd.read-write")
1486.                     (extension-class "com.apple.nsurlsessiond.readonly")
1487.                     (extension-class "com.apple.sharing.airdrop.readonly")
1488.                     (extension-class "com.apple.app-sandbox.read-write")
1489.                     (extension-class "com.apple.app-sandbox.read")
1490.                 )
1491.             )
1492.         )
1493.     )
1494.     (require-all
1495.         (extension "com.apple.librarian.ubiquity-container")
1496.         (subpath-prefix "${HOME}/Library/Mobile Documents")
1497.         (require-any
1498.             (extension-class "com.apple.mediaserverd.read")
1499.             (extension-class "com.apple.quicklook.readonly")
1500.             (extension-class "com.apple.sharing.airdrop.readonly")
1501.             (extension-class "com.apple.app-sandbox.read-write")
1502.             (extension-class "com.apple.app-sandbox.read")
1503.         )
1504.     )
1505.     (require-all
1506.         (extension-class "com.apple.mediaserverd.read-write")
1507.         (require-any
1508.             (extension "com.apple.security.exception.files.home-relative-path.read-write")
1509.             (extension "com.apple.app-sandbox.read-write")
1510.             (extension "com.apple.security.exception.files.absolute-path.read-write")
1511.             (require-all
1512.                 (extension-class "com.apple.app-sandbox.read")
1513.                 (extension "com.apple.sandbox.container")
1514.                 (require-any
1515.                     (require-all
1516.                         (subpath-prefix "${FRONT_USER_HOME}")
1517.                         (require-any
1518.                             (require-all
1519.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
1520.                                 (require-any
1521.                                     (extension-class "com.apple.app-sandbox.read")
1522.                                     (extension-class "com.apple.mediaserverd.read-write")
1523.                                     (extension-class "com.apple.quicklook.readonly")
1524.                                     (extension-class "com.apple.sharing.airdrop.readonly")
1525.                                     (extension-class "com.apple.nsurlsessiond.readonly")
1526.                                     (extension-class "com.apple.wcd.readonly")
1527.                                     (extension-class "com.apple.app-sandbox.read-write")
1528.                                     (extension-class "com.apple.mediaserverd.read")
1529.                                 )
1530.                             )
1531.                             (require-all
1532.                                 (extension-class "com.apple.corespotlightservice.read-write")
1533.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
1534.                             )
1535.                             (require-all
1536.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
1537.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
1538.                             )
1539.                             (require-all
1540.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
1541.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
1542.                             )
1543.                         )
1544.                     )
1545.                     (require-all
1546.                         (extension-class "com.apple.app-sandbox.read")
1547.                         (require-any
1548.                             (require-all
1549.                                 (subpath-prefix "${FRONT_USER_HOME}")
1550.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
1551.                             )
1552.                             (require-all
1553.                                 (subpath-prefix "${FRONT_USER_HOME}")
1554.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
1555.                             )
1556.                         )
1557.                     )
1558.                 )
1559.             )
1560.             (require-all
1561.                 (extension-class "com.apple.mediaserverd.read")
1562.                 (extension "com.apple.sandbox.container")
1563.                 (require-any
1564.                     (require-all
1565.                         (subpath-prefix "${FRONT_USER_HOME}")
1566.                         (require-any
1567.                             (require-all
1568.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
1569.                                 (require-any
1570.                                     (extension-class "com.apple.app-sandbox.read")
1571.                                     (extension-class "com.apple.mediaserverd.read-write")
1572.                                     (extension-class "com.apple.quicklook.readonly")
1573.                                     (extension-class "com.apple.sharing.airdrop.readonly")
1574.                                     (extension-class "com.apple.nsurlsessiond.readonly")
1575.                                     (extension-class "com.apple.wcd.readonly")
1576.                                     (extension-class "com.apple.app-sandbox.read-write")
1577.                                     (extension-class "com.apple.mediaserverd.read")
1578.                                 )
1579.                             )
1580.                             (require-all
1581.                                 (extension-class "com.apple.corespotlightservice.read-write")
1582.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
1583.                             )
1584.                             (require-all
1585.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
1586.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
1587.                             )
1588.                             (require-all
1589.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
1590.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
1591.                             )
1592.                         )
1593.                     )
1594.                     (require-all
1595.                         (extension-class "com.apple.app-sandbox.read")
1596.                         (require-any
1597.                             (require-all
1598.                                 (subpath-prefix "${FRONT_USER_HOME}")
1599.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
1600.                             )
1601.                             (require-all
1602.                                 (subpath-prefix "${FRONT_USER_HOME}")
1603.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
1604.                             )
1605.                         )
1606.                     )
1607.                 )
1608.             )
1609.             (require-all
1610.                 (extension-class "com.apple.quicklook.readonly")
1611.                 (extension "com.apple.sandbox.container")
1612.                 (require-any
1613.                     (require-all
1614.                         (subpath-prefix "${FRONT_USER_HOME}")
1615.                         (require-any
1616.                             (require-all
1617.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
1618.                                 (require-any
1619.                                     (extension-class "com.apple.app-sandbox.read")
1620.                                     (extension-class "com.apple.mediaserverd.read-write")
1621.                                     (extension-class "com.apple.quicklook.readonly")
1622.                                     (extension-class "com.apple.sharing.airdrop.readonly")
1623.                                     (extension-class "com.apple.nsurlsessiond.readonly")
1624.                                     (extension-class "com.apple.wcd.readonly")
1625.                                     (extension-class "com.apple.app-sandbox.read-write")
1626.                                     (extension-class "com.apple.mediaserverd.read")
1627.                                 )
1628.                             )
1629.                             (require-all
1630.                                 (extension-class "com.apple.corespotlightservice.read-write")
1631.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
1632.                             )
1633.                             (require-all
1634.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
1635.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
1636.                             )
1637.                             (require-all
1638.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
1639.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
1640.                             )
1641.                         )
1642.                     )
1643.                     (require-all
1644.                         (extension-class "com.apple.app-sandbox.read")
1645.                         (require-any
1646.                             (require-all
1647.                                 (subpath-prefix "${FRONT_USER_HOME}")
1648.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
1649.                             )
1650.                             (require-all
1651.                                 (subpath-prefix "${FRONT_USER_HOME}")
1652.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
1653.                             )
1654.                         )
1655.                     )
1656.                 )
1657.             )
1658.             (require-all
1659.                 (extension-class "com.apple.sharing.airdrop.readonly")
1660.                 (extension "com.apple.sandbox.container")
1661.                 (require-any
1662.                     (require-all
1663.                         (subpath-prefix "${FRONT_USER_HOME}")
1664.                         (require-any
1665.                             (require-all
1666.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
1667.                                 (require-any
1668.                                     (extension-class "com.apple.app-sandbox.read")
1669.                                     (extension-class "com.apple.mediaserverd.read-write")
1670.                                     (extension-class "com.apple.quicklook.readonly")
1671.                                     (extension-class "com.apple.sharing.airdrop.readonly")
1672.                                     (extension-class "com.apple.nsurlsessiond.readonly")
1673.                                     (extension-class "com.apple.wcd.readonly")
1674.                                     (extension-class "com.apple.app-sandbox.read-write")
1675.                                     (extension-class "com.apple.mediaserverd.read")
1676.                                 )
1677.                             )
1678.                             (require-all
1679.                                 (extension-class "com.apple.corespotlightservice.read-write")
1680.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
1681.                             )
1682.                             (require-all
1683.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
1684.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
1685.                             )
1686.                             (require-all
1687.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
1688.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
1689.                             )
1690.                         )
1691.                     )
1692.                     (require-all
1693.                         (extension-class "com.apple.app-sandbox.read")
1694.                         (require-any
1695.                             (require-all
1696.                                 (subpath-prefix "${FRONT_USER_HOME}")
1697.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
1698.                             )
1699.                             (require-all
1700.                                 (subpath-prefix "${FRONT_USER_HOME}")
1701.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
1702.                             )
1703.                         )
1704.                     )
1705.                 )
1706.             )
1707.         )
1708.     )
1709.     (require-all
1710.         (extension-class "com.apple.mediaserverd.read")
1711.         (require-any
1712.             (extension "com.apple.security.exception.files.home-relative-path.read-write")
1713.             (extension "com.apple.app-sandbox.read-write")
1714.             (extension "com.apple.security.exception.files.absolute-path.read-only")
1715.             (extension "com.apple.security.exception.files.absolute-path.read-write")
1716.             (extension "com.apple.security.exception.files.home-relative-path.read-only")
1717.             (require-all
1718.                 (extension-class "com.apple.app-sandbox.read")
1719.                 (extension "com.apple.sandbox.container")
1720.                 (require-any
1721.                     (require-all
1722.                         (subpath-prefix "${FRONT_USER_HOME}")
1723.                         (require-any
1724.                             (require-all
1725.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
1726.                                 (require-any
1727.                                     (extension-class "com.apple.app-sandbox.read")
1728.                                     (extension-class "com.apple.mediaserverd.read-write")
1729.                                     (extension-class "com.apple.quicklook.readonly")
1730.                                     (extension-class "com.apple.sharing.airdrop.readonly")
1731.                                     (extension-class "com.apple.nsurlsessiond.readonly")
1732.                                     (extension-class "com.apple.wcd.readonly")
1733.                                     (extension-class "com.apple.app-sandbox.read-write")
1734.                                     (extension-class "com.apple.mediaserverd.read")
1735.                                 )
1736.                             )
1737.                             (require-all
1738.                                 (extension-class "com.apple.corespotlightservice.read-write")
1739.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
1740.                             )
1741.                             (require-all
1742.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
1743.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
1744.                             )
1745.                             (require-all
1746.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
1747.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
1748.                             )
1749.                         )
1750.                     )
1751.                     (require-all
1752.                         (extension-class "com.apple.app-sandbox.read")
1753.                         (require-any
1754.                             (require-all
1755.                                 (subpath-prefix "${FRONT_USER_HOME}")
1756.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
1757.                             )
1758.                             (require-all
1759.                                 (subpath-prefix "${FRONT_USER_HOME}")
1760.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
1761.                             )
1762.                         )
1763.                     )
1764.                 )
1765.             )
1766.             (require-all
1767.                 (extension-class "com.apple.mediaserverd.read")
1768.                 (extension "com.apple.sandbox.container")
1769.                 (require-any
1770.                     (require-all
1771.                         (subpath-prefix "${FRONT_USER_HOME}")
1772.                         (require-any
1773.                             (require-all
1774.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
1775.                                 (require-any
1776.                                     (extension-class "com.apple.app-sandbox.read")
1777.                                     (extension-class "com.apple.mediaserverd.read-write")
1778.                                     (extension-class "com.apple.quicklook.readonly")
1779.                                     (extension-class "com.apple.sharing.airdrop.readonly")
1780.                                     (extension-class "com.apple.nsurlsessiond.readonly")
1781.                                     (extension-class "com.apple.wcd.readonly")
1782.                                     (extension-class "com.apple.app-sandbox.read-write")
1783.                                     (extension-class "com.apple.mediaserverd.read")
1784.                                 )
1785.                             )
1786.                             (require-all
1787.                                 (extension-class "com.apple.corespotlightservice.read-write")
1788.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
1789.                             )
1790.                             (require-all
1791.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
1792.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
1793.                             )
1794.                             (require-all
1795.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
1796.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
1797.                             )
1798.                         )
1799.                     )
1800.                     (require-all
1801.                         (extension-class "com.apple.app-sandbox.read")
1802.                         (require-any
1803.                             (require-all
1804.                                 (subpath-prefix "${FRONT_USER_HOME}")
1805.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
1806.                             )
1807.                             (require-all
1808.                                 (subpath-prefix "${FRONT_USER_HOME}")
1809.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
1810.                             )
1811.                         )
1812.                     )
1813.                 )
1814.             )
1815.             (require-all
1816.                 (extension-class "com.apple.quicklook.readonly")
1817.                 (extension "com.apple.sandbox.container")
1818.                 (require-any
1819.                     (require-all
1820.                         (subpath-prefix "${FRONT_USER_HOME}")
1821.                         (require-any
1822.                             (require-all
1823.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
1824.                                 (require-any
1825.                                     (extension-class "com.apple.app-sandbox.read")
1826.                                     (extension-class "com.apple.mediaserverd.read-write")
1827.                                     (extension-class "com.apple.quicklook.readonly")
1828.                                     (extension-class "com.apple.sharing.airdrop.readonly")
1829.                                     (extension-class "com.apple.nsurlsessiond.readonly")
1830.                                     (extension-class "com.apple.wcd.readonly")
1831.                                     (extension-class "com.apple.app-sandbox.read-write")
1832.                                     (extension-class "com.apple.mediaserverd.read")
1833.                                 )
1834.                             )
1835.                             (require-all
1836.                                 (extension-class "com.apple.corespotlightservice.read-write")
1837.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
1838.                             )
1839.                             (require-all
1840.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
1841.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
1842.                             )
1843.                             (require-all
1844.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
1845.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
1846.                             )
1847.                         )
1848.                     )
1849.                     (require-all
1850.                         (extension-class "com.apple.app-sandbox.read")
1851.                         (require-any
1852.                             (require-all
1853.                                 (subpath-prefix "${FRONT_USER_HOME}")
1854.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
1855.                             )
1856.                             (require-all
1857.                                 (subpath-prefix "${FRONT_USER_HOME}")
1858.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
1859.                             )
1860.                         )
1861.                     )
1862.                 )
1863.             )
1864.             (require-all
1865.                 (extension-class "com.apple.sharing.airdrop.readonly")
1866.                 (extension "com.apple.sandbox.container")
1867.                 (require-any
1868.                     (require-all
1869.                         (subpath-prefix "${FRONT_USER_HOME}")
1870.                         (require-any
1871.                             (require-all
1872.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
1873.                                 (require-any
1874.                                     (extension-class "com.apple.app-sandbox.read")
1875.                                     (extension-class "com.apple.mediaserverd.read-write")
1876.                                     (extension-class "com.apple.quicklook.readonly")
1877.                                     (extension-class "com.apple.sharing.airdrop.readonly")
1878.                                     (extension-class "com.apple.nsurlsessiond.readonly")
1879.                                     (extension-class "com.apple.wcd.readonly")
1880.                                     (extension-class "com.apple.app-sandbox.read-write")
1881.                                     (extension-class "com.apple.mediaserverd.read")
1882.                                 )
1883.                             )
1884.                             (require-all
1885.                                 (extension-class "com.apple.corespotlightservice.read-write")
1886.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
1887.                             )
1888.                             (require-all
1889.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
1890.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
1891.                             )
1892.                             (require-all
1893.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
1894.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
1895.                             )
1896.                         )
1897.                     )
1898.                     (require-all
1899.                         (extension-class "com.apple.app-sandbox.read")
1900.                         (require-any
1901.                             (require-all
1902.                                 (subpath-prefix "${FRONT_USER_HOME}")
1903.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
1904.                             )
1905.                             (require-all
1906.                                 (subpath-prefix "${FRONT_USER_HOME}")
1907.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
1908.                             )
1909.                         )
1910.                     )
1911.                 )
1912.             )
1913.         )
1914.     )
1915.     (require-all
1916.         (extension-class "com.apple.quicklook.readonly")
1917.         (require-any
1918.             (require-all
1919.                 (extension "com.apple.sandbox.container")
1920.                 (require-any
1921.                     (require-all
1922.                         (subpath-prefix "${FRONT_USER_HOME}")
1923.                         (require-any
1924.                             (require-all
1925.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
1926.                                 (require-any
1927.                                     (extension-class "com.apple.app-sandbox.read")
1928.                                     (extension-class "com.apple.mediaserverd.read-write")
1929.                                     (extension-class "com.apple.quicklook.readonly")
1930.                                     (extension-class "com.apple.sharing.airdrop.readonly")
1931.                                     (extension-class "com.apple.nsurlsessiond.readonly")
1932.                                     (extension-class "com.apple.wcd.readonly")
1933.                                     (extension-class "com.apple.app-sandbox.read-write")
1934.                                     (extension-class "com.apple.mediaserverd.read")
1935.                                 )
1936.                             )
1937.                             (require-all
1938.                                 (extension-class "com.apple.corespotlightservice.read-write")
1939.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
1940.                             )
1941.                             (require-all
1942.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
1943.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
1944.                             )
1945.                             (require-all
1946.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
1947.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
1948.                             )
1949.                         )
1950.                     )
1951.                     (require-all
1952.                         (extension-class "com.apple.app-sandbox.read")
1953.                         (require-any
1954.                             (require-all
1955.                                 (subpath-prefix "${FRONT_USER_HOME}")
1956.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
1957.                             )
1958.                             (require-all
1959.                                 (subpath-prefix "${FRONT_USER_HOME}")
1960.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
1961.                             )
1962.                         )
1963.                     )
1964.                 )
1965.             )
1966.             (require-all
1967.                 (vnode-type REGULAR-FILE)
1968.                 (subpath-prefix "${HOME}/Library/Application Support/CloudDocs/session/r")
1969.                 (extension "com.apple.clouddocs.version")
1970.             )
1971.         )
1972.     )
1973.     (require-all
1974.         (extension-class "com.apple.app-sandbox.read")
1975.         (require-any
1976.             (extension "com.apple.app-sandbox.read-write")
1977.             (require-all
1978.                 (extension-class "com.apple.app-sandbox.read")
1979.                 (extension "com.apple.sandbox.container")
1980.                 (require-any
1981.                     (require-all
1982.                         (subpath-prefix "${FRONT_USER_HOME}")
1983.                         (require-any
1984.                             (require-all
1985.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
1986.                                 (require-any
1987.                                     (extension-class "com.apple.app-sandbox.read")
1988.                                     (extension-class "com.apple.mediaserverd.read-write")
1989.                                     (extension-class "com.apple.quicklook.readonly")
1990.                                     (extension-class "com.apple.sharing.airdrop.readonly")
1991.                                     (extension-class "com.apple.nsurlsessiond.readonly")
1992.                                     (extension-class "com.apple.wcd.readonly")
1993.                                     (extension-class "com.apple.app-sandbox.read-write")
1994.                                     (extension-class "com.apple.mediaserverd.read")
1995.                                 )
1996.                             )
1997.                             (require-all
1998.                                 (extension-class "com.apple.corespotlightservice.read-write")
1999.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
2000.                             )
2001.                             (require-all
2002.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
2003.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
2004.                             )
2005.                             (require-all
2006.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
2007.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
2008.                             )
2009.                         )
2010.                     )
2011.                     (require-all
2012.                         (extension-class "com.apple.app-sandbox.read")
2013.                         (require-any
2014.                             (require-all
2015.                                 (subpath-prefix "${FRONT_USER_HOME}")
2016.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
2017.                             )
2018.                             (require-all
2019.                                 (subpath-prefix "${FRONT_USER_HOME}")
2020.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
2021.                             )
2022.                         )
2023.                     )
2024.                 )
2025.             )
2026.             (require-all
2027.                 (extension-class "com.apple.mediaserverd.read")
2028.                 (extension "com.apple.sandbox.container")
2029.                 (require-any
2030.                     (require-all
2031.                         (subpath-prefix "${FRONT_USER_HOME}")
2032.                         (require-any
2033.                             (require-all
2034.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
2035.                                 (require-any
2036.                                     (extension-class "com.apple.app-sandbox.read")
2037.                                     (extension-class "com.apple.mediaserverd.read-write")
2038.                                     (extension-class "com.apple.quicklook.readonly")
2039.                                     (extension-class "com.apple.sharing.airdrop.readonly")
2040.                                     (extension-class "com.apple.nsurlsessiond.readonly")
2041.                                     (extension-class "com.apple.wcd.readonly")
2042.                                     (extension-class "com.apple.app-sandbox.read-write")
2043.                                     (extension-class "com.apple.mediaserverd.read")
2044.                                 )
2045.                             )
2046.                             (require-all
2047.                                 (extension-class "com.apple.corespotlightservice.read-write")
2048.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
2049.                             )
2050.                             (require-all
2051.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
2052.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
2053.                             )
2054.                             (require-all
2055.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
2056.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
2057.                             )
2058.                         )
2059.                     )
2060.                     (require-all
2061.                         (extension-class "com.apple.app-sandbox.read")
2062.                         (require-any
2063.                             (require-all
2064.                                 (subpath-prefix "${FRONT_USER_HOME}")
2065.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
2066.                             )
2067.                             (require-all
2068.                                 (subpath-prefix "${FRONT_USER_HOME}")
2069.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
2070.                             )
2071.                         )
2072.                     )
2073.                 )
2074.             )
2075.             (require-all
2076.                 (extension-class "com.apple.quicklook.readonly")
2077.                 (extension "com.apple.sandbox.container")
2078.                 (require-any
2079.                     (require-all
2080.                         (subpath-prefix "${FRONT_USER_HOME}")
2081.                         (require-any
2082.                             (require-all
2083.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
2084.                                 (require-any
2085.                                     (extension-class "com.apple.app-sandbox.read")
2086.                                     (extension-class "com.apple.mediaserverd.read-write")
2087.                                     (extension-class "com.apple.quicklook.readonly")
2088.                                     (extension-class "com.apple.sharing.airdrop.readonly")
2089.                                     (extension-class "com.apple.nsurlsessiond.readonly")
2090.                                     (extension-class "com.apple.wcd.readonly")
2091.                                     (extension-class "com.apple.app-sandbox.read-write")
2092.                                     (extension-class "com.apple.mediaserverd.read")
2093.                                 )
2094.                             )
2095.                             (require-all
2096.                                 (extension-class "com.apple.corespotlightservice.read-write")
2097.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
2098.                             )
2099.                             (require-all
2100.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
2101.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
2102.                             )
2103.                             (require-all
2104.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
2105.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
2106.                             )
2107.                         )
2108.                     )
2109.                     (require-all
2110.                         (extension-class "com.apple.app-sandbox.read")
2111.                         (require-any
2112.                             (require-all
2113.                                 (subpath-prefix "${FRONT_USER_HOME}")
2114.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
2115.                             )
2116.                             (require-all
2117.                                 (subpath-prefix "${FRONT_USER_HOME}")
2118.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
2119.                             )
2120.                         )
2121.                     )
2122.                 )
2123.             )
2124.             (require-all
2125.                 (extension-class "com.apple.sharing.airdrop.readonly")
2126.                 (extension "com.apple.sandbox.container")
2127.                 (require-any
2128.                     (require-all
2129.                         (subpath-prefix "${FRONT_USER_HOME}")
2130.                         (require-any
2131.                             (require-all
2132.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
2133.                                 (require-any
2134.                                     (extension-class "com.apple.app-sandbox.read")
2135.                                     (extension-class "com.apple.mediaserverd.read-write")
2136.                                     (extension-class "com.apple.quicklook.readonly")
2137.                                     (extension-class "com.apple.sharing.airdrop.readonly")
2138.                                     (extension-class "com.apple.nsurlsessiond.readonly")
2139.                                     (extension-class "com.apple.wcd.readonly")
2140.                                     (extension-class "com.apple.app-sandbox.read-write")
2141.                                     (extension-class "com.apple.mediaserverd.read")
2142.                                 )
2143.                             )
2144.                             (require-all
2145.                                 (extension-class "com.apple.corespotlightservice.read-write")
2146.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
2147.                             )
2148.                             (require-all
2149.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
2150.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
2151.                             )
2152.                             (require-all
2153.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
2154.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
2155.                             )
2156.                         )
2157.                     )
2158.                     (require-all
2159.                         (extension-class "com.apple.app-sandbox.read")
2160.                         (require-any
2161.                             (require-all
2162.                                 (subpath-prefix "${FRONT_USER_HOME}")
2163.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
2164.                             )
2165.                             (require-all
2166.                                 (subpath-prefix "${FRONT_USER_HOME}")
2167.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
2168.                             )
2169.                         )
2170.                     )
2171.                 )
2172.             )
2173.         )
2174.     )
2175.     (require-all
2176.         (extension-class "com.apple.app-sandbox.read-write")
2177.         (require-any
2178.             (extension "com.apple.app-sandbox.read-write")
2179.             (require-all
2180.                 (extension-class "com.apple.app-sandbox.read")
2181.                 (extension "com.apple.sandbox.container")
2182.                 (require-any
2183.                     (require-all
2184.                         (subpath-prefix "${FRONT_USER_HOME}")
2185.                         (require-any
2186.                             (require-all
2187.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
2188.                                 (require-any
2189.                                     (extension-class "com.apple.app-sandbox.read")
2190.                                     (extension-class "com.apple.mediaserverd.read-write")
2191.                                     (extension-class "com.apple.quicklook.readonly")
2192.                                     (extension-class "com.apple.sharing.airdrop.readonly")
2193.                                     (extension-class "com.apple.nsurlsessiond.readonly")
2194.                                     (extension-class "com.apple.wcd.readonly")
2195.                                     (extension-class "com.apple.app-sandbox.read-write")
2196.                                     (extension-class "com.apple.mediaserverd.read")
2197.                                 )
2198.                             )
2199.                             (require-all
2200.                                 (extension-class "com.apple.corespotlightservice.read-write")
2201.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
2202.                             )
2203.                             (require-all
2204.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
2205.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
2206.                             )
2207.                             (require-all
2208.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
2209.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
2210.                             )
2211.                         )
2212.                     )
2213.                     (require-all
2214.                         (extension-class "com.apple.app-sandbox.read")
2215.                         (require-any
2216.                             (require-all
2217.                                 (subpath-prefix "${FRONT_USER_HOME}")
2218.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
2219.                             )
2220.                             (require-all
2221.                                 (subpath-prefix "${FRONT_USER_HOME}")
2222.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
2223.                             )
2224.                         )
2225.                     )
2226.                 )
2227.             )
2228.             (require-all
2229.                 (extension-class "com.apple.mediaserverd.read")
2230.                 (extension "com.apple.sandbox.container")
2231.                 (require-any
2232.                     (require-all
2233.                         (subpath-prefix "${FRONT_USER_HOME}")
2234.                         (require-any
2235.                             (require-all
2236.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
2237.                                 (require-any
2238.                                     (extension-class "com.apple.app-sandbox.read")
2239.                                     (extension-class "com.apple.mediaserverd.read-write")
2240.                                     (extension-class "com.apple.quicklook.readonly")
2241.                                     (extension-class "com.apple.sharing.airdrop.readonly")
2242.                                     (extension-class "com.apple.nsurlsessiond.readonly")
2243.                                     (extension-class "com.apple.wcd.readonly")
2244.                                     (extension-class "com.apple.app-sandbox.read-write")
2245.                                     (extension-class "com.apple.mediaserverd.read")
2246.                                 )
2247.                             )
2248.                             (require-all
2249.                                 (extension-class "com.apple.corespotlightservice.read-write")
2250.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
2251.                             )
2252.                             (require-all
2253.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
2254.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
2255.                             )
2256.                             (require-all
2257.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
2258.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
2259.                             )
2260.                         )
2261.                     )
2262.                     (require-all
2263.                         (extension-class "com.apple.app-sandbox.read")
2264.                         (require-any
2265.                             (require-all
2266.                                 (subpath-prefix "${FRONT_USER_HOME}")
2267.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
2268.                             )
2269.                             (require-all
2270.                                 (subpath-prefix "${FRONT_USER_HOME}")
2271.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
2272.                             )
2273.                         )
2274.                     )
2275.                 )
2276.             )
2277.             (require-all
2278.                 (extension-class "com.apple.quicklook.readonly")
2279.                 (extension "com.apple.sandbox.container")
2280.                 (require-any
2281.                     (require-all
2282.                         (subpath-prefix "${FRONT_USER_HOME}")
2283.                         (require-any
2284.                             (require-all
2285.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
2286.                                 (require-any
2287.                                     (extension-class "com.apple.app-sandbox.read")
2288.                                     (extension-class "com.apple.mediaserverd.read-write")
2289.                                     (extension-class "com.apple.quicklook.readonly")
2290.                                     (extension-class "com.apple.sharing.airdrop.readonly")
2291.                                     (extension-class "com.apple.nsurlsessiond.readonly")
2292.                                     (extension-class "com.apple.wcd.readonly")
2293.                                     (extension-class "com.apple.app-sandbox.read-write")
2294.                                     (extension-class "com.apple.mediaserverd.read")
2295.                                 )
2296.                             )
2297.                             (require-all
2298.                                 (extension-class "com.apple.corespotlightservice.read-write")
2299.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
2300.                             )
2301.                             (require-all
2302.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
2303.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
2304.                             )
2305.                             (require-all
2306.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
2307.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
2308.                             )
2309.                         )
2310.                     )
2311.                     (require-all
2312.                         (extension-class "com.apple.app-sandbox.read")
2313.                         (require-any
2314.                             (require-all
2315.                                 (subpath-prefix "${FRONT_USER_HOME}")
2316.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
2317.                             )
2318.                             (require-all
2319.                                 (subpath-prefix "${FRONT_USER_HOME}")
2320.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
2321.                             )
2322.                         )
2323.                     )
2324.                 )
2325.             )
2326.             (require-all
2327.                 (extension-class "com.apple.sharing.airdrop.readonly")
2328.                 (extension "com.apple.sandbox.container")
2329.                 (require-any
2330.                     (require-all
2331.                         (subpath-prefix "${FRONT_USER_HOME}")
2332.                         (require-any
2333.                             (require-all
2334.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
2335.                                 (require-any
2336.                                     (extension-class "com.apple.app-sandbox.read")
2337.                                     (extension-class "com.apple.mediaserverd.read-write")
2338.                                     (extension-class "com.apple.quicklook.readonly")
2339.                                     (extension-class "com.apple.sharing.airdrop.readonly")
2340.                                     (extension-class "com.apple.nsurlsessiond.readonly")
2341.                                     (extension-class "com.apple.wcd.readonly")
2342.                                     (extension-class "com.apple.app-sandbox.read-write")
2343.                                     (extension-class "com.apple.mediaserverd.read")
2344.                                 )
2345.                             )
2346.                             (require-all
2347.                                 (extension-class "com.apple.corespotlightservice.read-write")
2348.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
2349.                             )
2350.                             (require-all
2351.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
2352.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
2353.                             )
2354.                             (require-all
2355.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
2356.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
2357.                             )
2358.                         )
2359.                     )
2360.                     (require-all
2361.                         (extension-class "com.apple.app-sandbox.read")
2362.                         (require-any
2363.                             (require-all
2364.                                 (subpath-prefix "${FRONT_USER_HOME}")
2365.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
2366.                             )
2367.                             (require-all
2368.                                 (subpath-prefix "${FRONT_USER_HOME}")
2369.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
2370.                             )
2371.                         )
2372.                     )
2373.                 )
2374.             )
2375.         )
2376.     )
2377.     (require-all
2378.         (extension-class "com.apple.sharing.airdrop.readonly")
2379.         (require-any
2380.             (extension "com.apple.app-sandbox.read-write")
2381.             (require-all
2382.                 (extension-class "com.apple.app-sandbox.read")
2383.                 (extension "com.apple.sandbox.container")
2384.                 (require-any
2385.                     (require-all
2386.                         (subpath-prefix "${FRONT_USER_HOME}")
2387.                         (require-any
2388.                             (require-all
2389.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
2390.                                 (require-any
2391.                                     (extension-class "com.apple.app-sandbox.read")
2392.                                     (extension-class "com.apple.mediaserverd.read-write")
2393.                                     (extension-class "com.apple.quicklook.readonly")
2394.                                     (extension-class "com.apple.sharing.airdrop.readonly")
2395.                                     (extension-class "com.apple.nsurlsessiond.readonly")
2396.                                     (extension-class "com.apple.wcd.readonly")
2397.                                     (extension-class "com.apple.app-sandbox.read-write")
2398.                                     (extension-class "com.apple.mediaserverd.read")
2399.                                 )
2400.                             )
2401.                             (require-all
2402.                                 (extension-class "com.apple.corespotlightservice.read-write")
2403.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
2404.                             )
2405.                             (require-all
2406.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
2407.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
2408.                             )
2409.                             (require-all
2410.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
2411.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
2412.                             )
2413.                         )
2414.                     )
2415.                     (require-all
2416.                         (extension-class "com.apple.app-sandbox.read")
2417.                         (require-any
2418.                             (require-all
2419.                                 (subpath-prefix "${FRONT_USER_HOME}")
2420.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
2421.                             )
2422.                             (require-all
2423.                                 (subpath-prefix "${FRONT_USER_HOME}")
2424.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
2425.                             )
2426.                         )
2427.                     )
2428.                 )
2429.             )
2430.             (require-all
2431.                 (extension-class "com.apple.mediaserverd.read")
2432.                 (extension "com.apple.sandbox.container")
2433.                 (require-any
2434.                     (require-all
2435.                         (subpath-prefix "${FRONT_USER_HOME}")
2436.                         (require-any
2437.                             (require-all
2438.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
2439.                                 (require-any
2440.                                     (extension-class "com.apple.app-sandbox.read")
2441.                                     (extension-class "com.apple.mediaserverd.read-write")
2442.                                     (extension-class "com.apple.quicklook.readonly")
2443.                                     (extension-class "com.apple.sharing.airdrop.readonly")
2444.                                     (extension-class "com.apple.nsurlsessiond.readonly")
2445.                                     (extension-class "com.apple.wcd.readonly")
2446.                                     (extension-class "com.apple.app-sandbox.read-write")
2447.                                     (extension-class "com.apple.mediaserverd.read")
2448.                                 )
2449.                             )
2450.                             (require-all
2451.                                 (extension-class "com.apple.corespotlightservice.read-write")
2452.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
2453.                             )
2454.                             (require-all
2455.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
2456.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
2457.                             )
2458.                             (require-all
2459.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
2460.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
2461.                             )
2462.                         )
2463.                     )
2464.                     (require-all
2465.                         (extension-class "com.apple.app-sandbox.read")
2466.                         (require-any
2467.                             (require-all
2468.                                 (subpath-prefix "${FRONT_USER_HOME}")
2469.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
2470.                             )
2471.                             (require-all
2472.                                 (subpath-prefix "${FRONT_USER_HOME}")
2473.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
2474.                             )
2475.                         )
2476.                     )
2477.                 )
2478.             )
2479.             (require-all
2480.                 (extension-class "com.apple.quicklook.readonly")
2481.                 (extension "com.apple.sandbox.container")
2482.                 (require-any
2483.                     (require-all
2484.                         (subpath-prefix "${FRONT_USER_HOME}")
2485.                         (require-any
2486.                             (require-all
2487.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
2488.                                 (require-any
2489.                                     (extension-class "com.apple.app-sandbox.read")
2490.                                     (extension-class "com.apple.mediaserverd.read-write")
2491.                                     (extension-class "com.apple.quicklook.readonly")
2492.                                     (extension-class "com.apple.sharing.airdrop.readonly")
2493.                                     (extension-class "com.apple.nsurlsessiond.readonly")
2494.                                     (extension-class "com.apple.wcd.readonly")
2495.                                     (extension-class "com.apple.app-sandbox.read-write")
2496.                                     (extension-class "com.apple.mediaserverd.read")
2497.                                 )
2498.                             )
2499.                             (require-all
2500.                                 (extension-class "com.apple.corespotlightservice.read-write")
2501.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
2502.                             )
2503.                             (require-all
2504.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
2505.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
2506.                             )
2507.                             (require-all
2508.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
2509.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
2510.                             )
2511.                         )
2512.                     )
2513.                     (require-all
2514.                         (extension-class "com.apple.app-sandbox.read")
2515.                         (require-any
2516.                             (require-all
2517.                                 (subpath-prefix "${FRONT_USER_HOME}")
2518.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
2519.                             )
2520.                             (require-all
2521.                                 (subpath-prefix "${FRONT_USER_HOME}")
2522.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
2523.                             )
2524.                         )
2525.                     )
2526.                 )
2527.             )
2528.             (require-all
2529.                 (extension-class "com.apple.sharing.airdrop.readonly")
2530.                 (extension "com.apple.sandbox.container")
2531.                 (require-any
2532.                     (require-all
2533.                         (subpath-prefix "${FRONT_USER_HOME}")
2534.                         (require-any
2535.                             (require-all
2536.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
2537.                                 (require-any
2538.                                     (extension-class "com.apple.app-sandbox.read")
2539.                                     (extension-class "com.apple.mediaserverd.read-write")
2540.                                     (extension-class "com.apple.quicklook.readonly")
2541.                                     (extension-class "com.apple.sharing.airdrop.readonly")
2542.                                     (extension-class "com.apple.nsurlsessiond.readonly")
2543.                                     (extension-class "com.apple.wcd.readonly")
2544.                                     (extension-class "com.apple.app-sandbox.read-write")
2545.                                     (extension-class "com.apple.mediaserverd.read")
2546.                                 )
2547.                             )
2548.                             (require-all
2549.                                 (extension-class "com.apple.corespotlightservice.read-write")
2550.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/com[.]apple[.]corespotlightservice$")
2551.                             )
2552.                             (require-all
2553.                                 (extension-class "com.apple.foundation.upload-prep.read-write")
2554.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/tmp$")
2555.                             )
2556.                             (require-all
2557.                                 (extension-class "com.apple.nsurlstorage.extension-cache")
2558.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$")
2559.                             )
2560.                         )
2561.                     )
2562.                     (require-all
2563.                         (extension-class "com.apple.app-sandbox.read")
2564.                         (require-any
2565.                             (require-all
2566.                                 (subpath-prefix "${FRONT_USER_HOME}")
2567.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
2568.                             )
2569.                             (require-all
2570.                                 (subpath-prefix "${FRONT_USER_HOME}")
2571.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
2572.                             )
2573.                         )
2574.                     )
2575.                 )
2576.             )
2577.         )
2578.     )
2579. )
2580. (allow file-map-executable
2581.     (require-any
2582.         (subpath "/System/Library/Frameworks")
2583.         (subpath "/System/Library/PrivateFrameworks")
2584.     )
2585.     (subpath "/Developer")
2586.     (subpath "/System/Library")
2587.     (subpath "/usr/lib")
2588.     (require-entitlement "com.apple.private.amfi.can-execute-cdhash")
2589.     (require-all
2590.         (extension "com.apple.app-sandbox.read")
2591.         (require-entitlement "com.apple.private.amfi.can-execute-cdhash")
2592.     )
2593.     (require-all
2594.         (extension "com.apple.sandbox.container")
2595.         (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
2596.         (subpath-prefix "${FRONT_USER_HOME}")
2597.     )
2598.     (require-all
2599.         (extension "com.apple.sandbox.executable")
2600.         (regex #"/[^/]+/SC_Info/" #".+/[^/]+/SC_Info/")
2601.     )
2602.     (require-all
2603.         (require-entitlement "com.apple.private.signing-identifier"
2604.             (require-any
2605.                 (require-all
2606.                     (subpath "/Applications/AppStore.app/Frameworks")
2607.                     (entitlement-value "com.apple.MobileSMS")
2608.                 )
2609.                 (require-all
2610.                     (literal "/AppleInternal/Library/Frameworks/CoreAutomation")
2611.                     (entitlement-value "com.apple.iStreamer")
2612.                 )
2613.             )
2614.         )
2615.     )
2616. )
2617. (allow file-read*
2618.     (subpath-prefix "${FRONT_USER_HOME}/Library/Carrier Bundles/Overlay")
2619.     (regex #"^/System/Library/Carrier Bundles//carrier[.]plist$" #"^/System/Library/Carrier Bundles/.+/carrier[.]plist$")
2620.     (literal-prefix "${FRONT_USER_HOME}/Library/Preferences/com.apple.carrier.plist")
2621.     (regex #"^/System/Library/Carrier Bundles/[.]png$" #"^/System/Library/Carrier Bundles/.+[.]png$")
2622.     (literal-prefix "${HOME}/Media/iTunes_Control/iTunes/Ringtones.plist")
2623.     (subpath-prefix "${HOME}/Media/iTunes_Control/Ringtones")
2624.     (subpath-prefix "${HOME}/Media/Purchases")
2625.     (literal-prefix "${HOME}/Library/Preferences/com.apple.mobilephone.speeddial.plist")
2626.     (subpath-prefix "${HOME}/Library/AddressBook")
2627.     (extension "com.apple.logd.read-only")
2628.     (require-any
2629.         (subpath-prefix "${HOME}/Library/Logs/com.apple.StoreServices")
2630.         (literal-prefix "${HOME}/Library/Cookies/com.apple.itunesstored")
2631.     )
2632.     (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.iTunesStore.NSURLCache")
2633.     (subpath-prefix "${HOME}/Media/iTunes_Control/iTunes")
2634.     (require-all
2635.         (regex #"^/private/var/mobile/Library/Carrier Bundles//carrier[.]plist$" #"^/private/var/mobile/Library/Carrier Bundles/.+/carrier[.]plist$" #"^/private/var/euser[0-9]+/Library/Carrier Bundles/.*/carrier[.]plist$" #"^/private/var/[-0-9A-F]+/Library/Carrier Bundles/.*/carrier[.]plist$" #"^/private/var/Users/[^/]+/Library/Carrier Bundles/.*/carrier[.]plist$")
2636.         (subpath-prefix "${FRONT_USER_HOME}")
2637.     )
2638.     (require-all
2639.         (subpath-prefix "${FRONT_USER_HOME}")
2640.         (regex #"^/private/var/mobile/Library/Carrier Bundles/[.]png$" #"^/private/var/mobile/Library/Carrier Bundles/.+[.]png$" #"^/private/var/euser[0-9]+/Library/Carrier Bundles/.*[.]png$" #"^/private/var/[-0-9A-F]+/Library/Carrier Bundles/.*[.]png$" #"^/private/var/Users/[^/]+/Library/Carrier Bundles/.*[.]png$")
2641.     )
2642.     (require-all
2643.         (subpath-prefix "${HOME}/Library/Carrier Bundles")
2644.         (require-any
2645.             (require-entitlement "com.apple.private.signing-identifier" (entitlement-value "com.apple.mobilemail"))
2646.             (require-entitlement "com.apple.security.exception.carrier-bundle.read")
2647.         )
2648.     )
2649.     (require-all
2650.         (subpath-prefix "${FRONT_USER_HOME}")
2651.         (extension "com.apple.sandbox.container")
2652.         (require-any
2653.             (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
2654.             (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+$")
2655.             (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/StoreKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/StoreKit$")
2656.             (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesArtwork$")
2657.         )
2658.     )
2659.     (require-all
2660.         (subpath-prefix "${HOME}/Library/Application Support/Ubiquity/genstore")
2661.         (extension "com.apple.librarian.ubiquity-revision")
2662.     )
2663.     (require-all
2664.         (subpath-prefix "${HOME}/Library/Mobile Documents")
2665.         (require-any
2666.             (extension "com.apple.librarian.ubiquity-container")
2667.             (require-entitlement "com.apple.private.librarian.container-proxy")
2668.         )
2669.     )
2670.     (require-all
2671.         (vnode-type REGULAR-FILE)
2672.         (subpath-prefix "${HOME}/Library/Application Support/CloudDocs/session/r")
2673.         (extension "com.apple.clouddocs.version")
2674.     )
2675.     (require-all
2676.         (require-not (literal "/private/var/mobile/Media/iTunes_Control/iTunes/iTunesPrefs"))
2677.         (require-any
2678.             (require-any
2679.                 (subpath "/System/Library/Frameworks")
2680.                 (subpath "/System/Library/PrivateFrameworks")
2681.             )
2682.             (subpath "/private/var/preferences/Logging")
2683.             (literal "/private/var/Managed Preferences/mobile/.GlobalPreferences.plist")
2684.             (literal-prefix "${FRONT_USER_HOME}/Library/Preferences/.GlobalPreferences.plist")
2685.             (extension "com.apple.security.exception.files.absolute-path.read-only")
2686.             (extension "com.apple.security.exception.files.home-relative-path.read-only")
2687.             (extension "com.apple.app-sandbox.read-write")
2688.             (extension "com.apple.sandbox.executable")
2689.             (extension "com.apple.app-sandbox.read")
2690.             (extension "com.apple.security.exception.files.absolute-path.read-write")
2691.             (extension "com.apple.security.exception.files.home-relative-path.read-write")
2692.             (subpath "/Developer")
2693.             (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist")
2694.             (subpath "/usr/lib")
2695.             (subpath "/usr/share")
2696.             (subpath "/private/var/db/timezone")
2697.             (literal "/private/var/preferences/com.apple.security.plist")
2698.             (require-any
2699.                 (literal "/private/var/preferences/com.apple.NetworkStatistics.plist")
2700.                 (literal "/private/var/preferences/com.apple.networkd.plist")
2701.             )
2702.             (literal "/private/var/Managed Preferences/mobile/com.apple.SystemConfiguration.plist")
2703.             (subpath "/System/Library")
2704.             (literal "/private/var/containers/Shared/SystemGroup/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
2705.             (require-all
2706.                 (require-any
2707.                     (literal "/System/Library/Caches/apticket.der")
2708.                     (subpath "/System/Library/Caches/com.apple.kernelcaches")
2709.                     (subpath "/System/Library/Caches/com.apple.factorydata")
2710.                 )
2711.                 (process-attribute 4)
2712.                 (require-entitlement "com.apple.private.amfi.can-execute-cdhash")
2713.             )
2714.             (require-all
2715.                 (literal "/private/var/preferences/com.apple.networkextension.plist")
2716.                 (require-entitlement "com.apple.private.networkextension.configuration")
2717.             )
2718.             (require-all
2719.                 (process-attribute 4)
2720.                 (literal "/private/var/preferences/SystemConfiguration/com.apple.wifi.plist")
2721.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
2722.             )
2723.             (require-all
2724.                 (literal-prefix "${HOME}/Media/iTunes_Control/iTunes/Ringtones.plist")
2725.                 (require-any
2726.                     (require-entitlement "com.apple.media.ringtones.read-only")
2727.                     (require-entitlement "com.apple.private.signing-identifier" (entitlement-value "com.apple.mobilemail"))
2728.                     (require-entitlement "com.apple.media.ringtones.read-write")
2729.                 )
2730.             )
2731.             (require-all
2732.                 (subpath-prefix "${HOME}/Media/iTunes_Control/Ringtones")
2733.                 (require-any
2734.                     (require-entitlement "com.apple.media.ringtones.read-only")
2735.                     (require-entitlement "com.apple.private.signing-identifier" (entitlement-value "com.apple.mobilemail"))
2736.                     (require-entitlement "com.apple.media.ringtones.read-write")
2737.                 )
2738.             )
2739.             (require-all
2740.                 (subpath-prefix "${HOME}/Media/Purchases")
2741.                 (require-any
2742.                     (require-entitlement "com.apple.media.ringtones.read-only")
2743.                     (require-entitlement "com.apple.private.signing-identifier" (entitlement-value "com.apple.mobilemail"))
2744.                     (require-entitlement "com.apple.media.ringtones.read-write")
2745.                 )
2746.             )
2747.             (require-all
2748.                 (require-any
2749.                     (literal-prefix "${HOME}/Library/SpringBoard/OriginalHomeVideo.mov")
2750.                     (literal-prefix "${HOME}/Library/SpringBoard/OriginalLockVideo.mov")
2751.                     (literal-prefix "${HOME}/Library/SpringBoard/LockBackground.cpbitmap")
2752.                     (literal-prefix "${HOME}/Library/SpringBoard/LockBackgroundThumbnail.jpg")
2753.                     (literal-prefix "${HOME}/Library/SpringBoard/LockVideo.mov")
2754.                     (literal-prefix "${HOME}/Library/SpringBoard/.LockBackground.cpbitmap")
2755.                     (literal-prefix "${HOME}/Library/SpringBoard/.HomeBackground.cpbitmap")
2756.                     (literal-prefix "${HOME}/Library/SpringBoard/HomeVideo.mov")
2757.                     (literal-prefix "${HOME}/Library/SpringBoard/HomeBackgroundThumbnail.jpg")
2758.                     (literal-prefix "${HOME}/Library/SpringBoard/HomeBackground.cpbitmap")
2759.                 )
2760.                 (require-any
2761.                     (require-entitlement "com.apple.system.get-wallpaper")
2762.                     (require-entitlement "com.apple.private.signing-identifier"
2763.                         (require-any
2764.                             (entitlement-value "com.apple.iBooks")
2765.                             (entitlement-value "com.apple.itunesu")
2766.                         )
2767.                     )
2768.                     (require-entitlement "com.apple.container2")
2769.                 )
2770.             )
2771.             (require-all
2772.                 (subpath-prefix "${HOME}/Media/Podcasts")
2773.                 (require-any
2774.                     (require-entitlement "com.apple.private.signing-identifier"
2775.                         (require-any
2776.                             (entitlement-value "com.apple.iBooks")
2777.                             (entitlement-value "com.apple.itunesu")
2778.                         )
2779.                     )
2780.                     (require-entitlement "com.apple.container2")
2781.                 )
2782.             )
2783.             (require-all
2784.                 (subpath-prefix "${HOME}/Media/Books")
2785.                 (require-any
2786.                     (require-entitlement "com.apple.private.signing-identifier"
2787.                         (require-any
2788.                             (entitlement-value "com.apple.iBooks")
2789.                             (entitlement-value "com.apple.itunesu")
2790.                         )
2791.                     )
2792.                     (require-entitlement "com.apple.container2")
2793.                 )
2794.             )
2795.             (require-all
2796.                 (subpath-prefix "${HOME}/Media/Purchases")
2797.                 (extension "com.apple.tcc.kTCCServiceMediaLibrary")
2798.                 (require-any
2799.                     (require-entitlement "com.apple.private.signing-identifier"
2800.                         (require-any
2801.                             (entitlement-value "com.apple.iBooks")
2802.                             (entitlement-value "com.apple.itunesu")
2803.                         )
2804.                     )
2805.                     (require-entitlement "com.apple.container2")
2806.                 )
2807.             )
2808.             (require-all
2809.                 (subpath-prefix "${HOME}/Media/iTunes_Control")
2810.                 (extension "com.apple.tcc.kTCCServiceMediaLibrary")
2811.                 (require-any
2812.                     (require-entitlement "com.apple.private.signing-identifier"
2813.                         (require-any
2814.                             (entitlement-value "com.apple.iBooks")
2815.                             (entitlement-value "com.apple.itunesu")
2816.                         )
2817.                     )
2818.                     (require-entitlement "com.apple.container2")
2819.                     (require-all
2820.                         (extension "com.apple.tcc.kTCCServiceMediaLibrary")
2821.                         (require-any
2822.                             (literal-prefix "${HOME}/Media/iTunes_Control/iTunes/MediaLibrary.sqlitedb")
2823.                             (literal-prefix "${HOME}/Media/iTunes_Control/iTunes/MediaLibrary.sqlitedb-wal")
2824.                             (literal-prefix "${HOME}/Media/iTunes_Control/iTunes/MediaLibrary.sqlitedb-shm")
2825.                             (literal-prefix "${HOME}/Media/iTunes_Control/iTunes/MediaLibrary.sqlitedb-journal")
2826.                             (literal-prefix "${HOME}/Media/iTunes_Control/iTunes")
2827.                         )
2828.                         (require-any
2829.                             (require-entitlement "com.apple.private.signing-identifier"
2830.                                 (require-any
2831.                                     (entitlement-value "com.apple.mobilesafari")
2832.                                     (require-any
2833.                                         (entitlement-value "com.apple.iBooks")
2834.                                         (entitlement-value "com.apple.itunesu")
2835.                                     )
2836.                                 )
2837.                             )
2838.                             (require-entitlement "com.apple.container2")
2839.                         )
2840.                     )
2841.                 )
2842.             )
2843.             (require-all
2844.                 (literal-prefix "${HOME}/Library/Cookies/com.apple.itunesstored")
2845.                 (require-any
2846.                     (require-entitlement "com.apple.private.signing-identifier"
2847.                         (require-any
2848.                             (entitlement-value "com.apple.mobilesafari")
2849.                             (require-any
2850.                                 (entitlement-value "com.apple.iBooks")
2851.                                 (entitlement-value "com.apple.itunesu")
2852.                             )
2853.                         )
2854.                     )
2855.                     (require-entitlement "com.apple.container2")
2856.                 )
2857.             )
2858.             (require-all
2859.                 (subpath-prefix "${HOME}/Library/BulletinDistributor/Attachments")
2860.                 (extension "com.apple.bulletindistributor.attachments.read-only")
2861.             )
2862.             (require-all
2863.                 (subpath-prefix "${HOME}/Library/SpringBoard/PushStore/Attachments")
2864.                 (extension "com.apple.usernotifications.attachments.read-only")
2865.             )
2866.             (require-all
2867.                 (require-not (regex #"^/private/var/mobile/Library/Preferences/com.apple.apsalerts.plist" #"^/private/var/euser[0-9]+/Library/Preferences/com.apple.apsalerts.plist" #"^/private/var/[-0-9A-F]+/Library/Preferences/com.apple.apsalerts.plist" #"^/private/var/Users/[^/]+/Library/Preferences/com.apple.apsalerts.plist"))
2868.                 (require-any
2869.                     (require-all
2870.                         (extension "com.apple.tcc.kTCCServiceAddressBook")
2871.                         (require-entitlement "com.apple.Contacts.database-allow")
2872.                     )
2873.                     (require-all
2874.                         (subpath-prefix "${FRONT_USER_HOME}/Library/Carrier Bundles/Overlay")
2875.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
2876.                     )
2877.                     (require-all
2878.                         (regex #"^/System/Library/Carrier Bundles//carrier[.]plist$" #"^/System/Library/Carrier Bundles/.+/carrier[.]plist$")
2879.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
2880.                     )
2881.                     (require-all
2882.                         (literal-prefix "${FRONT_USER_HOME}/Library/Preferences/com.apple.carrier.plist")
2883.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
2884.                     )
2885.                     (require-all
2886.                         (regex #"^/System/Library/Carrier Bundles/[.]png$" #"^/System/Library/Carrier Bundles/.+[.]png$")
2887.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
2888.                     )
2889.                     (require-all
2890.                         (subpath-prefix "${HOME}/Library/Fonts")
2891.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
2892.                     )
2893.                     (require-all
2894.                         (extension "com.apple.sandbox.application-group")
2895.                         (require-any
2896.                             (require-all
2897.                                 (subpath-prefix "${HOME}")
2898.                                 (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
2899.                             )
2900.                             (require-all
2901.                                 (subpath-prefix "${HOME}")
2902.                                 (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+$" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+$")
2903.                             )
2904.                         )
2905.                     )
2906.                     (require-all
2907.                         (subpath-prefix "${FRONT_USER_HOME}")
2908.                         (extension "com.apple.fileprovider.read-write")
2909.                         (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Application Support/Collaboration/com.apple.iWork/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Application Support/Collaboration/com.apple.iWork/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Application Support/Collaboration/com.apple.iWork/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Application Support/Collaboration/com.apple.iWork/")
2910.                     )
2911.                     (require-all
2912.                         (extension "com.apple.tcc.kTCCServiceMediaLibrary")
2913.                         (require-any
2914.                             (subpath-prefix "${HOME}/Media/iTunes_Control/Artwork")
2915.                             (subpath-prefix "${HOME}/Media/iTunes_Control/iTunes")
2916.                         )
2917.                     )
2918.                     (require-all
2919.                         (require-not (regex #"^/private/var/mobile/Library/Caches/GeoServices/tguid[.]bin$" #"^/private/var/euser[0-9]+/Library/Caches/GeoServices/tguid[.]bin$" #"^/private/var/[-0-9A-F]+/Library/Caches/GeoServices/tguid[.]bin$" #"^/private/var/Users/[^/]+/Library/Caches/GeoServices/tguid[.]bin$"))
2920.                         (require-any
2921.                             (require-any
2922.                                 (literal-prefix "${HOME}/Media/Vibrations/UserGeneratedVibrationPatterns.plist")
2923.                                 (subpath "/Library/Ringtones")
2924.                             )
2925.                             (subpath "/private/var/containers/Data/System/com.apple.geod")
2926.                             (literal-prefix "${HOME}/Library/Caches/DateFormats.plist")
2927.                             (require-any
2928.                                 (subpath "/Library/Dictionaries")
2929.                                 (subpath-prefix "${HOME}/Library/Dictionaries")
2930.                                 (subpath-prefix "${HOME}/Library/VoiceServices/Assets")
2931.                                 (subpath-prefix "${HOME}/Library/Assets/com_apple_MobileAsset_VoiceServicesVocalizerVoice")
2932.                             )
2933.                             (subpath-prefix "${FRONT_USER_HOME}/Library/Caches/GeoServices")
2934.                             (literal "/private/var/preferences/com.apple.security.plist")
2935.                             (require-any
2936.                                 (literal "/private/var/preferences/com.apple.NetworkStatistics.plist")
2937.                                 (literal "/private/var/preferences/com.apple.networkd.plist")
2938.                             )
2939.                             (literal "/private/var/Managed Preferences/mobile/com.apple.SystemConfiguration.plist")
2940.                             (literal-prefix "${HOME}/Library/Caches/com.apple.itunesstored/url-resolution.plist")
2941.                             (literal "/private/var/preferences/SystemConfiguration/com.apple.radios.plist")
2942.                             (subpath-prefix "${HOME}/Library/Caches/com.apple.UIStatusBar")
2943.                             (subpath "/private/var/containers/Shared/SystemGroup/systemgroup.com.apple.lsd.iconscache")
2944.                             (require-any
2945.                                 (literal "/private/var/preferences/SystemConfiguration/com.apple.sinaweibo.plist")
2946.                                 (literal "/private/var/preferences/SystemConfiguration/com.apple.twitter.plist")
2947.                                 (literal "/private/var/preferences/SystemConfiguration/com.apple.facebook.plist")
2948.                                 (literal "/private/var/preferences/SystemConfiguration/com.apple.linkedin.plist")
2949.                             )
2950.                             (literal "/private/var/containers/Shared/SystemGroup/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
2951.                             (subpath-prefix "${HOME}/Library/Caches/com.apple.keyboards")
2952.                             (subpath-prefix "${HOME}/Library/Fonts")
2953.                             (literal "/private/var/preferences/SystemConfiguration/com.apple.accounts.exists.plist")
2954.                             (literal-prefix "${HOME}/Library/Caches/Checkpoint.plist")
2955.                             (require-all
2956.                                 (subpath-prefix "${HOME}")
2957.                                 (require-any
2958.                                     (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/GeoServices$" #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/GeoServices/" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/GeoServices$" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/GeoServices/" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/GeoServices$" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/GeoServices/" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/GeoServices$" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/GeoServices/")
2959.                                     (regex #"^/private/var/mobile/Library/GameKit/Data/[^/]+.gcdata$" #"^/private/var/euser[0-9]+/Library/GameKit/Data/[^/]+.gcdata$" #"^/private/var/[-0-9A-F]+/Library/GameKit/Data/[^/]+.gcdata$" #"^/private/var/Users/[^/]+/Library/GameKit/Data/[^/]+.gcdata$")
2960.                                     (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/[.]GlobalPreferences$" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/[.]GlobalPreferences$" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/[.]GlobalPreferences$" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/[.]GlobalPreferences$")
2961.                                     (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com.apple.nanoprefsyncd$" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com.apple.nanoprefsyncd$" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com.apple.nanoprefsyncd$" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com.apple.nanoprefsyncd$")
2962.                                     (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]ToneLibrary$" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]ToneLibrary$" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]ToneLibrary$" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]ToneLibrary$")
2963.                                 )
2964.                             )
2965.                             (require-all
2966.                                 (literal "/private/var/preferences/com.apple.networkextension.plist")
2967.                                 (require-entitlement "com.apple.private.networkextension.configuration")
2968.                             )
2969.                             (require-all
2970.                                 (literal-prefix "${FRONT_USER_HOME}/Library/Caches/com.apple.Pasteboard/")
2971.                                 (extension "com.apple.Pasteboard-readonly")
2972.                             )
2973.                             (require-all
2974.                                 (subpath-prefix "${HOME}/Library/ReplayKit")
2975.                                 (extension "com.apple.replayd.read-only")
2976.                             )
2977.                             (require-all
2978.                                 (extension "com.apple.odr-assets")
2979.                                 (require-any
2980.                                     (subpath-prefix "${HOME}/Library/OnDemandResources/AssetPacks")
2981.                                     (subpath "/private/var/containers/Shared/SystemGroup/systemgroup.com.apple.ondemandresources/Library/AssetPacks")
2982.                                 )
2983.                             )
2984.                             (require-all
2985.                                 (extension "com.apple.assets.read")
2986.                                 (require-any
2987.                                     (subpath-prefix "${HOME}/Library/Assets")
2988.                                     (subpath "/private/var/MobileAsset")
2989.                                 )
2990.                             )
2991.                             (require-all
2992.                                 (subpath-prefix "${FRONT_USER_HOME}")
2993.                                 (extension "com.apple.classkit.read-write")
2994.                                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/ProgressKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/ProgressKit$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/ClassKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/ClassKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/(Progre|Cla)ssKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/(Progre|Cla)ssKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/(Progre|Cla)ssKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/(Progre|Cla)ssKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/(Progre|Cla)ssKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/(Progre|Cla)ssKit$")
2995.                             )
2996.                             (require-all
2997.                                 (subpath-prefix "${HOME}/Library/Application Support/Ubiquity/genstore")
2998.                                 (extension "com.apple.librarian.ubiquity-revision")
2999.                             )
3000.                             (require-all
3001.                                 (subpath-prefix "${HOME}/Library/Mobile Documents")
3002.                                 (require-any
3003.                                     (extension "com.apple.librarian.ubiquity-container")
3004.                                     (require-entitlement "com.apple.private.librarian.container-proxy")
3005.                                 )
3006.                             )
3007.                             (require-all
3008.                                 (vnode-type REGULAR-FILE)
3009.                                 (subpath-prefix "${HOME}/Library/Application Support/CloudDocs/session/r")
3010.                                 (extension "com.apple.clouddocs.version")
3011.                             )
3012.                             (require-all
3013.                                 (subpath-prefix "${HOME}/Media")
3014.                                 (require-any
3015.                                     (require-all
3016.                                         (extension "com.apple.avasset.read-only")
3017.                                         (extension "com.apple.tcc.kTCCServicePhotos")
3018.                                     )
3019.                                     (require-all
3020.                                         (extension "com.apple.tcc.kTCCServicePhotos")
3021.                                         (require-any
3022.                                             (require-any
3023.                                                 (subpath-prefix "${HOME}/Media/PhotoData/Metadata")
3024.                                                 (subpath-prefix "${HOME}/Media/PhotoData/Thumbnails")
3025.                                             )
3026.                                             (require-any
3027.                                                 (subpath-prefix "${HOME}/Media/PhotoData/Sync/FaceAlbumThumbnails")
3028.                                                 (literal-prefix "${HOME}/Media/PhotoData/syncInfo.plist")
3029.                                             )
3030.                                         )
3031.                                     )
3032.                                     (require-all
3033.                                         (process-attribute 4)
3034.                                         (literal-prefix "${HOME}/Media/PhotoData/Photos.sqlite")
3035.                                         (extension "com.apple.tcc.kTCCServicePhotos")
3036.                                     )
3037.                                 )
3038.                             )
3039.                             (require-all
3040.                                 (require-any
3041.                                     (subpath-prefix "${HOME}/Library/FairPlay")
3042.                                     (literal "/usr/sbin/fairplayd")
3043.                                 )
3044.                                 (require-any
3045.                                     (require-any
3046.                                         (literal "/dev/zero")
3047.                                         (literal "/dev/null")
3048.                                     )
3049.                                     (require-any
3050.                                         (subpath "/private/var/db/datadetectors/sys")
3051.                                         (subpath "/private/var/containers/Shared/SystemGroup/systemgroup.com.apple.icloud.findmydevice.managed/Library")
3052.                                     )
3053.                                     (require-any
3054.                                         (subpath "/private/var/containers/Shared/SystemGroup/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles/PublicInfo")
3055.                                         (subpath-prefix "${FRONT_USER_HOME}/Library/ConfigurationProfiles/PublicInfo")
3056.                                         (subpath-prefix "${FRONT_USER_HOME}/Library/UserConfigurationProfiles/PublicInfo")
3057.                                     )
3058.                                     (literal "/dev/dtracehelper")
3059.                                     (require-any
3060.                                         (literal "/dev/urandom")
3061.                                         (literal "/dev/random")
3062.                                     )
3063.                                     (literal "/private/var/containers/Shared/SystemGroup/systemgroup.com.apple.mobilegestaltcache/Library/Caches/com.apple.MobileGestalt.plist")
3064.                                     (literal "/dev/aes_0")
3065.                                     (require-all
3066.                                         (uid 0)
3067.                                         (literal "/private/etc/master.passwd")
3068.                                     )
3069.                                     (require-all
3070.                                         (extension "com.apple.sandbox.system-container")
3071.                                         (require-entitlement "com.apple.security.system-container")
3072.                                     )
3073.                                     (require-all
3074.                                         (extension "com.apple.sandbox.system-group")
3075.                                         (require-any
3076.                                             (require-entitlement "com.apple.security.system-groups"
3077.                                                 (require-any
3078.                                                     (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/")
3079.                                                     (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/" #"^/private/var/containers/Shared/SystemGroup/[^/]+$")
3080.                                                 )
3081.                                             )
3082.                                             (require-entitlement "com.apple.security.system-group-containers"
3083.                                                 (require-any
3084.                                                     (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/")
3085.                                                     (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/" #"^/private/var/containers/Shared/SystemGroup/[^/]+$")
3086.                                                 )
3087.                                             )
3088.                                         )
3089.                                     )
3090.                                     (require-all
3091.                                         (subpath "/private/var/db/diagnostics")
3092.                                         (require-any
3093.                                             (require-entitlement "com.apple.private.logging.diagnostic")
3094.                                             (require-entitlement "com.apple.diagnosticd.diagnostic")
3095.                                         )
3096.                                     )
3097.                                     (require-all
3098.                                         (require-any
3099.                                             (subpath "/private/var/db/timesync")
3100.                                             (subpath "/private/var/userdata/diagnostics")
3101.                                         )
3102.                                         (require-any
3103.                                             (require-entitlement "com.apple.private.logging.diagnostic")
3104.                                             (require-entitlement "com.apple.diagnosticd.diagnostic")
3105.                                         )
3106.                                     )
3107.                                     (require-all
3108.                                         (subpath "/private/var/db/uuidtext")
3109.                                         (require-any
3110.                                             (require-entitlement "com.apple.private.logging.diagnostic")
3111.                                             (require-entitlement "com.apple.diagnosticd.diagnostic")
3112.                                         )
3113.                                     )
3114.                                     (require-all
3115.                                         (vnode-type BLOCK-DEVICE)
3116.                                         (vnode-type CHARACTER-DEVICE)
3117.                                         (require-any
3118.                                             (literal "/private/etc/hosts")
3119.                                             (require-any
3120.                                                 (literal "/private/etc/group")
3121.                                                 (literal "/private/etc/passwd")
3122.                                                 (literal "/private/etc/protocols")
3123.                                                 (literal "/private/etc/services")
3124.                                             )
3125.                                             (literal "/")
3126.                                             (require-entitlement "com.apple.itunesstored.private")
3127.                                             (require-all
3128.                                                 (process-attribute 4)
3129.                                                 (require-any
3130.                                                     (literal "/private/var/containers/Shared/SystemGroup/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles/CloudConfigurationSetAsideDetails.plist")
3131.                                                     (literal-prefix "${FRONT_USER_HOME}/Library/ConfigurationProfiles/CloudConfigurationSetAsideDetails.plist")
3132.                                                     (literal-prefix "${FRONT_USER_HOME}/Library/UserConfigurationProfiles/CloudConfigurationSetAsideDetails.plist")
3133.                                                     (literal-prefix "${FRONT_USER_HOME}/Library/")
3134.                                                 )
3135.                                                 (require-entitlement "com.apple.private.amfi.can-execute-cdhash")
3136.                                             )
3137.                                             (require-all
3138.                                                 (process-attribute 4)
3139.                                                 (require-any
3140.                                                     (literal "/private/var/containers/Shared/SystemGroup/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles/CloudConfigurationDetails.plist")
3141.                                                     (literal-prefix "${FRONT_USER_HOME}/Library/ConfigurationProfiles/CloudConfigurationDetails.plist")
3142.                                                     (literal-prefix "${FRONT_USER_HOME}/Library/UserConfigurationProfiles/CloudConfigurationDetails.plist")
3143.                                                     (literal-prefix "${FRONT_USER_HOME}")
3144.                                                 )
3145.                                                 (require-entitlement "com.apple.private.amfi.can-execute-cdhash")
3146.                                             )
3147.                                             (require-all
3148.                                                 (extension "com.apple.assets.read")
3149.                                                 (require-entitlement "com.apple.private.assets.accessible-asset-types"
3150.                                                     (require-any
3151.                                                         (subpath-prefix "${HOME}/Library/Assets")
3152.                                                         (subpath "/private/var/MobileAsset")
3153.                                                     )
3154.                                                 )
3155.                                             )
3156.                                             (require-all
3157.                                                 (literal-prefix "${HOME}/Library/Caches/PassKit/cache.plist")
3158.                                                 (require-entitlement "com.apple.private.contactsui")
3159.                                             )
3160.                                             (require-all
3161.                                                 (literal-prefix "${HOME}/Library/Preferences/com.apple.mobilephone.speeddial.plist")
3162.                                                 (require-entitlement "com.apple.private.contactsui")
3163.                                             )
3164.                                             (require-all
3165.                                                 (require-any
3166.                                                     (literal-prefix "${HOME}/Library/CoreDuet/People/interactionC.db")
3167.                                                     (literal-prefix "${HOME}/Library/CoreDuet/People/interactionC.db-wal")
3168.                                                     (literal-prefix "${HOME}/Library/CoreDuet/People/interactionC.db-journal")
3169.                                                     (literal-prefix "${HOME}/Library/CoreDuet/People")
3170.                                                 )
3171.                                                 (require-entitlement "com.apple.coreduetd.people")
3172.                                             )
3173.                                             (require-all
3174.                                                 (literal-prefix "${HOME}/Library/CoreDuet/People/interactionC.db-shm")
3175.                                                 (require-entitlement "com.apple.coreduetd.people")
3176.                                             )
3177.                                         )
3178.                                     )
3179.                                 )
3180.                             )
3181.                         )
3182.                     )
3183.                 )
3184.             )
3185.             (require-all
3186.                 (require-entitlement "com.apple.private.signing-identifier"
3187.                     (require-any
3188.                         (require-all
3189.                             (subpath-prefix "${HOME}")
3190.                             (require-any
3191.                                 (require-all
3192.                                     (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com.apple.nanoprefsyncd$" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com.apple.nanoprefsyncd$" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com.apple.nanoprefsyncd$" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com.apple.nanoprefsyncd$")
3193.                                     (require-any
3194.                                         (require-any
3195.                                             (entitlement-value "com.apple.Music")
3196.                                             (entitlement-value "com.apple.stocks.watchkitextension")
3197.                                         )
3198.                                         (entitlement-value "com.apple.mobilemail")
3199.                                         (entitlement-value "com.apple.PassbookUIService")
3200.                                     )
3201.                                 )
3202.                                 (require-all
3203.                                     (entitlement-value "com.apple.Music")
3204.                                     (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMusicSync" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMusicSync" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMusicSync" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMusicSync")
3205.                                 )
3206.                                 (require-all
3207.                                     (entitlement-value "com.apple.mobilemail")
3208.                                     (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMail" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMail" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMail" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMail")
3209.                                 )
3210.                                 (require-all
3211.                                     (entitlement-value "com.apple.Maps")
3212.                                     (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps$" #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps/" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps$" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps/" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps$" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps/" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps$" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps/")
3213.                                 )
3214.                                 (require-all
3215.                                     (entitlement-value "com.apple.WebContentFilter.remoteUI.WebContentAnalysisUI")
3216.                                     (regex #"^/private/var/mobile/Library/Preferences/com.apple.restrictionspassword.plist" #"^/private/var/euser[0-9]+/Library/Preferences/com.apple.restrictionspassword.plist" #"^/private/var/[-0-9A-F]+/Library/Preferences/com.apple.restrictionspassword.plist" #"^/private/var/Users/[^/]+/Library/Preferences/com.apple.restrictionspassword.plist")
3217.                                 )
3218.                                 (require-all
3219.                                     (entitlement-value "com.apple.PassbookUIService")
3220.                                     (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]Carousel$" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]Carousel$" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]Carousel$" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]Carousel$")
3221.                                 )
3222.                                 (require-all
3223.                                     (entitlement-value "com.apple.stocks.watchkitextension")
3224.                                     (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]stocks[.]bridge$" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]stocks[.]bridge$" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]stocks[.]bridge$" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]stocks[.]bridge$")
3225.                                 )
3226.                             )
3227.                         )
3228.                         (require-all
3229.                             (subpath-prefix "${FRONT_USER_HOME}")
3230.                             (entitlement-value "com.apple.SafariViewService")
3231.                             (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$")
3232.                         )
3233.                         (require-all
3234.                             (entitlement-value "com.apple.Music")
3235.                             (require-any
3236.                                 (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioRequestURLCache")
3237.                                 (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioImageCache")
3238.                             )
3239.                         )
3240.                         (require-all
3241.                             (subpath "/Applications/AppStore.app/Frameworks")
3242.                             (entitlement-value "com.apple.MobileSMS")
3243.                         )
3244.                         (require-all
3245.                             (literal "/usr/libexec")
3246.                             (require-any
3247.                                 (entitlement-value "com.apple.safarifetcherd")
3248.                                 (entitlement-value "com.apple.webbookmarksd")
3249.                             )
3250.                         )
3251.                         (require-all
3252.                             (subpath-prefix "${HOME}/Library/WebClips")
3253.                             (require-any
3254.                                 (entitlement-value "com.apple.mobilesafari")
3255.                                 (entitlement-value "com.apple.webapp")
3256.                             )
3257.                         )
3258.                         (require-all
3259.                             (subpath-prefix "${HOME}/Media/DCIM")
3260.                             (require-any
3261.                                 (entitlement-value "com.apple.mobilesafari")
3262.                                 (entitlement-value "com.apple.webapp")
3263.                             )
3264.                         )
3265.                         (require-all
3266.                             (entitlement-value "com.apple.mobilesafari")
3267.                             (require-any
3268.                                 (subpath-prefix "${HOME}/Library/Caches/com.apple.parsecd/CustomFeedback/SafariAutoFill")
3269.                                 (subpath-prefix "${HOME}/Library/Caches/com.apple.parsecd/CustomFeedback/SafariAutoPlay")
3270.                             )
3271.                         )
3272.                         (require-all
3273.                             (subpath-prefix "${HOME}/Media/Safari")
3274.                             (entitlement-value "com.apple.mobilesafari")
3275.                         )
3276.                         (require-all
3277.                             (subpath-prefix "${HOME}/Library/Cookies")
3278.                             (require-any
3279.                                 (entitlement-value "com.apple.mobilesafari")
3280.                                 (entitlement-value "com.apple.webbookmarksd")
3281.                                 (entitlement-value "com.apple.safarifetcherd")
3282.                                 (entitlement-value "com.apple.Safari.SocialHelper")
3283.                             )
3284.                         )
3285.                         (require-all
3286.                             (subpath-prefix "${HOME}/Library/Safari")
3287.                             (require-any
3288.                                 (entitlement-value "com.apple.mobilesafari")
3289.                                 (entitlement-value "com.apple.webbookmarksd")
3290.                                 (entitlement-value "com.apple.safarifetcherd")
3291.                                 (entitlement-value "com.apple.Safari.SocialHelper")
3292.                                 (entitlement-value "com.apple.mobilemail")
3293.                                 (entitlement-value "com.apple.mobilenotes")
3294.                             )
3295.                         )
3296.                         (require-all
3297.                             (require-any
3298.                                 (literal-prefix "${HOME}/Library/Caches/com.apple.notes.objectcreation.lock")
3299.                                 (literal-prefix "${HOME}/Library/Caches/com.apple.notes.sharedstore.lock")
3300.                             )
3301.                             (require-any
3302.                                 (entitlement-value "com.apple.mobilemail")
3303.                                 (entitlement-value "com.apple.mobilenotes")
3304.                             )
3305.                         )
3306.                         (require-all
3307.                             (subpath-prefix "${HOME}/Library/Notes")
3308.                             (require-any
3309.                                 (entitlement-value "com.apple.mobilemail")
3310.                                 (entitlement-value "com.apple.mobilenotes")
3311.                             )
3312.                         )
3313.                         (require-all
3314.                             (subpath-prefix "${HOME}/Media")
3315.                             (entitlement-value "com.apple.mobilemail")
3316.                         )
3317.                         (require-all
3318.                             (entitlement-value "com.apple.mobilemail")
3319.                             (require-any
3320.                                 (literal-prefix "${FRONT_USER_HOME}/Library/Logs/PersistentConnection/com.apple.mobilemail")
3321.                                 (literal-prefix "${FRONT_USER_HOME}/Library/Logs/CrashReporter/PersistentConnection/com.apple.mobilemail")
3322.                             )
3323.                         )
3324.                         (require-all
3325.                             (entitlement-value "com.apple.mobilemail")
3326.                             (require-any
3327.                                 (literal-prefix "${HOME}/Library/Preferences/com.apple.AOSNotification.launchd")
3328.                                 (literal-prefix "${HOME}/Library/Preferences/com.apple.dataaccess.launchd")
3329.                             )
3330.                         )
3331.                         (require-all
3332.                             (entitlement-value "com.apple.mobilemail")
3333.                             (require-any
3334.                                 (require-any
3335.                                     (subpath "/Library/Application Support/Mail/Plugins")
3336.                                     (literal "/private/var/preferences/SystemConfiguration/com.apple.AutoWake.plist")
3337.                                     (literal "/System/Library/PairedSyncServices/com.apple.pairedsync.mail.plist")
3338.                                 )
3339.                                 (subpath-prefix "${HOME}/Library/Caches/DataAccess")
3340.                             )
3341.                         )
3342.                         (require-all
3343.                             (entitlement-value "com.apple.mobilemail")
3344.                             (require-any
3345.                                 (subpath-prefix "${FRONT_USER_HOME}/Library/UserConfigurationProfiles")
3346.                                 (subpath-prefix "${FRONT_USER_HOME}/Library/ConfigurationProfiles")
3347.                                 (subpath "/private/var/containers/Shared/SystemGroup/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles")
3348.                             )
3349.                         )
3350.                         (require-all
3351.                             (subpath-prefix "${HOME}/Library/Calendar")
3352.                             (entitlement-value "com.apple.mobilemail")
3353.                         )
3354.                         (require-all
3355.                             (subpath-prefix "${HOME}/Library/DataAccess")
3356.                             (entitlement-value "com.apple.mobilemail")
3357.                         )
3358.                         (require-all
3359.                             (subpath-prefix "${HOME}/Library/Logs/Mail")
3360.                             (entitlement-value "com.apple.mobilemail")
3361.                         )
3362.                         (require-all
3363.                             (subpath-prefix "${HOME}/Library/Mail")
3364.                             (entitlement-value "com.apple.mobilemail")
3365.                         )
3366.                         (require-all
3367.                             (entitlement-value "com.apple.Maps")
3368.                             (require-any
3369.                                 (regex #"^/private/var/containers/Bundle/[^/]+/[-0-9A-Z]+/GeoJSON")
3370.                                 (subpath-prefix "${HOME}/Library/SMS")
3371.                             )
3372.                         )
3373.                         (require-all
3374.                             (subpath-prefix "${HOME}/Library/CallServices/Ringtones")
3375.                             (entitlement-value "com.apple.InCallService")
3376.                         )
3377.                         (require-all
3378.                             (entitlement-value "com.apple.ios.StoreKitUIService")
3379.                             (require-any
3380.                                 (literal-prefix "${HOME}/Library/Caches/com.apple.storeservices/AppPurchaseHistory.6.sqlitedb")
3381.                                 (literal-prefix "${HOME}/Library/Caches/com.apple.storeservices/AppPurchaseHistory.6.sqlitedb-wal")
3382.                                 (literal-prefix "${HOME}/Library/Caches/com.apple.storeservices/AppPurchaseHistory.6.sqlitedb-shm")
3383.                                 (literal-prefix "${HOME}/Library/Caches/com.apple.storeservices/AppPurchaseHistory.6.sqlitedb-journal")
3384.                                 (literal-prefix "${HOME}/Library/Caches/com.apple.storeservices")
3385.                             )
3386.                         )
3387.                         (require-all
3388.                             (entitlement-value "com.apple.UIKit.ShareUI")
3389.                             (extension "com.apple.sharing.airdrop.readonly")
3390.                         )
3391.                         (require-all
3392.                             (literal "/AppleInternal/Library/Frameworks/CoreAutomation")
3393.                             (entitlement-value "com.apple.iStreamer")
3394.                         )
3395.                     )
3396.                 )
3397.             )
3398.         )
3399.     )
3400.     (require-all
3401.         (regex #"^/private/var/containers/Data/System/[^/]+/[.]com[.]apple[.]")
3402.         (require-any
3403.             (regex #"^/private/var/containers/Data/System/[^/]+/")
3404.             (regex #"^/private/var/containers/Data/System/[^/]+/" #"^/private/var/containers/Data/System/[^/]+$")
3405.         )
3406.     )
3407. )
3408. (allow file-read-data
3409.     (require-all
3410.         (vnode-type REGULAR-FILE)
3411.         (require-any
3412.             (require-all
3413.                 (extension "com.apple.revisiond.staging")
3414.                 (require-any
3415.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
3416.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
3417.                 )
3418.             )
3419.             (require-all
3420.                 (extension "com.apple.revisiond.revision")
3421.                 (require-any
3422.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/PerUID")
3423.                     (subpath "/private/var/.DocumentRevisions-V100/PerUID")
3424.                 )
3425.             )
3426.         )
3427.     )
3428.     (require-all
3429.         (vnode-type DIRECTORY)
3430.         (require-any
3431.             (require-all
3432.                 (extension "com.apple.revisiond.staging")
3433.                 (require-any
3434.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
3435.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
3436.                 )
3437.             )
3438.             (require-all
3439.                 (extension "com.apple.revisiond.revision")
3440.                 (require-any
3441.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/PerUID")
3442.                     (subpath "/private/var/.DocumentRevisions-V100/PerUID")
3443.                 )
3444.             )
3445.         )
3446.     )
3447.     (require-all
3448.         (vnode-type SYMLINK)
3449.         (require-any
3450.             (require-all
3451.                 (extension "com.apple.revisiond.staging")
3452.                 (require-any
3453.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
3454.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
3455.                 )
3456.             )
3457.             (require-all
3458.                 (extension "com.apple.revisiond.revision")
3459.                 (require-any
3460.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/PerUID")
3461.                     (subpath "/private/var/.DocumentRevisions-V100/PerUID")
3462.                 )
3463.             )
3464.         )
3465.     )
3466.     (require-all
3467.         (vnode-type REGULAR-FILE)
3468.         (require-any
3469.             (require-all
3470.                 (extension "com.apple.revisiond.staging")
3471.                 (require-any
3472.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
3473.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
3474.                 )
3475.             )
3476.             (require-all
3477.                 (extension "com.apple.revisiond.revision")
3478.                 (require-any
3479.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/PerUID")
3480.                     (subpath "/private/var/.DocumentRevisions-V100/PerUID")
3481.                 )
3482.             )
3483.         )
3484.     )
3485.     (require-all
3486.         (vnode-type DIRECTORY)
3487.         (require-any
3488.             (require-all
3489.                 (extension "com.apple.revisiond.staging")
3490.                 (require-any
3491.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
3492.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
3493.                 )
3494.             )
3495.             (require-all
3496.                 (extension "com.apple.revisiond.revision")
3497.                 (require-any
3498.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/PerUID")
3499.                     (subpath "/private/var/.DocumentRevisions-V100/PerUID")
3500.                 )
3501.             )
3502.         )
3503.     )
3504.     (require-all
3505.         (vnode-type SYMLINK)
3506.         (require-any
3507.             (require-all
3508.                 (extension "com.apple.revisiond.staging")
3509.                 (require-any
3510.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
3511.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
3512.                 )
3513.             )
3514.             (require-all
3515.                 (extension "com.apple.revisiond.revision")
3516.                 (require-any
3517.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/PerUID")
3518.                     (subpath "/private/var/.DocumentRevisions-V100/PerUID")
3519.                 )
3520.             )
3521.         )
3522.     )
3523.     (require-all
3524.         (vnode-type SOCKET)
3525.         (literal-prefix "${FRONT_USER_HOME}/Library/ExternalAccessory/ea")
3526.     )
3527. )
3528. (allow file-read-metadata
3529.     (regex #"^/private/var/containers/Data/System/[^/]+/")
3530.     (vnode-type SYMLINK)
3531.     (literal-prefix "${HOME}/Library")
3532.     (literal-prefix "${HOME}/Library/Mobile Documents")
3533.     (literal-prefix "${HOME}")
3534.     (literal-prefix "${HOME}/Library/Preferences")
3535.     (subpath-prefix "${FRONT_USER_HOME}/Library/Carrier Bundles")
3536.     (literal "/private/var/run/printd")
3537.     (literal-prefix "${HOME}/Library/Caches/com.apple.DictionaryServices")
3538.     (literal-prefix "${HOME}/Library/PPTDevice")
3539.     (literal "/private/var/run/syslog")
3540.     (literal-prefix "${HOME}/Library/Caches/powerlog.launchd")
3541.     (literal "/private/var")
3542.     (literal-prefix "${HOME}/Library/GameKit/Data")
3543.     (extension "com.apple.security.exception.files.home-relative-path.read-write")
3544.     (extension "com.apple.app-sandbox.read")
3545.     (extension "com.apple.app-sandbox.read-write")
3546.     (extension "com.apple.security.exception.files.absolute-path.read-write")
3547.     (require-all
3548.         (subpath-prefix "${HOME}/Library/Mobile Documents")
3549.         (require-any
3550.             (extension "com.apple.librarian.ubiquity-container")
3551.             (require-entitlement "com.apple.private.librarian.container-proxy")
3552.         )
3553.     )
3554.     (require-all
3555.         (vnode-type REGULAR-FILE)
3556.         (require-any
3557.             (require-all
3558.                 (extension "com.apple.revisiond.staging")
3559.                 (require-any
3560.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
3561.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
3562.                 )
3563.             )
3564.             (require-all
3565.                 (extension "com.apple.revisiond.revision")
3566.                 (require-any
3567.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/PerUID")
3568.                     (subpath "/private/var/.DocumentRevisions-V100/PerUID")
3569.                 )
3570.             )
3571.         )
3572.     )
3573.     (require-all
3574.         (vnode-type DIRECTORY)
3575.         (require-any
3576.             (require-all
3577.                 (extension "com.apple.revisiond.staging")
3578.                 (require-any
3579.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
3580.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
3581.                 )
3582.             )
3583.             (require-all
3584.                 (extension "com.apple.revisiond.revision")
3585.                 (require-any
3586.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/PerUID")
3587.                     (subpath "/private/var/.DocumentRevisions-V100/PerUID")
3588.                 )
3589.             )
3590.         )
3591.     )
3592.     (require-all
3593.         (vnode-type SYMLINK)
3594.         (require-any
3595.             (require-all
3596.                 (extension "com.apple.revisiond.staging")
3597.                 (require-any
3598.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
3599.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
3600.                 )
3601.             )
3602.             (require-all
3603.                 (extension "com.apple.revisiond.revision")
3604.                 (require-any
3605.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/PerUID")
3606.                     (subpath "/private/var/.DocumentRevisions-V100/PerUID")
3607.                 )
3608.             )
3609.         )
3610.     )
3611.     (require-all
3612.         (extension "com.apple.sandbox.container")
3613.         (require-any
3614.             (require-all
3615.                 (subpath-prefix "${FRONT_USER_HOME}")
3616.                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
3617.             )
3618.             (require-all
3619.                 (subpath-prefix "${FRONT_USER_HOME}")
3620.                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/iTunesMetadata[.]plist$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/iTunesMetadata[.]plist$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/iTunesMetadata[.]plist$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/iTunesMetadata[.]plist$")
3621.             )
3622.         )
3623.     )
3624.     (require-all
3625.         (vnode-type DIRECTORY)
3626.         (literal-prefix "${HOME}/Library/DeviceRegistry")
3627.         (process-attribute 4)
3628.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3629.     )
3630.     (require-all
3631.         (literal-prefix "${HOME}/Library/DeviceRegistry")
3632.         (process-attribute 4)
3633.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3634.     )
3635.     (require-all
3636.         (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+$" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+$" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+$" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+$")
3637.         (subpath-prefix "${HOME}")
3638.         (process-attribute 4)
3639.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3640.     )
3641.     (require-all
3642.         (literal-prefix "${HOME}")
3643.         (require-any
3644.             (require-entitlement "com.apple.system.set-alert-tone")
3645.             (require-entitlement "com.apple.media.ringtones.read-only")
3646.             (require-entitlement "com.apple.private.signing-identifier" (entitlement-value "com.apple.mobilemail"))
3647.             (require-entitlement "com.apple.system.get-wallpaper")
3648.             (require-entitlement "com.apple.private.signing-identifier"
3649.                 (require-any
3650.                     (entitlement-value "com.apple.iBooks")
3651.                     (entitlement-value "com.apple.itunesu")
3652.                 )
3653.             )
3654.             (require-entitlement "com.apple.container2")
3655.             (require-all
3656.                 (process-attribute 4)
3657.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3658.             )
3659.             (require-all
3660.                 (literal-prefix "${HOME}")
3661.                 (require-any
3662.                     (require-entitlement "com.apple.private.signing-identifier"
3663.                         (require-any
3664.                             (entitlement-value "com.apple.iBooks")
3665.                             (entitlement-value "com.apple.itunesu")
3666.                         )
3667.                     )
3668.                     (require-entitlement "com.apple.container2")
3669.                 )
3670.             )
3671.             (require-all
3672.                 (literal-prefix "${HOME}/Library/Preferences")
3673.                 (require-any
3674.                     (require-entitlement "com.apple.private.signing-identifier"
3675.                         (require-any
3676.                             (entitlement-value "com.apple.iBooks")
3677.                             (entitlement-value "com.apple.itunesu")
3678.                         )
3679.                     )
3680.                     (require-entitlement "com.apple.container2")
3681.                 )
3682.             )
3683.         )
3684.     )
3685.     (require-all
3686.         (literal-prefix "${HOME}/Library/Preferences")
3687.         (require-any
3688.             (require-entitlement "com.apple.system.set-alert-tone")
3689.             (require-entitlement "com.apple.media.ringtones.read-only")
3690.             (require-entitlement "com.apple.private.signing-identifier" (entitlement-value "com.apple.mobilemail"))
3691.             (require-entitlement "com.apple.system.get-wallpaper")
3692.             (require-entitlement "com.apple.private.signing-identifier"
3693.                 (require-any
3694.                     (entitlement-value "com.apple.iBooks")
3695.                     (entitlement-value "com.apple.itunesu")
3696.                 )
3697.             )
3698.             (require-entitlement "com.apple.container2")
3699.             (require-all
3700.                 (process-attribute 4)
3701.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3702.             )
3703.             (require-all
3704.                 (literal-prefix "${HOME}")
3705.                 (require-any
3706.                     (require-entitlement "com.apple.private.signing-identifier"
3707.                         (require-any
3708.                             (entitlement-value "com.apple.iBooks")
3709.                             (entitlement-value "com.apple.itunesu")
3710.                         )
3711.                     )
3712.                     (require-entitlement "com.apple.container2")
3713.                 )
3714.             )
3715.             (require-all
3716.                 (literal-prefix "${HOME}/Library/Preferences")
3717.                 (require-any
3718.                     (require-entitlement "com.apple.private.signing-identifier"
3719.                         (require-any
3720.                             (entitlement-value "com.apple.iBooks")
3721.                             (entitlement-value "com.apple.itunesu")
3722.                         )
3723.                     )
3724.                     (require-entitlement "com.apple.container2")
3725.                 )
3726.             )
3727.         )
3728.     )
3729.     (require-all
3730.         (vnode-type DIRECTORY)
3731.         (require-any
3732.             (literal-prefix "${HOME}/Library/com.apple.iTunesStore")
3733.             (literal-prefix "${HOME}/Library/com.apple.iTunesStore/LocalStorage")
3734.         )
3735.         (require-any
3736.             (require-entitlement "com.apple.private.signing-identifier"
3737.                 (require-any
3738.                     (entitlement-value "com.apple.mobilesafari")
3739.                     (require-any
3740.                         (entitlement-value "com.apple.iBooks")
3741.                         (entitlement-value "com.apple.itunesu")
3742.                     )
3743.                 )
3744.             )
3745.             (require-entitlement "com.apple.container2")
3746.         )
3747.     )
3748.     (require-all
3749.         (require-any
3750.             (literal-prefix "${HOME}/Library/com.apple.iTunesStore")
3751.             (literal-prefix "${HOME}/Library/com.apple.iTunesStore/LocalStorage")
3752.         )
3753.         (require-any
3754.             (require-entitlement "com.apple.private.signing-identifier"
3755.                 (require-any
3756.                     (entitlement-value "com.apple.mobilesafari")
3757.                     (require-any
3758.                         (entitlement-value "com.apple.iBooks")
3759.                         (entitlement-value "com.apple.itunesu")
3760.                     )
3761.                 )
3762.             )
3763.             (require-entitlement "com.apple.container2")
3764.         )
3765.     )
3766.     (require-all
3767.         (literal-prefix "${HOME}")
3768.         (require-any
3769.             (require-entitlement "com.apple.private.signing-identifier"
3770.                 (require-any
3771.                     (entitlement-value "com.apple.mobilesafari")
3772.                     (require-any
3773.                         (entitlement-value "com.apple.iBooks")
3774.                         (entitlement-value "com.apple.itunesu")
3775.                     )
3776.                 )
3777.             )
3778.             (require-entitlement "com.apple.container2")
3779.             (require-all
3780.                 (literal-prefix "${HOME}")
3781.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3782.             )
3783.             (require-all
3784.                 (literal-prefix "${HOME}/Library/Preferences")
3785.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3786.             )
3787.         )
3788.     )
3789.     (require-all
3790.         (literal-prefix "${HOME}/Library/Preferences")
3791.         (require-any
3792.             (require-entitlement "com.apple.private.signing-identifier"
3793.                 (require-any
3794.                     (entitlement-value "com.apple.mobilesafari")
3795.                     (require-any
3796.                         (entitlement-value "com.apple.iBooks")
3797.                         (entitlement-value "com.apple.itunesu")
3798.                     )
3799.                 )
3800.             )
3801.             (require-entitlement "com.apple.container2")
3802.             (require-all
3803.                 (literal-prefix "${HOME}")
3804.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3805.             )
3806.             (require-all
3807.                 (literal-prefix "${HOME}/Library/Preferences")
3808.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3809.             )
3810.         )
3811.     )
3812.     (require-all
3813.         (extension "com.apple.sandbox.application-group")
3814.         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
3815.         (subpath-prefix "${HOME}")
3816.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3817.     )
3818.     (require-all
3819.         (literal-prefix "${HOME}")
3820.         (require-any
3821.             (extension "com.apple.tcc.kTCCServicePhotos")
3822.             (require-all
3823.                 (process-attribute 4)
3824.                 (require-any
3825.                     (require-all
3826.                         (literal-prefix "${HOME}")
3827.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3828.                     )
3829.                     (require-all
3830.                         (literal-prefix "${HOME}/Library/Preferences")
3831.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3832.                     )
3833.                 )
3834.             )
3835.         )
3836.     )
3837.     (require-all
3838.         (literal-prefix "${HOME}/Library/Preferences")
3839.         (require-any
3840.             (extension "com.apple.tcc.kTCCServicePhotos")
3841.             (require-all
3842.                 (process-attribute 4)
3843.                 (require-any
3844.                     (require-all
3845.                         (literal-prefix "${HOME}")
3846.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3847.                     )
3848.                     (require-all
3849.                         (literal-prefix "${HOME}/Library/Preferences")
3850.                         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3851.                     )
3852.                 )
3853.             )
3854.         )
3855.     )
3856.     (require-all
3857.         (extension "com.apple.sandbox.system-container")
3858.         (require-entitlement "com.apple.security.system-container")
3859.     )
3860.     (require-all
3861.         (extension "com.apple.sandbox.system-group")
3862.         (require-any
3863.             (require-entitlement "com.apple.security.system-groups")
3864.             (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/")
3865.             (require-entitlement "com.apple.security.system-group-containers")
3866.             (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/")
3867.         )
3868.     )
3869.     (require-all
3870.         (process-attribute 4)
3871.         (require-any
3872.             (require-all
3873.                 (literal-prefix "${HOME}")
3874.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3875.             )
3876.             (require-all
3877.                 (literal-prefix "${HOME}/Library/Preferences")
3878.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
3879.             )
3880.         )
3881.     )
3882.     (require-all
3883.         (vnode-type DIRECTORY)
3884.         (require-any
3885.             (process-attribute 4)
3886.             (require-entitlement "com.apple.private.amfi.can-execute-cdhash")
3887.         )
3888.     )
3889.     (require-all
3890.         (literal-prefix "${HOME}")
3891.         (require-any
3892.             (require-entitlement "com.apple.avfoundation.allows-access-to-device-list")
3893.             (require-entitlement "com.apple.private.assets.accessible-asset-types")
3894.             (require-entitlement "com.apple.itunesstored.private")
3895.             (require-entitlement "com.apple.bulletinboard.dataprovider")
3896.             (require-entitlement "com.apple.itunesstored.private")
3897.             (require-entitlement "com.apple.coreduetd.allow")
3898.         )
3899.     )
3900.     (require-all
3901.         (literal-prefix "${HOME}/Library/Preferences")
3902.         (require-any
3903.             (require-entitlement "com.apple.avfoundation.allows-access-to-device-list")
3904.             (require-entitlement "com.apple.private.assets.accessible-asset-types")
3905.             (require-entitlement "com.apple.itunesstored.private")
3906.             (require-entitlement "com.apple.bulletinboard.dataprovider")
3907.             (require-entitlement "com.apple.itunesstored.private")
3908.             (require-entitlement "com.apple.coreduetd.allow")
3909.         )
3910.     )
3911.     (require-all
3912.         (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.iTunesStore.NSURLCache")
3913.         (require-entitlement "com.apple.itunesstored.private")
3914.     )
3915.     (require-all
3916.         (literal-prefix "${HOME}/Library/Caches/sharedCaches")
3917.         (require-entitlement "com.apple.itunesstored.private")
3918.     )
3919.     (require-all
3920.         (require-entitlement "com.apple.private.signing-identifier"
3921.             (require-any
3922.                 (require-all
3923.                     (entitlement-value "com.apple.Music")
3924.                     (require-any
3925.                         (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioRequestURLCache")
3926.                         (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioImageCache")
3927.                     )
3928.                 )
3929.                 (require-all
3930.                     (literal-prefix "${HOME}/Library/Caches/sharedCaches")
3931.                     (entitlement-value "com.apple.Music")
3932.                 )
3933.                 (require-all
3934.                     (subpath-prefix "${HOME}/Library/Cookies")
3935.                     (require-any
3936.                         (entitlement-value "com.apple.mobilesafari")
3937.                         (entitlement-value "com.apple.webbookmarksd")
3938.                         (entitlement-value "com.apple.safarifetcherd")
3939.                         (entitlement-value "com.apple.Safari.SocialHelper")
3940.                     )
3941.                 )
3942.                 (require-all
3943.                     (vnode-type DIRECTORY)
3944.                     (literal-prefix "${HOME}/Library/Caches")
3945.                     (require-any
3946.                         (entitlement-value "com.apple.mobilemail")
3947.                         (entitlement-value "com.apple.mobilenotes")
3948.                     )
3949.                 )
3950.                 (require-all
3951.                     (literal-prefix "${HOME}/Library/Caches")
3952.                     (require-any
3953.                         (entitlement-value "com.apple.mobilemail")
3954.                         (entitlement-value "com.apple.mobilenotes")
3955.                     )
3956.                 )
3957.                 (require-all
3958.                     (entitlement-value "com.apple.mobilemail")
3959.                     (require-any
3960.                         (literal-prefix "${FRONT_USER_HOME}/Library/Logs/PersistentConnection")
3961.                         (literal-prefix "${FRONT_USER_HOME}/Library/Logs/CrashReporter/PersistentConnection")
3962.                     )
3963.                 )
3964.                 (require-all
3965.                     (subpath-prefix "${HOME}/Library/Mail")
3966.                     (entitlement-value "com.apple.mobilemail")
3967.                 )
3968.                 (require-all
3969.                     (literal-prefix "${HOME}/Library/Caches/com.apple.storeservices")
3970.                     (entitlement-value "com.apple.ios.StoreKitUIService")
3971.                 )
3972.                 (require-all
3973.                     (subpath-prefix "${FRONT_USER_HOME}")
3974.                     (entitlement-value "com.apple.SafariViewService")
3975.                     (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$")
3976.                 )
3977.             )
3978.         )
3979.     )
3980. )
3981. (allow file-read-xattr
3982.     (require-all
3983.         (vnode-type REGULAR-FILE)
3984.         (require-any
3985.             (require-all
3986.                 (extension "com.apple.revisiond.revision")
3987.                 (require-any
3988.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/PerUID")
3989.                     (subpath "/private/var/.DocumentRevisions-V100/PerUID")
3990.                 )
3991.             )
3992.             (require-all
3993.                 (extension "com.apple.revisiond.staging")
3994.                 (require-any
3995.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
3996.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
3997.                 )
3998.             )
3999.         )
4000.     )
4001.     (require-all
4002.         (vnode-type DIRECTORY)
4003.         (require-any
4004.             (require-all
4005.                 (extension "com.apple.revisiond.revision")
4006.                 (require-any
4007.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/PerUID")
4008.                     (subpath "/private/var/.DocumentRevisions-V100/PerUID")
4009.                 )
4010.             )
4011.             (require-all
4012.                 (extension "com.apple.revisiond.staging")
4013.                 (require-any
4014.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
4015.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
4016.                 )
4017.             )
4018.         )
4019.     )
4020.     (require-all
4021.         (vnode-type SYMLINK)
4022.         (require-any
4023.             (require-all
4024.                 (extension "com.apple.revisiond.revision")
4025.                 (require-any
4026.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/PerUID")
4027.                     (subpath "/private/var/.DocumentRevisions-V100/PerUID")
4028.                 )
4029.             )
4030.             (require-all
4031.                 (extension "com.apple.revisiond.staging")
4032.                 (require-any
4033.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
4034.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
4035.                 )
4036.             )
4037.         )
4038.     )
4039. )
4040. (allow file-test-existence
4041.     (3b 0000 9e84 5fe3)
4042.     (literal "/private/var/Managed Preferences/mobile/.GlobalPreferences.plist")
4043.     (literal "/private/var/Managed Preferences/mobile/com.apple.SystemConfiguration.plist")
4044.     (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist")
4045.     (require-all
4046.         (require-not (literal "/private/var/Managed Preferences/mobile/"))
4047.         (require-not (literal-prefix "${HOME}/Library/Caches/BridgeIconCache/"))
4048.         (require-not (literal-prefix "${HOME}/Library/Caches/CloudKit/com.apple.CloudDocsUI.CloudSharing/"))
4049.         (require-not (literal-prefix "${HOME}/Library/Caches/CloudKit/com.apple.bird/"))
4050.         (require-not (literal-prefix "${HOME}/Library/CallServices/Ringtones/"))
4051.         (require-not (literal-prefix "${HOME}/Library/Application Support/CloudDocs/session/containers/"))
4052.         (require-not (literal-prefix "${HOME}/Library/SpringBoard/PushStore/"))
4053.         (require-not (literal-prefix "${HOME}/Library/SpringBoard/ApplicationShortcuts/"))
4054.         (require-not (literal-prefix "${HOME}/Library/SMS/"))
4055.         (require-not (literal-prefix "${HOME}/Library/OnDemandResources/Manifests/"))
4056.         (require-not (literal-prefix "${HOME}/Library/Mobile Documents/"))
4057.         (require-not (literal-prefix "${HOME}/Library/Mobile Documents/Media/Recordings/"))
4058.         (require-not (literal-prefix "${HOME}/Library/"))
4059.     )
4060.     (require-all
4061.         (process-attribute 4)
4062.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
4063.     )
4064. )
4065. (allow file-write*
4066.     (subpath-prefix "${HOME}/Media/iTunes_Control/iTunes")
4067.     (extension "com.apple.security.exception.files.absolute-path.read-write")
4068.     (extension "com.apple.security.exception.files.home-relative-path.read-write")
4069.     (extension "com.apple.app-sandbox.read-write")
4070.     (literal-prefix "${HOME}/Media/iTunes_Control/iTunes/Ringtones.plist")
4071.     (subpath-prefix "${HOME}/Media/iTunes_Control/Ringtones")
4072.     (subpath-prefix "${HOME}/Media/Purchases")
4073.     (require-any
4074.         (subpath-prefix "${HOME}/Library/Logs/com.apple.StoreServices")
4075.         (literal-prefix "${HOME}/Library/Cookies/com.apple.itunesstored")
4076.     )
4077.     (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.iTunesStore.NSURLCache")
4078.     (require-entitlement "com.apple.media.ringtones.read-write")
4079.     (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
4080.     (require-all
4081.         (regex #"^/private/var/containers/Data/System/[^/]+/[.]com[.]apple[.]")
4082.         (regex #"^/private/var/containers/Data/System/[^/]+/")
4083.     )
4084.     (require-all
4085.         (subpath-prefix "${HOME}/Library/Mobile Documents")
4086.         (require-any
4087.             (extension "com.apple.librarian.ubiquity-container")
4088.             (require-entitlement "com.apple.private.librarian.container-proxy")
4089.         )
4090.     )
4091.     (require-all
4092.         (vnode-type REGULAR-FILE)
4093.         (extension "com.apple.revisiond.staging")
4094.         (require-any
4095.             (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
4096.             (subpath "/private/var/.DocumentRevisions-V100/staging")
4097.         )
4098.     )
4099.     (require-all
4100.         (vnode-type DIRECTORY)
4101.         (extension "com.apple.revisiond.staging")
4102.         (require-any
4103.             (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
4104.             (subpath "/private/var/.DocumentRevisions-V100/staging")
4105.         )
4106.     )
4107.     (require-all
4108.         (vnode-type SYMLINK)
4109.         (extension "com.apple.revisiond.staging")
4110.         (require-any
4111.             (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
4112.             (subpath "/private/var/.DocumentRevisions-V100/staging")
4113.         )
4114.     )
4115.     (require-all
4116.         (subpath-prefix "${FRONT_USER_HOME}")
4117.         (extension "com.apple.sandbox.container")
4118.         (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
4119.     )
4120.     (require-all
4121.         (subpath-prefix "${HOME}/Media/Books")
4122.         (require-any
4123.             (require-entitlement "com.apple.private.signing-identifier"
4124.                 (require-any
4125.                     (entitlement-value "com.apple.iBooks")
4126.                     (entitlement-value "com.apple.itunesu")
4127.                 )
4128.             )
4129.             (require-entitlement "com.apple.container2")
4130.         )
4131.     )
4132.     (require-all
4133.         (subpath-prefix "${HOME}/Media/iTunes_Control")
4134.         (require-any
4135.             (require-all
4136.                 (extension "com.apple.tcc.kTCCServiceMediaLibrary")
4137.                 (require-any
4138.                     (require-entitlement "com.apple.private.signing-identifier"
4139.                         (require-any
4140.                             (entitlement-value "com.apple.iBooks")
4141.                             (entitlement-value "com.apple.itunesu")
4142.                         )
4143.                     )
4144.                     (require-entitlement "com.apple.container2")
4145.                 )
4146.             )
4147.             (require-all
4148.                 (extension "com.apple.tcc.kTCCServiceMediaLibrary")
4149.                 (require-any
4150.                     (literal-prefix "${HOME}/Media/iTunes_Control/iTunes/MediaLibrary.sqlitedb")
4151.                     (literal-prefix "${HOME}/Media/iTunes_Control/iTunes/MediaLibrary.sqlitedb-wal")
4152.                     (literal-prefix "${HOME}/Media/iTunes_Control/iTunes/MediaLibrary.sqlitedb-shm")
4153.                     (literal-prefix "${HOME}/Media/iTunes_Control/iTunes/MediaLibrary.sqlitedb-journal")
4154.                     (literal-prefix "${HOME}/Media/iTunes_Control/iTunes")
4155.                 )
4156.                 (require-any
4157.                     (require-entitlement "com.apple.private.signing-identifier"
4158.                         (require-any
4159.                             (entitlement-value "com.apple.mobilesafari")
4160.                             (require-any
4161.                                 (entitlement-value "com.apple.iBooks")
4162.                                 (entitlement-value "com.apple.itunesu")
4163.                             )
4164.                         )
4165.                     )
4166.                     (require-entitlement "com.apple.container2")
4167.                 )
4168.             )
4169.         )
4170.     )
4171.     (require-all
4172.         (literal-prefix "${HOME}/Library/Cookies/com.apple.itunesstored")
4173.         (require-any
4174.             (require-entitlement "com.apple.private.signing-identifier"
4175.                 (require-any
4176.                     (entitlement-value "com.apple.mobilesafari")
4177.                     (require-any
4178.                         (entitlement-value "com.apple.iBooks")
4179.                         (entitlement-value "com.apple.itunesu")
4180.                     )
4181.                 )
4182.             )
4183.             (require-entitlement "com.apple.container2")
4184.         )
4185.     )
4186.     (require-all
4187.         (vnode-type REGULAR-FILE)
4188.         (literal-prefix "${HOME}/Library/AddressBook/")
4189.         (extension "com.apple.tcc.kTCCServiceAddressBook")
4190.         (require-entitlement "com.apple.Contacts.database-allow")
4191.     )
4192.     (require-all
4193.         (extension "com.apple.sandbox.application-group")
4194.         (subpath-prefix "${HOME}")
4195.         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
4196.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
4197.     )
4198.     (require-all
4199.         (subpath-prefix "${FRONT_USER_HOME}")
4200.         (extension "com.apple.fileprovider.read-write")
4201.         (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Application Support/Collaboration/com.apple.iWork/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Application Support/Collaboration/com.apple.iWork/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Application Support/Collaboration/com.apple.iWork/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Application Support/Collaboration/com.apple.iWork/")
4202.     )
4203.     (require-all
4204.         (require-not (literal-prefix "${HOME}/Library/Preferences/com.apple.springboard.plist"))
4205.         (require-not (regex #"^/private/var/mobile/Library/Caches/GeoServices/tguid[.]bin$" #"^/private/var/euser[0-9]+/Library/Caches/GeoServices/tguid[.]bin$" #"^/private/var/[-0-9A-F]+/Library/Caches/GeoServices/tguid[.]bin$" #"^/private/var/Users/[^/]+/Library/Caches/GeoServices/tguid[.]bin$"))
4206.         (require-not (literal-prefix "${HOME}/Library/Caches/DateFormats.plist"))
4207.         (require-any
4208.             (require-all
4209.                 (vnode-type BLOCK-DEVICE)
4210.                 (vnode-type CHARACTER-DEVICE)
4211.                 (require-any
4212.                     (require-entitlement "com.apple.itunesstored.private")
4213.                     (require-all
4214.                         (literal-prefix "${HOME}/Library/Preferences/com.apple.mobilephone.speeddial.plist")
4215.                         (require-entitlement "com.apple.private.contactsui")
4216.                     )
4217.                 )
4218.             )
4219.             (require-all
4220.                 (subpath-prefix "${FRONT_USER_HOME}")
4221.                 (extension "com.apple.classkit.read-write")
4222.                 (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/ProgressKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/ProgressKit$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/ClassKit/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/Caches/ClassKit$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/(Progre|Cla)ssKit/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Library/Caches/(Progre|Cla)ssKit$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/(Progre|Cla)ssKit/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Library/Caches/(Progre|Cla)ssKit$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/(Progre|Cla)ssKit/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Library/Caches/(Progre|Cla)ssKit$")
4223.             )
4224.             (require-all
4225.                 (subpath-prefix "${HOME}/Library/Mobile Documents")
4226.                 (require-any
4227.                     (extension "com.apple.librarian.ubiquity-container")
4228.                     (require-entitlement "com.apple.private.librarian.container-proxy")
4229.                 )
4230.             )
4231.             (require-all
4232.                 (vnode-type REGULAR-FILE)
4233.                 (extension "com.apple.revisiond.staging")
4234.                 (require-any
4235.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
4236.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
4237.                 )
4238.             )
4239.             (require-all
4240.                 (vnode-type DIRECTORY)
4241.                 (extension "com.apple.revisiond.staging")
4242.                 (require-any
4243.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
4244.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
4245.                 )
4246.             )
4247.             (require-all
4248.                 (vnode-type SYMLINK)
4249.                 (extension "com.apple.revisiond.staging")
4250.                 (require-any
4251.                     (subpath-prefix "${FRONT_USER_HOME}/.DocumentRevisions-V100/staging")
4252.                     (subpath "/private/var/.DocumentRevisions-V100/staging")
4253.                 )
4254.             )
4255.             (require-all
4256.                 (extension "com.apple.sandbox.system-container")
4257.                 (require-entitlement "com.apple.security.system-container")
4258.             )
4259.             (require-all
4260.                 (extension "com.apple.sandbox.system-group")
4261.                 (require-any
4262.                     (require-all
4263.                         (require-entitlement "com.apple.security.system-group-containers")
4264.                         (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/[.]com[.]apple[.]")
4265.                         (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/")
4266.                     )
4267.                     (require-all
4268.                         (require-entitlement "com.apple.security.system-groups")
4269.                         (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/[.]com[.]apple[.]")
4270.                         (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/")
4271.                     )
4272.                 )
4273.             )
4274.         )
4275.     )
4276.     (require-all
4277.         (require-entitlement "com.apple.private.signing-identifier"
4278.             (require-any
4279.                 (require-all
4280.                     (subpath-prefix "${HOME}")
4281.                     (require-any
4282.                         (require-all
4283.                             (entitlement-value "com.apple.Music")
4284.                             (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMusicSync" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMusicSync" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMusicSync" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMusicSync")
4285.                         )
4286.                         (require-all
4287.                             (entitlement-value "com.apple.mobilemail")
4288.                             (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMail" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMail" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMail" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoPreferencesSync/NanoDomains/com[.]apple[.]NanoMail")
4289.                         )
4290.                         (require-all
4291.                             (entitlement-value "com.apple.Maps")
4292.                             (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps$" #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps/" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps$" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps/" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps$" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps/" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps$" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+/NanoMaps/")
4293.                         )
4294.                         (require-all
4295.                             (entitlement-value "com.apple.WebContentFilter.remoteUI.WebContentAnalysisUI")
4296.                             (regex #"^/private/var/mobile/Library/Preferences/com.apple.restrictionspassword.plist" #"^/private/var/euser[0-9]+/Library/Preferences/com.apple.restrictionspassword.plist" #"^/private/var/[-0-9A-F]+/Library/Preferences/com.apple.restrictionspassword.plist" #"^/private/var/Users/[^/]+/Library/Preferences/com.apple.restrictionspassword.plist")
4297.                         )
4298.                     )
4299.                 )
4300.                 (require-all
4301.                     (subpath-prefix "${FRONT_USER_HOME}")
4302.                     (entitlement-value "com.apple.SafariViewService")
4303.                     (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/SystemData/com.apple.SafariViewService$")
4304.                 )
4305.                 (require-all
4306.                     (entitlement-value "com.apple.Music")
4307.                     (require-any
4308.                         (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioRequestURLCache")
4309.                         (subpath-prefix "${HOME}/Library/Caches/sharedCaches/com.apple.Radio.RadioImageCache")
4310.                     )
4311.                 )
4312.                 (require-all
4313.                     (subpath-prefix "${HOME}/Library/WebClips")
4314.                     (require-any
4315.                         (entitlement-value "com.apple.mobilesafari")
4316.                         (entitlement-value "com.apple.webapp")
4317.                     )
4318.                 )
4319.                 (require-all
4320.                     (entitlement-value "com.apple.mobilesafari")
4321.                     (require-any
4322.                         (subpath-prefix "${HOME}/Library/Caches/com.apple.parsecd/CustomFeedback/SafariAutoFill")
4323.                         (subpath-prefix "${HOME}/Library/Caches/com.apple.parsecd/CustomFeedback/SafariAutoPlay")
4324.                     )
4325.                 )
4326.                 (require-all
4327.                     (subpath-prefix "${HOME}/Library/Cookies")
4328.                     (require-any
4329.                         (entitlement-value "com.apple.mobilesafari")
4330.                         (entitlement-value "com.apple.webbookmarksd")
4331.                         (entitlement-value "com.apple.safarifetcherd")
4332.                         (entitlement-value "com.apple.Safari.SocialHelper")
4333.                     )
4334.                 )
4335.                 (require-all
4336.                     (subpath-prefix "${HOME}/Library/Safari")
4337.                     (require-any
4338.                         (entitlement-value "com.apple.mobilesafari")
4339.                         (entitlement-value "com.apple.webbookmarksd")
4340.                         (entitlement-value "com.apple.safarifetcherd")
4341.                         (entitlement-value "com.apple.Safari.SocialHelper")
4342.                         (entitlement-value "com.apple.mobilemail")
4343.                         (entitlement-value "com.apple.mobilenotes")
4344.                     )
4345.                 )
4346.                 (require-all
4347.                     (require-any
4348.                         (literal-prefix "${HOME}/Library/Caches/com.apple.notes.objectcreation.lock")
4349.                         (literal-prefix "${HOME}/Library/Caches/com.apple.notes.sharedstore.lock")
4350.                     )
4351.                     (require-any
4352.                         (entitlement-value "com.apple.mobilemail")
4353.                         (entitlement-value "com.apple.mobilenotes")
4354.                     )
4355.                 )
4356.                 (require-all
4357.                     (subpath-prefix "${HOME}/Library/Notes")
4358.                     (require-any
4359.                         (entitlement-value "com.apple.mobilemail")
4360.                         (entitlement-value "com.apple.mobilenotes")
4361.                     )
4362.                 )
4363.                 (require-all
4364.                     (entitlement-value "com.apple.mobilemail")
4365.                     (require-any
4366.                         (literal-prefix "${FRONT_USER_HOME}/Library/Logs/PersistentConnection/com.apple.mobilemail")
4367.                         (literal-prefix "${FRONT_USER_HOME}/Library/Logs/CrashReporter/PersistentConnection/com.apple.mobilemail")
4368.                     )
4369.                 )
4370.                 (require-all
4371.                     (subpath-prefix "${HOME}/Library/Calendar")
4372.                     (entitlement-value "com.apple.mobilemail")
4373.                 )
4374.                 (require-all
4375.                     (subpath-prefix "${HOME}/Library/DataAccess")
4376.                     (entitlement-value "com.apple.mobilemail")
4377.                 )
4378.                 (require-all
4379.                     (subpath-prefix "${HOME}/Library/Logs/Mail")
4380.                     (entitlement-value "com.apple.mobilemail")
4381.                 )
4382.                 (require-all
4383.                     (subpath-prefix "${HOME}/Library/Mail")
4384.                     (entitlement-value "com.apple.mobilemail")
4385.                 )
4386.                 (require-all
4387.                     (entitlement-value "com.apple.Maps")
4388.                     (require-any
4389.                         (regex #"^/private/var/containers/Bundle/[^/]+/[-0-9A-Z]+/GeoJSON")
4390.                         (subpath-prefix "${HOME}/Library/SMS")
4391.                     )
4392.                 )
4393.             )
4394.         )
4395.     )
4396. )
4397. (allow file-write-create
4398.     (require-all
4399.         (vnode-type DIRECTORY)
4400.         (require-any
4401.             (literal-prefix "${HOME}/Library/Mobile Documents")
4402.             (require-all
4403.                 (literal-prefix "${HOME}/Library/DeviceRegistry")
4404.                 (process-attribute 4)
4405.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
4406.             )
4407.             (require-all
4408.                 (regex #"^/private/var/mobile/Library/DeviceRegistry/[-0-9A-Z]+$" #"^/private/var/euser[0-9]+/Library/DeviceRegistry/[-0-9A-Z]+$" #"^/private/var/[-0-9A-F]+/Library/DeviceRegistry/[-0-9A-Z]+$" #"^/private/var/Users/[^/]+/Library/DeviceRegistry/[-0-9A-Z]+$")
4409.                 (require-any
4410.                     (require-all
4411.                         (require-any
4412.                             (literal-prefix "${HOME}/Library/com.apple.iTunesStore")
4413.                             (literal-prefix "${HOME}/Library/com.apple.iTunesStore/LocalStorage")
4414.                         )
4415.                         (require-any
4416.                             (require-entitlement "com.apple.private.signing-identifier"
4417.                                 (require-any
4418.                                     (entitlement-value "com.apple.mobilesafari")
4419.                                     (require-any
4420.                                         (entitlement-value "com.apple.iBooks")
4421.                                         (entitlement-value "com.apple.itunesu")
4422.                                     )
4423.                                 )
4424.                             )
4425.                             (require-entitlement "com.apple.container2")
4426.                         )
4427.                     )
4428.                     (require-all
4429.                         (vnode-type DIRECTORY)
4430.                         (literal-prefix "${HOME}/Library/Caches/com.apple.DictionaryServices")
4431.                     )
4432.                     (require-all
4433.                         (require-all
4434.                             (require-not (literal-prefix "${HOME}/Library/Preferences/com.apple.Accessibility.plist"))
4435.                             (require-not (literal-prefix "${HOME}/Library/Preferences/com.apple.UIKit.plist"))
4436.                         )
4437.                         (vnode-type DIRECTORY)
4438.                         (require-any
4439.                             (literal-prefix "${HOME}/Library/Mobile Documents")
4440.                             (require-all
4441.                                 (literal-prefix "${HOME}/Library/Caches/sharedCaches")
4442.                                 (require-entitlement "com.apple.itunesstored.private")
4443.                             )
4444.                         )
4445.                     )
4446.                     (require-all
4447.                         (require-entitlement "com.apple.private.signing-identifier"
4448.                             (require-any
4449.                                 (require-all
4450.                                     (literal-prefix "${HOME}/Library/Caches/sharedCaches")
4451.                                     (entitlement-value "com.apple.Music")
4452.                                 )
4453.                                 (require-all
4454.                                     (literal-prefix "${HOME}/Library/Caches")
4455.                                     (require-any
4456.                                         (entitlement-value "com.apple.mobilemail")
4457.                                         (entitlement-value "com.apple.mobilenotes")
4458.                                     )
4459.                                 )
4460.                                 (require-all
4461.                                     (entitlement-value "com.apple.mobilemail")
4462.                                     (require-any
4463.                                         (literal-prefix "${FRONT_USER_HOME}/Library/Logs/PersistentConnection")
4464.                                         (literal-prefix "${FRONT_USER_HOME}/Library/Logs/CrashReporter/PersistentConnection")
4465.                                     )
4466.                                 )
4467.                                 (require-all
4468.                                     (literal-prefix "${HOME}/Library/Caches/com.apple.storeservices")
4469.                                     (entitlement-value "com.apple.ios.StoreKitUIService")
4470.                                 )
4471.                             )
4472.                         )
4473.                     )
4474.                     (require-all
4475.                         (require-entitlement "com.apple.private.signing-identifier"
4476.                             (entitlement-value "com.apple.mobilemail")
4477.                             (require-any
4478.                                 (literal-prefix "${HOME}/Library/Preferences/com.apple.AOSNotification.launchd")
4479.                                 (literal-prefix "${HOME}/Library/Preferences/com.apple.dataaccess.launchd")
4480.                             )
4481.                         )
4482.                     )
4483.                 )
4484.             )
4485.         )
4486.     )
4487.     (require-all
4488.         (require-not (literal-prefix "${HOME}/Library/Logs/CrashReporter/CFNetwork_"))
4489.         (require-any
4490.             (require-all
4491.                 (vnode-type DIRECTORY)
4492.                 (require-any
4493.                     (require-all
4494.                         (require-any
4495.                             (literal-prefix "${HOME}/Library/com.apple.iTunesStore")
4496.                             (literal-prefix "${HOME}/Library/com.apple.iTunesStore/LocalStorage")
4497.                         )
4498.                         (require-any
4499.                             (require-entitlement "com.apple.private.signing-identifier"
4500.                                 (require-any
4501.                                     (entitlement-value "com.apple.mobilesafari")
4502.                                     (require-any
4503.                                         (entitlement-value "com.apple.iBooks")
4504.                                         (entitlement-value "com.apple.itunesu")
4505.                                     )
4506.                                 )
4507.                             )
4508.                             (require-entitlement "com.apple.container2")
4509.                         )
4510.                     )
4511.                     (require-all
4512.                         (require-entitlement "com.apple.private.signing-identifier"
4513.                             (require-any
4514.                                 (require-all
4515.                                     (literal-prefix "${HOME}/Library/Caches/sharedCaches")
4516.                                     (entitlement-value "com.apple.Music")
4517.                                 )
4518.                                 (require-all
4519.                                     (literal-prefix "${HOME}/Library/Caches")
4520.                                     (require-any
4521.                                         (entitlement-value "com.apple.mobilemail")
4522.                                         (entitlement-value "com.apple.mobilenotes")
4523.                                     )
4524.                                 )
4525.                                 (require-all
4526.                                     (entitlement-value "com.apple.mobilemail")
4527.                                     (require-any
4528.                                         (literal-prefix "${FRONT_USER_HOME}/Library/Logs/PersistentConnection")
4529.                                         (literal-prefix "${FRONT_USER_HOME}/Library/Logs/CrashReporter/PersistentConnection")
4530.                                     )
4531.                                 )
4532.                                 (require-all
4533.                                     (literal-prefix "${HOME}/Library/Caches/com.apple.storeservices")
4534.                                     (entitlement-value "com.apple.ios.StoreKitUIService")
4535.                                 )
4536.                             )
4537.                         )
4538.                     )
4539.                 )
4540.             )
4541.             (require-all
4542.                 (vnode-type DIRECTORY)
4543.                 (literal-prefix "${HOME}/Library/Caches/com.apple.DictionaryServices")
4544.             )
4545.             (require-all
4546.                 (require-all
4547.                     (require-not (literal-prefix "${HOME}/Library/Preferences/com.apple.Accessibility.plist"))
4548.                     (require-not (literal-prefix "${HOME}/Library/Preferences/com.apple.UIKit.plist"))
4549.                 )
4550.                 (vnode-type DIRECTORY)
4551.                 (require-any
4552.                     (literal-prefix "${HOME}/Library/Mobile Documents")
4553.                     (require-all
4554.                         (literal-prefix "${HOME}/Library/Caches/sharedCaches")
4555.                         (require-entitlement "com.apple.itunesstored.private")
4556.                     )
4557.                 )
4558.             )
4559.             (require-all
4560.                 (require-entitlement "com.apple.private.signing-identifier"
4561.                     (entitlement-value "com.apple.mobilemail")
4562.                     (require-any
4563.                         (literal-prefix "${HOME}/Library/Preferences/com.apple.AOSNotification.launchd")
4564.                         (literal-prefix "${HOME}/Library/Preferences/com.apple.dataaccess.launchd")
4565.                     )
4566.                 )
4567.             )
4568.         )
4569.     )
4570. )
4571. (allow file-write-data
4572.     (literal "/dev/aes_0")
4573.     (require-all
4574.         (vnode-type SOCKET)
4575.         (literal-prefix "${FRONT_USER_HOME}/Library/ExternalAccessory/ea")
4576.     )
4577.     (require-all
4578.         (require-all
4579.             (require-not (literal "/dev/urandom"))
4580.             (require-not (literal "/dev/random"))
4581.         )
4582.         (require-any
4583.             (literal "/dev/dtracehelper")
4584.             (require-any
4585.                 (literal "/dev/zero")
4586.                 (literal "/dev/null")
4587.             )
4588.         )
4589.     )
4590. )
4591. (allow file-write-unlink
4592.     (require-entitlement "com.apple.container2")
4593.     (require-all
4594.         (subpath-prefix "${FRONT_USER_HOME}")
4595.         (extension "com.apple.sandbox.container")
4596.         (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/Inbox/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/Inbox$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Documents/Inbox/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/Documents/Inbox$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Documents/Inbox/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/Documents/Inbox$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Documents/Inbox/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/Documents/Inbox$")
4597.     )
4598.     (require-all
4599.         (require-entitlement "com.apple.private.signing-identifier"
4600.             (entitlement-value "com.apple.mobilemail")
4601.             (require-any
4602.                 (literal-prefix "${HOME}/Library/Preferences/com.apple.AOSNotification.launchd")
4603.                 (literal-prefix "${HOME}/Library/Preferences/com.apple.dataaccess.launchd")
4604.             )
4605.         )
4606.     )
4607.     (require-all
4608.         (require-entitlement "com.apple.private.signing-identifier"
4609.             (require-any
4610.                 (entitlement-value "com.apple.iBooks")
4611.                 (entitlement-value "com.apple.itunesu")
4612.             )
4613.             (require-any
4614.                 (subpath-prefix "${HOME}/Media/Podcasts")
4615.                 (require-all
4616.                     (subpath-prefix "${HOME}/Media/Purchases")
4617.                     (extension "com.apple.tcc.kTCCServiceMediaLibrary")
4618.                 )
4619.             )
4620.         )
4621.     )
4622. )
4623. (allow file-write-xattr
4624.     (regex #"^/private/var/containers/Data/System/[^/]+/" #"^/private/var/containers/Data/System/[^/]+$")
4625.     (require-all
4626.         (xattr "com.apple.metadata:com_apple_backup_excludeItem")
4627.         (require-any
4628.             (require-all
4629.                 (extension "com.apple.sandbox.system-container")
4630.                 (require-entitlement "com.apple.security.system-container")
4631.             )
4632.             (require-all
4633.                 (extension "com.apple.sandbox.system-group")
4634.                 (require-any
4635.                     (require-entitlement "com.apple.security.system-groups")
4636.                     (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/" #"^/private/var/containers/Shared/SystemGroup/[^/]+$")
4637.                     (require-entitlement "com.apple.security.system-group-containers")
4638.                     (regex #"^/private/var/containers/Shared/SystemGroup/[^/]+/" #"^/private/var/containers/Shared/SystemGroup/[^/]+$")
4639.                 )
4640.             )
4641.         )
4642.     )
4643. )
4644. (allow generic-issue-extension
4645.     (require-all
4646.         (require-entitlement "com.apple.private.signing-identifier")
4647.         (require-any
4648.             (extension-class "com.apple.webkit.camera")
4649.             (extension-class "com.apple.webkit.microphone")
4650.             (extension-class "com.apple.webkit.webrtc")
4651.         )
4652.         (entitlement-value "com.apple.mobilesafari")
4653.     )
4654. )
4655. (allow iokit-open
4656.     (iokit-user-client-class "IOMobileFramebufferUserClient")
4657.     (require-any
4658.         (iokit-user-client-class "IOAccelDevice")
4659.         (iokit-user-client-class "IOAccelDevice2")
4660.         (iokit-user-client-class "IOAccelSharedUserClient")
4661.         (iokit-user-client-class "IOAccelSharedUserClient2")
4662.         (iokit-user-client-class "IOAccelSubmitter2")
4663.         (iokit-user-client-class "IOAccelContext")
4664.         (iokit-user-client-class "IOAccelContext2")
4665.     )
4666.     (iokit-user-client-class "IOHIDLibUserClient")
4667.     (iokit-user-client-class "AppleJPEGDriverUserClient")
4668.     (iokit-user-client-class "IOSurfaceAcceleratorClient")
4669.     (iokit-user-client-class "IOSurfaceSendRight")
4670.     (iokit-user-client-class "IOSurfaceRootUserClient")
4671.     (iokit-user-client-class "IOHIDEventServiceFastPathUserClient")
4672.     (iokit-user-client-class "AppleKeyStoreUserClient")
4673.     (extension "com.apple.security.exception.iokit-user-client-class")
4674.     (require-all
4675.         (iokit-user-client-class "AGXDevice")
4676.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
4677.     )
4678.     (require-all
4679.         (iokit-user-client-class "AppleJPEGDriverUserClient")
4680.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
4681.     )
4682.     (require-all
4683.         (iokit-user-client-class "IOSurfaceAcceleratorClient")
4684.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
4685.     )
4686.     (require-all
4687.         (iokit-user-client-class "IOSurfaceRootUserClient")
4688.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
4689.     )
4690.     (require-all
4691.         (iokit-user-client-class "com_apple_driver_FairPlayIOKitUserClient")
4692.         (require-any
4693.             (require-entitlement "com.apple.private.signing-identifier"
4694.                 (require-any
4695.                     (entitlement-value "com.apple.iBooks")
4696.                     (entitlement-value "com.apple.itunesu")
4697.                 )
4698.             )
4699.             (require-entitlement "com.apple.container2")
4700.         )
4701.     )
4702.     (require-all
4703.         (iokit-user-client-class "RootDomainUserClient")
4704.         (require-entitlement "com.apple.private.signing-identifier" (entitlement-value "com.apple.mobilemail"))
4705.     )
4706.     (require-all
4707.         (iokit-user-client-class "AppleMobileFileIntegrityUserClient")
4708.         (require-entitlement "com.apple.private.amfi.can-load-cdhash")
4709.     )
4710.     (require-all
4711.         (iokit-user-client-class "AppleKeyStoreUserClient")
4712.         (require-entitlement "com.apple.private.amfi.can-execute-cdhash")
4713.     )
4714. )
4715. (allow iokit-get-properties
4716.     (iokit-property "IOClass")
4717.     (require-any
4718.         (iokit-property "IOClassNameOverride")
4719.         (iokit-property "IOCFPlugInTypes")
4720.         (iokit-property "IORegistryEntryPropertyKeys")
4721.     )
4722.     (require-entitlement "com.apple.system.diagnostics.iokit-properties")
4723.     (require-all
4724.         (iokit-user-client-class "IOService")
4725.         (require-any
4726.             (require-any
4727.                 (iokit-property "software-behavior")
4728.                 (iokit-property "3d-maps")
4729.                 (iokit-property "3d-imagery")
4730.                 (iokit-property "no-sdio-devices")
4731.                 (iokit-property "navigation")
4732.                 (iokit-property "display-scale")
4733.                 (iokit-property "display-rotation")
4734.                 (iokit-property "decoding")
4735.                 (iokit-property "chip-id")
4736.                 (iokit-property "closed-loop")
4737.                 (iokit-property "video-stills")
4738.                 (iokit-property "video-cap")
4739.                 (iokit-property "rear-slowmo")
4740.                 (iokit-property "rear-max-video-")
4741.                 (iokit-property "rear-max-slomo-video-fps-")
4742.                 (iokit-property "rear-hdr")
4743.                 (iokit-property "rear-hdr-on")
4744.                 (iokit-property "rear-burst")
4745.                 (iokit-property "rear-burst-image-duration")
4746.                 (iokit-property "rear-auto-hdr")
4747.                 (iokit-property "post-effects")
4748.                 (iokit-property "pipelined-stillimage-capability")
4749.                 (iokit-property "pearl-camera")
4750.                 (iokit-property "panorama")
4751.                 (iokit-property "live-photo-capture")
4752.                 (iokit-property "live-effects")
4753.                 (iokit-property "front-max-video-")
4754.                 (iokit-property "front-hdr")
4755.                 (iokit-property "front-hdr-on")
4756.                 (iokit-property "front-flash-capability")
4757.                 (iokit-property "front-burst")
4758.                 (iokit-property "front-burst-image-duration")
4759.                 (iokit-property "front-auto-hdr")
4760.                 (iokit-property "flash")
4761.                 (iokit-property "auto-focus")
4762.                 (iokit-property "aggregate-cam-video-zoom")
4763.                 (iokit-property "adaptive-ui")
4764.                 (iokit-property "tnr-mode")
4765.                 (iokit-property "encoding")
4766.                 (iokit-property "bitrate-")
4767.             )
4768.             (require-any
4769.                 (iokit-property "name")
4770.                 (iokit-property "device_type")
4771.                 (iokit-property "device-type")
4772.                 (iokit-property "Protocol Characteristics")
4773.                 (iokit-property "IOSurfaceAcceleratorCapabilitiesDict")
4774.             )
4775.             (require-all
4776.                 (require-any
4777.                     (iokit-property "unique-chip-id")
4778.                     (iokit-property "uid-aes-key")
4779.                     (iokit-property "AAPL,phandle")
4780.                     (iokit-property "#address-cells")
4781.                     (iokit-property "system-trusted")
4782.                     (iokit-property "software-bundle-version")
4783.                     (iokit-property "security-domain")
4784.                     (iokit-property "secure-boot")
4785.                     (iokit-property "root-matching")
4786.                     (iokit-property "random-seed")
4787.                     (iokit-property "production-cert")
4788.                     (iokit-property "mix-n-match-prevention-status")
4789.                     (iokit-property "mac-address-wifi0")
4790.                     (iokit-property "mac-address-ethernet0")
4791.                     (iokit-property "mac-address-bluetooth0")
4792.                     (iokit-property "image4-supported")
4793.                     (iokit-property "gid-aes-key")
4794.                     (iokit-property "firmware-version")
4795.                     (iokit-property "effective-security-mode-sep")
4796.                     (iokit-property "effective-security-mode-ap")
4797.                     (iokit-property "effective-production-status-sep")
4798.                     (iokit-property "effective-production-status-ap")
4799.                     (iokit-property "dram-vendor")
4800.                     (iokit-property "dram-vendor-id")
4801.                     (iokit-property "die-id")
4802.                     (iokit-property "development-cert")
4803.                     (iokit-property "debug-enabled")
4804.                     (iokit-property "crypto-hash-method")
4805.                     (iokit-property "consistent-debug-root")
4806.                     (iokit-property "chip-epoch")
4807.                     (iokit-property "certificate-security-mode")
4808.                     (iokit-property "certificate-production-status")
4809.                     (iokit-property "bootp-response")
4810.                     (iokit-property "boot-nonce")
4811.                     (iokit-property "board-id")
4812.                 )
4813.                 (require-any
4814.                     (require-entitlement "fairplay-client")
4815.                     (require-not (require-entitlement "com.apple.private.MobileGestalt.AllowedProtectedKeys"))
4816.                     (require-entitlement "com.apple.system.get-hardware-identifiers")
4817.                 )
4818.             )
4819.             (require-all
4820.                 (iokit-property "boot-manifest-hash")
4821.                 (require-any
4822.                     (require-entitlement "fairplay-client")
4823.                     (require-not (require-entitlement "com.apple.private.MobileGestalt.AllowedProtectedKeys"))
4824.                     (require-entitlement "com.apple.system.get-hardware-identifiers")
4825.                 )
4826.             )
4827.         )
4828.     )
4829.     (require-all
4830.         (iokit-property "SupportAlwaysOnCompass")
4831.         (iokit-user-client-class "AppleSPUHIDDriver")
4832.     )
4833.     (require-all
4834.         (iokit-user-client-class "IONetworkInterface")
4835.         (require-any
4836.             (require-any
4837.                 (iokit-property "BSD Name")
4838.                 (iokit-property "InterfaceRole")
4839.                 (iokit-property "IORequiredPacketFilters")
4840.                 (iokit-property "IO80211Band")
4841.                 (iokit-property "IO80211Channel")
4842.                 (iokit-property "IO80211ChannelFrequency")
4843.                 (iokit-property "IO80211ChannelBandwidth")
4844.                 (iokit-property "IO80211RSNDone")
4845.                 (iokit-property "IOPrimaryInterface")
4846.                 (iokit-property "IONetworkRootType")
4847.                 (iokit-property "IONetworkData")
4848.                 (iokit-property "IOMediaHeaderLength")
4849.                 (iokit-property "IOMediaAddressLength")
4850.                 (iokit-property "IOMaxTransferUnit")
4851.                 (iokit-property "IOLocation")
4852.                 (iokit-property "IOInterfaceUnit")
4853.                 (iokit-property "IOInterfaceType")
4854.                 (iokit-property "IOInterfaceState")
4855.                 (iokit-property "IOInterfaceNamePrefix")
4856.                 (iokit-property "IOInterfaceFlags")
4857.                 (iokit-property "IOInterfaceExtraFlags")
4858.                 (iokit-property "IOControllerEnabled")
4859.                 (iokit-property "IOBuiltin")
4860.                 (iokit-property "IOActivePacketFilters")
4861.                 (iokit-property "NetworkConfigurationOverrides")
4862.             )
4863.             (require-any
4864.                 (iokit-property "IOProviderClass")
4865.                 (iokit-property "IOFeatures")
4866.             )
4867.         )
4868.     )
4869.     (require-all
4870.         (iokit-user-client-class "IONetworkController")
4871.         (require-any
4872.             (require-any
4873.                 (iokit-property "CFBundleIdentifier")
4874.                 (iokit-property "IOLinkSpeed")
4875.                 (iokit-property "IOLinkStatus")
4876.                 (iokit-property "IOPropertyMatch")
4877.                 (iokit-property "IOMinPacketSize")
4878.                 (iokit-property "IOMaxPacketSize")
4879.             )
4880.             (iokit-property "IOClass")
4881.             (require-any
4882.                 (iokit-property "IOProviderClass")
4883.                 (iokit-property "IOFeatures")
4884.             )
4885.         )
4886.     )
4887.     (require-all
4888.         (iokit-connection "AppleSynopsysOTGDevice")
4889.         (require-any
4890.             (iokit-property "idProduct")
4891.             (iokit-property "idVendor")
4892.             (iokit-property "Product Name")
4893.             (iokit-property "kUSBProductString")
4894.         )
4895.     )
4896.     (require-all
4897.         (iokit-property "Size")
4898.         (iokit-user-client-class "IOMedia")
4899.     )
4900.     (require-all
4901.         (iokit-user-client-class "IOPlatformDevice")
4902.         (require-any
4903.             (require-any
4904.                 (iokit-property "artwork-device-idiom")
4905.                 (iokit-property "artwork-device-subtype")
4906.                 (iokit-property "artwork-display-gamut")
4907.                 (iokit-property "artwork-dynamic-displaymode")
4908.                 (iokit-property "artwork-scale-factor")
4909.                 (iokit-property "thin-bezel")
4910.                 (iokit-property "product-id")
4911.                 (iokit-property "product-description")
4912.                 (iokit-property "offline-dictation")
4913.                 (iokit-property "location-reminders")
4914.                 (iokit-property "large-format-phone")
4915.                 (iokit-property "gps-capable")
4916.                 (iokit-property "graphics-featureset-fallbacks")
4917.                 (iokit-property "graphics-featureset-class")
4918.                 (iokit-property "dictation")
4919.                 (iokit-property "device-colors")
4920.                 (iokit-property "device-perf-memory-class")
4921.                 (iokit-property "car-integration")
4922.                 (iokit-property "compatible-device-fallback")
4923.             )
4924.             (iokit-property "watch-companion")
4925.         )
4926.     )
4927.     (require-all
4928.         (iokit-property "emu")
4929.         (iokit-user-client-class "IODTNVRAM")
4930.     )
4931.     (require-all
4932.         (iokit-property "home-button-type")
4933.         (iokit-user-client-class "IOPlatformDevice")
4934.     )
4935.     (require-all
4936.         (iokit-user-client-class "AppleARMIODevice")
4937.         (require-any
4938.             (iokit-property "camera-front")
4939.             (iokit-property "camera-rear")
4940.         )
4941.     )
4942.     (require-all
4943.         (iokit-property "soc-generation")
4944.         (process-attribute 4)
4945.         (iokit-user-client-class "IOPlatformDevice")
4946.     )
4947.     (require-all
4948.         (iokit-user-client-class "IOPlatformDevice")
4949.         (require-any
4950.             (iokit-property "compatible")
4951.             (iokit-property "iommu-present")
4952.         )
4953.     )
4954.     (require-all
4955.         (iokit-connection "IOPMPowerSource")
4956.         (require-any
4957.             (iokit-property "AdapterInfo")
4958.             (iokit-property "AtCriticalLevel")
4959.             (iokit-property "Voltage")
4960.             (iokit-property "MaxCapacity")
4961.             (iokit-property "IsCharging")
4962.             (iokit-property "FullyCharged")
4963.             (iokit-property "ExternalConnected")
4964.             (iokit-property "ExternalChargeCapable")
4965.             (iokit-property "CurrentCapacity")
4966.             (iokit-property "CapacityEstimated")
4967.             (iokit-property "BatteryInstalled")
4968.         )
4969.     )
4970.     (require-all
4971.         (require-any
4972.             (iokit-property "battery-data")
4973.             (iokit-property "BatteryData")
4974.             (iokit-property "Serial")
4975.         )
4976.         (require-entitlement "fairplay-client")
4977.         (iokit-connection "IOPMPowerSource")
4978.     )
4979.     (require-all
4980.         (iokit-user-client-class "IOPlatformExpertDevice")
4981.         (require-any
4982.             (require-any
4983.                 (iokit-property "model")
4984.                 (iokit-property "region-info")
4985.                 (iokit-property "regulatory-model-number")
4986.             )
4987.             (require-any
4988.                 (iokit-property "model-number")
4989.                 (iokit-property "platform-name")
4990.             )
4991.         )
4992.     )
4993.     (require-all
4994.         (iokit-user-client-class "IOMobileFramebuffer")
4995.         (require-any
4996.             (require-any
4997.                 (iokit-property "AppleTV")
4998.                 (iokit-property "appleTV-VID0")
4999.                 (iokit-property "appleTV-VID1")
5000.             )
5001.             (require-any
5002.                 (iokit-property "DisplayPipePlaneBaseAlignment")
5003.                 (iokit-property "DisplayPipeStrideRequirements")
5004.                 (iokit-property "hdcp-hoover-protocol")
5005.             )
5006.             (iokit-property "PerformanceStatistics")
5007.         )
5008.     )
5009.     (require-all
5010.         (require-any
5011.             (iokit-property "ForceSupported")
5012.             (iokit-property "SupportTapToWake")
5013.         )
5014.         (require-any
5015.             (iokit-user-client-class "AppleMultitouchSPI")
5016.             (iokit-user-client-class "AppleMultitouchDevice")
5017.         )
5018.     )
5019.     (require-all
5020.         (iokit-property "AppleJPEG")
5021.         (iokit-user-client-class "AppleJPEGDriver")
5022.     )
5023.     (require-all
5024.         (iokit-property "HEVCSupported")
5025.         (iokit-user-client-class "AppleD5500")
5026.     )
5027.     (require-all
5028.         (iokit-user-client-class "AppleARMIICDevice")
5029.         (require-any
5030.             (iokit-property "als-colorCfg")
5031.             (iokit-property "noMultiColorSupport")
5032.         )
5033.     )
5034.     (require-all
5035.         (iokit-user-client-class "IOAcceleratorES")
5036.         (require-any
5037.             (require-any
5038.                 (iokit-property "AGXParameterBufferMaxSize")
5039.                 (iokit-property "InternalStatistics")
5040.                 (iokit-property "InternalStatisticsAccm")
5041.                 (iokit-property "PerformanceStatisticsAccum")
5042.                 (iokit-property "MetalStatisticsName")
5043.             )
5044.             (require-any
5045.                 (iokit-property "BaseAddressAlignmentRequirement")
5046.                 (iokit-property "IOGLES")
5047.                 (iokit-property "MetalPluginClassName")
5048.                 (iokit-property "MetalPluginName")
5049.             )
5050.             (iokit-property "PerformanceStatistics")
5051.         )
5052.     )
5053.     (require-all
5054.         (iokit-property "udid-version")
5055.         (require-any
5056.             (require-entitlement "fairplay-client")
5057.             (require-not (require-entitlement "com.apple.private.MobileGestalt.AllowedProtectedKeys"))
5058.             (require-entitlement "com.apple.system.get-hardware-identifiers")
5059.         )
5060.     )
5061.     (require-all
5062.         (require-any
5063.             (iokit-property "root-ticket-hash")
5064.             (iokit-property "backlight-marketing-table")
5065.             (iokit-property "device-imei")
5066.             (iokit-property "IOCPUID")
5067.         )
5068.         (require-any
5069.             (require-entitlement "fairplay-client")
5070.             (require-not (require-entitlement "com.apple.private.MobileGestalt.AllowedProtectedKeys"))
5071.             (require-entitlement "com.apple.system.get-hardware-identifiers")
5072.         )
5073.     )
5074.     (require-all
5075.         (iokit-property-regex #"die-id$" #"chip-id$" #"board-id$" #".+((die|chip)|board)-id$")
5076.         (require-any
5077.             (require-entitlement "fairplay-client")
5078.             (require-not (require-entitlement "com.apple.private.MobileGestalt.AllowedProtectedKeys"))
5079.             (require-entitlement "com.apple.system.get-hardware-identifiers")
5080.         )
5081.     )
5082.     (require-all
5083.         (iokit-connection "AppleSynopsysOTGDevice")
5084.         (require-any
5085.             (require-entitlement "fairplay-client")
5086.             (require-not (require-entitlement "com.apple.private.MobileGestalt.AllowedProtectedKeys"))
5087.             (require-entitlement "com.apple.system.get-hardware-identifiers")
5088.         )
5089.     )
5090.     (require-all
5091.         (iokit-property "boot-manifest-hash")
5092.         (require-any
5093.             (require-entitlement "fairplay-client")
5094.             (require-not (require-entitlement "com.apple.private.MobileGestalt.AllowedProtectedKeys"))
5095.             (require-entitlement "com.apple.system.get-hardware-identifiers")
5096.         )
5097.     )
5098.     (require-all
5099.         (require-any
5100.             (iokit-property "IOAccessoryBatteryPack")
5101.             (iokit-property "IOAccessoryDigitalID")
5102.             (iokit-property "IOAccessoryInterfaceDeviceInfo")
5103.             (iokit-property "IOAccessoryID")
5104.             (iokit-property "IOAccessoryManagerType")
5105.             (iokit-property "IODeviceMemory")
5106.             (iokit-property "config-number")
5107.             (iokit-property "controllers")
5108.             (iokit-property "AppleDiagnostic")
5109.             (iokit-property "CrashReporter-ID")
5110.             (iokit-property "Device Characteristics")
5111.         )
5112.         (require-any
5113.             (require-entitlement "fairplay-client")
5114.             (require-not (require-entitlement "com.apple.private.MobileGestalt.AllowedProtectedKeys"))
5115.             (require-entitlement "com.apple.system.get-hardware-identifiers")
5116.         )
5117.     )
5118.     (require-all
5119.         (iokit-property-regex #"[Cc]alibration" #".+[Cc]alibration")
5120.         (require-any
5121.             (require-entitlement "fairplay-client")
5122.             (require-not (require-entitlement "com.apple.private.MobileGestalt.AllowedProtectedKeys"))
5123.             (require-entitlement "com.apple.system.get-hardware-identifiers")
5124.         )
5125.     )
5126.     (require-all
5127.         (iokit-property-regex #"UUID" #"-uuid" #".+UUID" #".+-uuid")
5128.         (require-any
5129.             (require-entitlement "fairplay-client")
5130.             (require-not (require-entitlement "com.apple.private.MobileGestalt.AllowedProtectedKeys"))
5131.             (require-entitlement "com.apple.system.get-hardware-identifiers")
5132.         )
5133.     )
5134.     (require-all
5135.         (iokit-property-regex #"serial-number" #"SerialNum" #"-snum" #".+serial-number" #".+SerialNum" #".+-snum")
5136.         (require-any
5137.             (require-entitlement "fairplay-client")
5138.             (require-not (require-entitlement "com.apple.private.MobileGestalt.AllowedProtectedKeys"))
5139.             (require-entitlement "com.apple.system.get-hardware-identifiers")
5140.         )
5141.     )
5142.     (require-all
5143.         (iokit-property "IOMACAddress")
5144.         (require-any
5145.             (require-entitlement "fairplay-client")
5146.             (require-not (require-entitlement "com.apple.private.MobileGestalt.AllowedProtectedKeys"))
5147.             (require-entitlement "com.apple.system.get-hardware-identifiers")
5148.             (require-entitlement "com.apple.wifi.manager-access")
5149.         )
5150.     )
5151.     (require-all
5152.         (iokit-property-regex #"-mac-address" #"mac-address-" #".+-mac-address" #".+mac-address-")
5153.         (require-any
5154.             (require-entitlement "fairplay-client")
5155.             (require-not (require-entitlement "com.apple.private.MobileGestalt.AllowedProtectedKeys"))
5156.             (require-entitlement "com.apple.system.get-hardware-identifiers")
5157.             (require-entitlement "com.apple.wifi.manager-access")
5158.         )
5159.     )
5160.     (require-all
5161.         (iokit-property "client")
5162.         (iokit-user-client-class "IOHIDEventServiceFastPathUserClient")
5163.     )
5164.     (require-all
5165.         (iokit-user-client-class "IOHIDEventServiceFastPathUserClient")
5166.         (require-any
5167.             (iokit-property "interval")
5168.             (iokit-property "mode")
5169.             (iokit-property "useMag")
5170.             (iokit-property "QueueSize")
5171.         )
5172.     )
5173.     (require-all
5174.         (iokit-property "gyro-interrupt-calibration")
5175.         (require-any
5176.             (iokit-user-client-class "AppleOscarNub")
5177.             (iokit-user-client-class "AppleSPUHIDInterface")
5178.         )
5179.     )
5180. )
5181. (allow ipc-posix-sem*
5182.     (semaphore-owner self)
5183.     (require-all
5184.         (extension "com.apple.sandbox.application-group")
5185.         (require-entitlement "com.apple.private.amfi.can-execute-cdhash")
5186.     )
5187. )
5188. (allow ipc-posix-sem-open (ipc-posix-name "containermanagerd.fb_check"))
5189. (allow ipc-posix-shm*
5190.     (require-any
5191.         (ipc-posix-name "stack-logs")
5192.         (ipc-posix-name "OA-")
5193.         (ipc-posix-name "/FSM-")
5194.     )
5195.     (require-all
5196.         (extension "com.apple.sandbox.application-group")
5197.         (require-entitlement "com.apple.private.amfi.can-execute-cdhash")
5198.     )
5199. )
5200. (allow ipc-posix-shm-read*
5201.     (ipc-posix-name-regex #"^gdt-[0-9A-Za-z]+-c$" #"^gdt-[0-9A-Za-z]+-s$")
5202.     (require-any
5203.         (ipc-posix-name "apple.shm.notification_center")
5204.         (ipc-posix-name "apple.cfprefs.")
5205.     )
5206.     (ipc-posix-name-regex #"^Apple MIDI in [0-9]+$" #"^Apple MIDI out [0-9]+$")
5207.     (require-all
5208.         (ipc-posix-name-regex #"^AppleABL[.]." #"^AppleABL[.].+")
5209.         (require-entitlement "inter-app-audio")
5210.     )
5211. )
5212. (allow ipc-posix-shm-write-create (ipc-posix-name-regex #"^/mono[.][0-9]+$"))
5213. (allow ipc-posix-shm-write-data
5214.     (ipc-posix-name-regex #"^gdt-[0-9A-Za-z]+-c$" #"^gdt-[0-9A-Za-z]+-s$")
5215.     (ipc-posix-name-regex #"^Apple MIDI in [0-9]+$" #"^Apple MIDI out [0-9]+$")
5216.     (require-all
5217.         (ipc-posix-name-regex #"^AppleABL[.]." #"^AppleABL[.].+")
5218.         (require-entitlement "inter-app-audio")
5219.     )
5220. )
5221. (allow ipc-posix-shm-write-unlink (ipc-posix-name-regex #"^gdt-[0-9A-Za-z]+-c$" #"^gdt-[0-9A-Za-z]+-s$"))
5222. (allow mach-cross-domain-lookup)
5223. (allow mach-lookup
5224.     (global-name "com.apple.cache_delete.public")
5225.     (global-name "com.apple.itunescloudd.xpc")
5226.     (global-name "com.apple.itunesstored.xpc")
5227.     (global-name "com.apple.audio.AudioSession")
5228.     (global-name "com.apple.springboard.backgroundappservices")
5229.     (require-any
5230.         (global-name "com.apple.fig.movie")
5231.         (global-name "com.apple.coremedia.player.xpc")
5232.         (global-name "com.apple.coremedia.visualcontext.xpc")
5233.     )
5234.     (global-name "com.apple.mediaserverd")
5235.     (global-name "com.apple.coremedia.admin")
5236.     (require-any
5237.         (global-name "com.apple.coremedia.asset")
5238.         (global-name "com.apple.coremedia.asset.xpc")
5239.         (global-name "com.apple.coremedia.customurlloader.xpc")
5240.         (global-name "com.apple.coremedia.figcontentkeysession.xpc")
5241.     )
5242.     (34 a9b3 9e84 5cf8)
5243.     (require-any
5244.         (global-name "com.apple.coremedia.assetcacheinspector")
5245.         (global-name "com.apple.coremedia.audiodeviceclock.xpc")
5246.         (global-name "com.apple.coremedia.audioprocessingtap.xpc")
5247.         (global-name "com.apple.coremedia.capturesession")
5248.         (global-name "com.apple.coremedia.capturesource")
5249.         (global-name "com.apple.coremedia.recorder")
5250.         (global-name "com.apple.coremedia.routediscoverer.xpc")
5251.         (global-name "com.apple.coremedia.routingcontext.xpc")
5252.         (global-name "com.apple.coremedia.samplebufferaudiorenderer.xpc")
5253.         (global-name "com.apple.coremedia.samplebufferrendersynchronizer.xpc")
5254.         (global-name "com.apple.coremedia.systemcontroller.xpc")
5255.         (global-name "com.apple.coremedia.videocompositor")
5256.         (global-name "com.apple.coremedia.volumecontroller.xpc")
5257.     )
5258.     (require-any
5259.         (global-name "com.apple.coremedia.assetimagegenerator")
5260.         (global-name "com.apple.coremedia.assetimagegenerator.xpc")
5261.         (global-name "com.apple.coremedia.formatreader.xpc")
5262.         (global-name "com.apple.coremedia.remotequeue")
5263.     )
5264.     (global-name "com.apple.fairplayd")
5265.     (34 ce90 9e84 5cfc)
5266.     (require-any
5267.         (global-name "com.apple.WebBookmarks.webbookmarksd")
5268.         (global-name "com.apple.webfilterd")
5269.         (global-name "com.apple.assertiond.extension")
5270.     )
5271.     (global-name "com.apple.wifi.manager")
5272.     (34 a9ae 9e84 5cff)
5273.     (global-name "com.apple.wcd")
5274.     (global-name "com.apple.coremedia.endpoint.xpc")
5275.     (global-name "com.apple.coremedia.endpointremotecontrolsession.xpc")
5276.     (global-name "com.apple.coremedia.figcpecryptor")
5277.     (require-any
5278.         (global-name "com.apple.wapi.client")
5279.         (global-name "com.apple.watchconnectivity.complication")
5280.         (global-name "com.apple.weibod.server")
5281.         (global-name "com.apple.videoconference.avconference")
5282.         (global-name "com.apple.vsassetd")
5283.         (global-name "com.apple.AdSheetPad.server")
5284.         (global-name "com.apple.AdSheetPhone.server")
5285.         (global-name "com.apple.telephonyutilities.remotelogdaemon")
5286.         (global-name "com.apple.telephonyutilities.callservicesdaemon.voip")
5287.         (global-name "com.apple.springboard.watchdogserver")
5288.         (global-name "com.apple.springboard.remotenotifications")
5289.         (global-name "com.apple.springboard.alerts")
5290.         (global-name "com.apple.springboard.UIKit.migserver")
5291.         (global-name "com.apple.scrod")
5292.         (global-name "com.apple.sandboxd")
5293.         (global-name "com.apple.MediaControl.daemon")
5294.         (global-name "com.apple.MobileAccessoryUpdater")
5295.         (global-name "com.apple.MobileFileIntegrity")
5296.         (global-name "com.apple.Music.MPMusicPlayerMigServer")
5297.         (global-name "com.apple.airplay.sender.xpc")
5298.         (global-name "com.apple.appleprofilepolicyd")
5299.         (global-name "com.apple.assetsd.keepDaemonAlive")
5300.         (global-name "com.apple.assetsd.notificationServer")
5301.         (global-name "com.apple.audio.AudioConverterServer")
5302.         (global-name "com.apple.audio.AudioFileServer")
5303.         (global-name "com.apple.audio.AudioUnitServer")
5304.         (global-name "com.apple.prdaily")
5305.         (global-name "com.apple.backboard.checkin")
5306.         (global-name "com.apple.backboard.watchdog")
5307.         (global-name "com.apple.backboard.workspaceserverconnection")
5308.         (global-name "com.apple.bypassBasebandAutoBooter.msgport")
5309.         (global-name "com.apple.mobileipod.MPMusicPlayerMigServerExists")
5310.         (global-name "com.apple.mobileipod.MPMusicPlayerMigServer")
5311.         (global-name "com.apple.mobileipod.MPMusicPlayerControllerInternal")
5312.         (global-name "com.apple.mobile.softwareupdated")
5313.         (global-name "com.apple.midiserver")
5314.         (global-name "com.apple.mediastream.sharing-nowake")
5315.         (global-name "com.apple.managedconfiguration.mdmdservice")
5316.         (global-name "com.apple.managedconfiguration.mdmdpush-prod")
5317.         (global-name "com.apple.managedconfiguration.mdmdpush-dev")
5318.         (global-name "com.apple.mDNSResponder")
5319.         (global-name "com.apple.callkit.callsourcehost")
5320.         (global-name "com.apple.clouddbd")
5321.         (global-name "com.apple.commcenter.dm-helper")
5322.         (global-name "com.apple.commcenter.mobile-helper")
5323.         (global-name "com.apple.coremedia.audioprocessingtap")
5324.         (global-name "com.apple.coremedia.cpe")
5325.         (global-name "com.apple.coremedia.cpe.xpc")
5326.         (global-name "com.apple.coremedia.cpeprotector")
5327.         (global-name "com.apple.coremedia.cpeprotector.xpc")
5328.         (global-name "com.apple.coremedia.formatreader")
5329.         (global-name "com.apple.coremedia.wirelessdisplay")
5330.         (global-name "com.apple.coremedia.wirelessdisplayserver")
5331.         (global-name "com.apple.cvmsCompAgent_armv7")
5332.         (global-name "com.apple.instruments.server.mig")
5333.         (global-name "com.apple.imavagent.embedded.auth")
5334.         (global-name "com.apple.iapauthd.xpc")
5335.         (global-name "com.apple.iapauthd")
5336.         (global-name "com.apple.iTunesStore.daemon.public")
5337.         (global-name "com.apple.iTunesStore.daemon.notifications.public")
5338.         (global-name "com.apple.datamigrator.dz")
5339.         (global-name "com.apple.devicecheckd")
5340.         (global-name "com.apple.distributed_notifications@0v3")
5341.         (global-name "com.apple.dt.xctestd.target")
5342.         (global-name "com.apple.gizmoappd")
5343.         (global-name "com.apple.gamed.note")
5344.         (global-name "com.apple.fileprovider.pushkit")
5345.     )
5346.     (global-name "com.apple.vibrationmanagerd")
5347.     (extension "com.apple.pluginkit.plugin-service")
5348.     (require-any
5349.         (global-name "com.apple.DragUI.druid.destination")
5350.         (global-name "com.apple.DragUI.druid.source")
5351.         (global-name "com.apple.VoiceOverTouch.drag.xpc")
5352.         (global-name "com.apple.ap.adtrackingd.attribution")
5353.         (global-name "com.apple.assistivetouchd.drag.xpc")
5354.     )
5355.     (global-name "com.apple.coremedia.remaker")
5356.     (global-name "com.apple.webinspector")
5357.     (global-name "com.apple.contactsd")
5358.     (global-name "com.apple.coremedia.compressionsession")
5359.     (global-name "com.apple.coremedia.decompressionsession")
5360.     (global-name "com.apple.imagent.embedded.auth")
5361.     (global-name "com.apple.coremedia.sandboxserver")
5362.     (global-name "com.apple.coremedia.sandboxserver.xpc")
5363.     (global-name "com.apple.corespotlightservice")
5364.     (global-name "com.apple.testmanagerd")
5365.     (34 a979 9e84 5d12)
5366.     (global-name "com.apple.fairplayd.versioned")
5367.     (global-name "com.apple.pegasus")
5368.     (global-name "com.apple.FileCoordination")
5369.     (global-name "com.apple.FileProvider")
5370.     (global-name "com.apple.bird")
5371.     (global-name "com.apple.bird.token")
5372.     (global-name "com.apple.librariand")
5373.     (global-name "com.apple.revisiond")
5374.     (global-name "com.apple.pairedsyncd.syncstate")
5375.     (global-name "com.apple.nano.nanoregistry.paireddeviceregistry")
5376.     (global-name "com.apple.hangtracerd")
5377.     (global-name "com.apple.gamecenter")
5378.     (require-any
5379.         (global-name "com.apple.iTunesStore.daemon")
5380.         (global-name "com.apple.iTunesStore.daemon.deatchwatch")
5381.         (global-name "com.apple.iTunesStore.daemon-notifications")
5382.     )
5383.     (global-name "com.apple.itdbprep.server")
5384.     (global-name "com.apple.gamed")
5385.     (require-any
5386.         (global-name "com.apple.geod")
5387.         (global-name "com.apple.nanomaps.xpc.GeoServices")
5388.     )
5389.     (global-name "com.apple.homed.xpc")
5390.     (require-any
5391.         (global-name "com.apple.cvmsServ")
5392.         (global-name "com.apple.gpumemd.source")
5393.     )
5394.     (global-name "com.apple.marco")
5395.     (global-name "com.apple.quicklook.ThumbnailsAgent")
5396.     (global-name "com.apple.pluginkit.pkd")
5397.     (global-name "com.apple.usymptomsd")
5398.     (require-any
5399.         (global-name "com.apple.symptomsd")
5400.         (global-name "com.apple.symptoms.symptomsd.managed_events")
5401.     )
5402.     (require-any
5403.         (global-name "com.apple.iap2d.distributednotification.server")
5404.         (global-name "com.apple.iaptransportd.xpc")
5405.         (global-name "com.apple.iapd.distributednotification.server")
5406.     )
5407.     (global-name "com.apple.securityd")
5408.     (global-name "com.apple.trustd")
5409.     (global-name "com.apple.commcenter.xpc")
5410.     (global-name "com.apple.commcenter.cupolicy.xpc")
5411.     (global-name "com.apple.SystemConfiguration.configd")
5412.     (require-any
5413.         (global-name "com.apple.SystemConfiguration.helper")
5414.         (global-name "com.apple.SystemConfiguration.PPPController")
5415.     )
5416.     (require-any
5417.         (global-name "com.apple.SystemConfiguration.SCNetworkReachability")
5418.         (global-name "com.apple.SystemConfiguration.DNSConfiguration")
5419.         (global-name "com.apple.SystemConfiguration.NetworkInformation")
5420.     )
5421.     (global-name "com.apple.iapd")
5422.     (require-any
5423.         (global-name "com.apple.iap2d")
5424.         (global-name "com.apple.iaptransportd")
5425.     )
5426.     (global-name "com.apple.coresymbolicationd")
5427.     (global-name "com.apple.nesessionmanager")
5428.     (global-name "com.apple.nehelper")
5429.     (global-name "com.apple.GSSCred")
5430.     (global-name "com.apple.accountsd.accountmanager")
5431.     (require-any
5432.         (global-name "com.apple.cfnetwork.AuthBrokerAgent")
5433.         (global-name "com.apple.cfnetwork.cfnetworkagent")
5434.         (global-name "com.apple.cookied")
5435.         (global-name "com.apple.nsurlstorage-cache")
5436.     )
5437.     (global-name "com.apple.dataaccess.dataaccessd")
5438.     (global-name "com.apple.mDNSResponderHelper")
5439.     (global-name "com.apple.corerecents.recentsd")
5440.     (global-name "com.apple.nsurlsessiond")
5441.     (global-name "com.apple.networkd")
5442.     (global-name "PurplePPTServer")
5443.     (global-name "PurpleSystemAppPort")
5444.     (global-name "PurpleSystemEventPort")
5445.     (global-name "com.apple.syncdefaultsd")
5446.     (global-name "com.apple.springboard.processinvalidation")
5447.     (global-name "com.apple.CoreAuthentication.daemon")
5448.     (global-name "com.apple.FSEvents")
5449.     (global-name "com.apple.GameController.gamecontrollerd")
5450.     (global-name "com.apple.springboard.icongeneration")
5451.     (global-name "com.apple.springboard.blockableservices")
5452.     (global-name "com.apple.springboard")
5453.     (global-name "com.apple.MobileInternetSharing")
5454.     (require-any
5455.         (global-name "com.apple.Music.MPMusicPlayerControllerInternal")
5456.         (global-name "com.apple.Music.MPMusicPlayerMigServerExists")
5457.     )
5458.     (global-name "com.apple.spotlight.SearchAgent")
5459.     (global-name "com.apple.coremedia.videoqueue")
5460.     (global-name "com.apple.PersistentURLTranslator.Gatekeeper")
5461.     (global-name "com.apple.PowerManagement.control")
5462.     (global-name "com.apple.ProgressReporting")
5463.     (global-name "com.apple.SBUserNotification")
5464.     (global-name "com.apple.VoiceOverTouch")
5465.     (global-name "com.apple.VoiceOverTouch.xpc")
5466.     (global-name "com.apple.server.bluetooth.le.pipe.xpc")
5467.     (global-name "com.apple.server.bluetooth.le.att.xpc")
5468.     (require-any
5469.         (global-name "com.apple.ait.client")
5470.         (global-name "com.apple.dataaccess.dataaccessd.active")
5471.         (global-name "com.apple.passd.in-app-payment")
5472.     )
5473.     (global-name "com.apple.server.bluetooth")
5474.     (global-name "com.apple.apsd")
5475.     (global-name "com.apple.videoconference.camera")
5476.     (global-name "com.apple.assetsd.changehub")
5477.     (global-name "com.apple.safarifetcherd")
5478.     (global-name "com.apple.passd.library")
5479.     (global-name "com.apple.atc")
5480.     (global-name "com.apple.audio.AURemoteIOServer")
5481.     (global-name "com.apple.passd.assertions")
5482.     (global-name "com.apple.medialibraryd.xpc")
5483.     (global-name "com.apple.parsecd")
5484.     (global-name "com.apple.awdd")
5485.     (global-name "com.apple.notificationcenter.widgetcontrollerconnection")
5486.     (global-name "com.apple.networking.captivenetworksupport")
5487.     (global-name "com.apple.mobilemail.services.xpc")
5488.     (global-name "com.apple.mobilecheckpoint.checkpointd")
5489.     (require-any
5490.         (global-name "com.apple.mobileassetd")
5491.         (global-name "com.apple.mobileassetd.v2")
5492.     )
5493.     (global-name "com.apple.certui.relay")
5494.     (global-name "com.apple.cloudd")
5495.     (require-any
5496.         (global-name "com.apple.coremedia.mutablecomposition")
5497.         (global-name "com.apple.coremedia.mutablecomposition.xpc")
5498.     )
5499.     (global-name "com.apple.mobile.installd")
5500.     (global-name "com.apple.midiserver.io")
5501.     (global-name "com.apple.coremedia.audiodeviceclock")
5502.     (global-name "com.apple.mediastream.sharing")
5503.     (global-name "com.apple.sharingd")
5504.     (global-name "com.apple.sharingd.nsxpc")
5505.     (require-any
5506.         (global-name "com.apple.backboard.TouchDeliveryPolicyServer")
5507.         (global-name "com.apple.backboard.hid.focus")
5508.         (global-name "com.apple.frontboard.workspace")
5509.         (global-name "com.apple.TextInput.lexicon-server")
5510.     )
5511.     (global-name "com.apple.springboard.services")
5512.     (global-name "com.apple.usernotifications.usernotificationservice")
5513.     (global-name "com.apple.CARenderServer")
5514.     (require-any
5515.         (global-name "com.apple.KeyboardServices.TextReplacementService")
5516.         (global-name "com.apple.audio.AudioComponentPrefs")
5517.         (global-name "com.apple.accessibility.gax.backboard")
5518.         (global-name "com.apple.voiceservices.keepalive")
5519.         (global-name "com.apple.TextInput")
5520.         (global-name "com.apple.TextInput.emoji")
5521.         (global-name "com.apple.TextInput.image-cache-server")
5522.         (global-name "com.apple.TextInput.rdt")
5523.         (global-name "com.apple.TextInput.shortcuts")
5524.         (global-name "com.apple.TextInput.preferences")
5525.         (global-name "com.apple.UIKit.KeyboardManagement")
5526.         (global-name "UIASTNotificationCenter")
5527.     )
5528.     (global-name "com.apple.UIKit.statusbarserver")
5529.     (global-name "com.apple.uikit.GestureServer")
5530.     (global-name "com.apple.assertiond.applicationstateconnection")
5531.     (global-name "com.apple.assertiond.expiration")
5532.     (global-name "com.apple.assertiond.processinfoservice")
5533.     (global-name "com.apple.audio.hapticd")
5534.     (global-name "com.apple.audio.SystemSoundServer-iOS")
5535.     (global-name "com.apple.audio.AudioComponentRegistrar")
5536.     (global-name "com.apple.backboard.animation-fence-arbiter")
5537.     (global-name "com.apple.backboard.display.services")
5538.     (local-name "com.apple.assistant.contextprovider.")
5539.     (global-name "com.apple.backboard.hid.services")
5540.     (global-name "com.apple.iohideventsystem")
5541.     (global-name "com.apple.iphone.axserver-systemwide")
5542.     (34 a9b9 9e84 5e2e)
5543.     (global-name "com.apple.frontboard.systemappservices")
5544.     (require-any
5545.         (global-name "com.apple.progressd")
5546.         (global-name "com.apple.dictationd.recognition")
5547.         (global-name "com.apple.airplaydiagnostics.server")
5548.         (global-name "com.apple.ondemandd.client")
5549.         (global-name "ScripterServer")
5550.     )
5551.     (global-name "com.apple.NPKCompanionAgent.library")
5552.     (global-name "com.apple.mediaremoted.xpc")
5553.     (global-name "com.apple.vibrationmanagerd")
5554.     (global-name "com.apple.PersistentURLTranslator.Gatekeeper")
5555.     (global-name "com.apple.assetsd.changehub")
5556.     (global-name "com.apple.mobilecheckpoint.checkpointd")
5557.     (require-any
5558.         (global-name "com.apple.iap2d.ExternalAccessory.distributednotification.server")
5559.         (global-name "com.apple.iaptransportd.ExternalAccessory.distributednotification.server")
5560.         (global-name "com.apple.ExternalAccessory.distributednotification.server")
5561.     )
5562.     (require-any
5563.         (global-name "com.apple.accessories.transport-server")
5564.         (global-name "com.apple.iap2d.xpc")
5565.         (global-name "com.apple.iapd.xpc")
5566.     )
5567.     (global-name "com.apple.coremedia.sandboxserver.xpc")
5568.     (global-name "com.apple.FileProvider")
5569.     (global-name "com.apple.audio.reporting.xpc")
5570.     (global-name "com.apple.quicklook.ThumbnailsAgent")
5571.     (require-any
5572.         (global-name "com.apple.UIKit.pasteboardd")
5573.         (global-name "com.apple.pasteboard.pasted")
5574.     )
5575.     (global-name "com.apple.audio.AURemoteIOServer")
5576.     (global-name "com.apple.assistant.analytics")
5577.     (global-name "com.apple.assistant.dictation")
5578.     (global-name "com.apple.revisiond")
5579.     (global-name "com.apple.FileCoordination")
5580.     (global-name "com.apple.nanoprefsync")
5581.     (global-name "com.apple.powerlog.plxpclogger.xpc")
5582.     (global-name "com.apple.accessories.externalaccessory-server")
5583.     (global-name "com.apple.callkit.callcontrollerhost")
5584.     (global-name "com.apple.librariand")
5585.     (global-name "com.apple.bird.token")
5586.     (require-any
5587.         (global-name "com.apple.mobileassetd")
5588.         (global-name "com.apple.mobileassetd.v2")
5589.     )
5590.     (global-name "com.apple.UIKit.KeyboardManagement.hosted")
5591.     (global-name "com.apple.itunescloudd.xpc")
5592.     (global-name "com.apple.itunesstored.xpc")
5593.     (global-name "com.apple.audio.AudioSession")
5594.     (require-any
5595.         (global-name "com.apple.fig.movie")
5596.         (global-name "com.apple.coremedia.player.xpc")
5597.         (global-name "com.apple.coremedia.visualcontext.xpc")
5598.     )
5599.     (global-name "com.apple.mediaserverd")
5600.     (global-name "com.apple.coremedia.admin")
5601.     (require-any
5602.         (global-name "com.apple.coremedia.asset")
5603.         (global-name "com.apple.coremedia.asset.xpc")
5604.         (global-name "com.apple.coremedia.customurlloader.xpc")
5605.         (global-name "com.apple.coremedia.figcontentkeysession.xpc")
5606.     )
5607.     (34 ac9f 9e84 5e52)
5608.     (require-any
5609.         (global-name "com.apple.coremedia.assetcacheinspector")
5610.         (global-name "com.apple.coremedia.audiodeviceclock.xpc")
5611.         (global-name "com.apple.coremedia.audioprocessingtap.xpc")
5612.         (global-name "com.apple.coremedia.capturesession")
5613.         (global-name "com.apple.coremedia.capturesource")
5614.         (global-name "com.apple.coremedia.recorder")
5615.         (global-name "com.apple.coremedia.routediscoverer.xpc")
5616.         (global-name "com.apple.coremedia.routingcontext.xpc")
5617.         (global-name "com.apple.coremedia.samplebufferaudiorenderer.xpc")
5618.         (global-name "com.apple.coremedia.samplebufferrendersynchronizer.xpc")
5619.         (global-name "com.apple.coremedia.systemcontroller.xpc")
5620.         (global-name "com.apple.coremedia.videocompositor")
5621.         (global-name "com.apple.coremedia.volumecontroller.xpc")
5622.     )
5623.     (require-any
5624.         (global-name "com.apple.coremedia.assetimagegenerator")
5625.         (global-name "com.apple.coremedia.assetimagegenerator.xpc")
5626.         (global-name "com.apple.coremedia.formatreader.xpc")
5627.         (global-name "com.apple.coremedia.remotequeue")
5628.     )
5629.     (global-name "com.apple.pegasus")
5630.     (34 ac84 9e84 5e56)
5631.     (global-name "com.apple.audio.AudioQueueServer")
5632.     (global-name "com.apple.coremedia.sandboxserver")
5633.     (34 ad18 9e84 5e59)
5634.     (b4 0017 9e84 5e5a)
5635.     (global-name "com.apple.coremedia.endpoint.xpc")
5636.     (global-name "com.apple.coremedia.endpointremotecontrolsession.xpc")
5637.     (global-name "com.apple.coremedia.figcpecryptor")
5638.     (global-name "com.apple.springboard.backgroundappservices")
5639.     (global-name "com.apple.accessibility.mediaaccessibilityd")
5640.     (34 accb 9e84 5e60)
5641.     (global-name-regex #"^com[.]apple[.]uikit[.]viewservice[.].+")
5642.     (global-name "com.apple.coremedia.remaker")
5643.     (global-name "com.apple.bird")
5644.     (global-name "com.apple.accessibility.AXBackBoardServer")
5645.     (global-name "com.apple.voiceservices.tts")
5646.     (b4 0019 9e84 5e66)
5647.     (global-name "com.apple.biometrickitd")
5648.     (global-name "com.apple.pearld")
5649.     (require-all
5650.         (process-attribute 4)
5651.         (global-name "com.apple.ReportCrash.SimulateCrash")
5652.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5653.     )
5654.     (require-all
5655.         (local-name-regex #".+")
5656.         (extension "com.apple.security.exception.mach-lookup.local-name")
5657.     )
5658.     (require-all
5659.         (extension "com.apple.security.exception.mach-lookup.global-name")
5660.         (global-name-regex #".+")
5661.     )
5662.     (require-all
5663.         (global-name "com.apple.ak.anisette.xpc")
5664.         (require-any
5665.             (require-entitlement "com.apple.authkit.client")
5666.             (require-entitlement "com.apple.authkit.client.private")
5667.             (require-entitlement "com.apple.authkit.client.internal")
5668.             (require-all
5669.                 (process-attribute 4)
5670.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5671.             )
5672.         )
5673.     )
5674.     (require-all
5675.         (global-name "com.apple.ak.auth.xpc")
5676.         (require-any
5677.             (require-entitlement "com.apple.authkit.client")
5678.             (require-entitlement "com.apple.authkit.client.private")
5679.             (require-entitlement "com.apple.authkit.client.internal")
5680.             (require-all
5681.                 (process-attribute 4)
5682.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5683.             )
5684.         )
5685.     )
5686.     (require-all
5687.         (global-name "com.apple.networkd_privileged")
5688.         (require-any
5689.             (require-entitlement "com.apple.networkd.advisory_socket")
5690.             (require-entitlement "com.apple.networkd.disable_opportunistic")
5691.             (require-entitlement "com.apple.networkd.modify_settings")
5692.             (require-entitlement "com.apple.networkd.persistent_interface")
5693.             (require-entitlement "com.apple.networkd_privileged")
5694.         )
5695.     )
5696.     (require-all
5697.         (34 cfc4 5dad 5db3)
5698.         (require-any
5699.             (require-entitlement "com.apple.private.imcore.imdpersistence.data-detection-access ")
5700.             (require-entitlement "com.apple.private.imcore.imdpersistence.database-access")
5701.             (require-entitlement "com.apple.private.imcore.spi.database-access")
5702.         )
5703.     )
5704.     (require-all
5705.         (process-attribute 4)
5706.         (require-any
5707.             (require-all
5708.                 (require-any
5709.                     (global-name "com.apple.ReportCrash")
5710.                     (global-name "com.apple.ReportCrash.DirectoryService")
5711.                     (global-name "com.apple.ReportCrash.StackShot")
5712.                     (global-name "com.apple.ReportCrash.SafetyNet")
5713.                 )
5714.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5715.             )
5716.             (require-all
5717.                 (global-name "com.apple.ReportCrash.Jetsam")
5718.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5719.             )
5720.         )
5721.     )
5722.     (require-all
5723.         (global-name "com.apple.replayd")
5724.         (require-not (process-attribute is-plugin))
5725.     )
5726.     (require-all
5727.         (global-name "com.apple.idsremoteurlconnectionagent.embedded.auth")
5728.         (require-any
5729.             (require-entitlement "com.apple.private.imcore.imremoteurlconnection")
5730.             (require-entitlement "com.apple.private.ids.remoteurlconnection")
5731.         )
5732.     )
5733.     (require-all
5734.         (global-name "com.apple.bulletinboard.utilitiesconnection")
5735.         (require-entitlement "com.apple.bulletinboard.utilities")
5736.     )
5737.     (require-all
5738.         (global-name "com.apple.bulletinboard.systemstateconnection")
5739.         (require-entitlement "com.apple.bulletinboard.systemstate")
5740.     )
5741.     (require-all
5742.         (global-name "com.apple.bulletinboard.settingsconnection")
5743.         (require-entitlement "com.apple.bulletinboard.settings")
5744.     )
5745.     (require-all
5746.         (global-name "com.apple.bulletinboard.observerconnection")
5747.         (require-entitlement "com.apple.bulletinboard.observer")
5748.     )
5749.     (require-all
5750.         (local-name "com.apple.iphone.axserver")
5751.         (require-entitlement "com.apple.accessibility.api")
5752.     )
5753.     (require-all
5754.         (global-name "com.apple.icfcallserver")
5755.         (require-entitlement "com.apple.private.icfcallserver")
5756.     )
5757.     (require-all
5758.         (global-name "com.apple.managedconfiguration.profiled")
5759.         (require-entitlement "com.apple.managedconfiguration.profiled-access")
5760.     )
5761.     (require-all
5762.         (process-attribute 4)
5763.         (require-any
5764.             (require-all
5765.                 (global-name "com.apple.aps.alertprovider.xpc")
5766.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5767.             )
5768.             (require-all
5769.                 (global-name "com.apple.coreduetd")
5770.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5771.             )
5772.             (require-all
5773.                 (global-name "com.apple.lskdd")
5774.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5775.             )
5776.             (require-all
5777.                 (global-name "com.apple.unfreed")
5778.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5779.             )
5780.         )
5781.     )
5782.     (require-all
5783.         (process-attribute 4)
5784.         (require-any
5785.             (require-all
5786.                 (global-name "com.apple.mobile.keybagd.UserManager.xpc")
5787.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5788.             )
5789.             (require-all
5790.                 (global-name "com.apple.mobile.keybagd.xpc")
5791.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5792.             )
5793.         )
5794.     )
5795.     (require-all
5796.         (global-name "com.apple.SystemConfiguration.PPPController-priv")
5797.         (require-entitlement "com.apple.networking.vpn.configuration")
5798.     )
5799.     (require-all
5800.         (global-name "com.apple.siri.vocabularyupdates")
5801.         (require-any
5802.             (require-entitlement "com.apple.siri.synapse")
5803.             (require-entitlement "com.apple.developer.siri")
5804.         )
5805.     )
5806.     (require-all
5807.         (global-name "com.apple.familycircle.agent")
5808.         (require-entitlement "com.apple.private.familycircle")
5809.     )
5810.     (require-all
5811.         (global-name "com.apple.icloud.findmydeviced")
5812.         (require-any
5813.             (require-entitlement "com.apple.aosnotification.aosnotifyd-access")
5814.             (require-entitlement "com.apple.icloud.findmydeviced.access")
5815.         )
5816.     )
5817.     (require-all
5818.         (global-name "com.apple.AOSNotification")
5819.         (require-entitlement "com.apple.aosnotification.aosnotifyd-access")
5820.     )
5821.     (require-all
5822.         (global-name "com.apple.mobilestoredemod")
5823.         (require-entitlement "com.apple.private.mobilestoredemo.enabledemo")
5824.     )
5825.     (require-all
5826.         (global-name "com.apple.personad.xpc")
5827.         (require-any
5828.             (require-entitlement "com.apple.private.persona.read")
5829.             (require-entitlement "com.apple.private.persona.write")
5830.             (require-entitlement "com.apple.private.contactsui")
5831.         )
5832.     )
5833.     (require-all
5834.         (global-name "com.apple.VideoSubscriberAccount.videosubscriptionsd")
5835.         (require-any
5836.             (require-entitlement "com.apple.smoot.subscriptionservice")
5837.             (require-entitlement "com.apple.private.subscriptionservice.internal")
5838.             (require-entitlement "com.apple.developer.video-subscription-registration")
5839.             (require-entitlement "com.apple.private.subscriptionservice.all-sources.read-only")
5840.             (require-entitlement "com.apple.private.subscriptionservice.web-sources.read-write")
5841.         )
5842.     )
5843.     (require-all
5844.         (global-name "com.apple.suggestd.spotlight")
5845.         (require-entitlement "com.apple.private.suggestions.spotlight")
5846.     )
5847.     (require-all
5848.         (global-name "com.apple.suggestd.mail")
5849.         (require-entitlement "com.apple.private.suggestions.mail")
5850.     )
5851.     (require-all
5852.         (global-name "com.apple.suggestd.events")
5853.         (require-entitlement "com.apple.private.suggestions.events")
5854.     )
5855.     (require-all
5856.         (global-name "com.apple.suggestd.contacts")
5857.         (require-entitlement "com.apple.private.suggestions.contacts")
5858.     )
5859.     (require-all
5860.         (global-name "com.apple.suggestd.suggestionmanager")
5861.         (require-entitlement "com.apple.private.suggestions")
5862.     )
5863.     (require-all
5864.         (global-name "com.apple.cache_delete")
5865.         (require-any
5866.             (require-entitlement "com.apple.mobile.deleted.AllowFreeSpace")
5867.             (require-entitlement "com.apple.private.CacheDelete")
5868.         )
5869.     )
5870.     (require-all
5871.         (global-name "com.apple.telephonyutilities.callservicesdaemon.callcapabilities")
5872.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5873.     )
5874.     (require-all
5875.         (require-any
5876.             (global-name "com.apple.accountsd.authmanager")
5877.             (global-name "com.apple.accountsd.accessmanager")
5878.             (global-name "com.apple.healthd.restriction")
5879.         )
5880.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5881.     )
5882.     (require-all
5883.         (global-name "com.apple.accountsd.oauthsigner")
5884.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5885.     )
5886.     (require-all
5887.         (global-name "com.apple.calaccessd")
5888.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5889.     )
5890.     (require-all
5891.         (global-name "com.apple.calaccessd.xpc")
5892.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5893.     )
5894.     (require-all
5895.         (global-name "com.apple.cmfsyncagent.embedded.auth")
5896.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5897.     )
5898.     (require-all
5899.         (global-name "com.apple.healthd.server")
5900.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5901.     )
5902.     (require-all
5903.         (global-name "com.apple.twitterd")
5904.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5905.     )
5906.     (require-all
5907.         (global-name "com.apple.twitterd.server")
5908.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5909.     )
5910.     (require-all
5911.         (require-any
5912.             (global-name "com.apple.locationd.registration")
5913.             (global-name "com.apple.locationd.spi")
5914.         )
5915.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5916.     )
5917.     (require-all
5918.         (global-name "com.apple.identityservicesd.idquery.embedded.auth")
5919.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5920.     )
5921.     (require-all
5922.         (global-name "com.apple.locationd.synchronous")
5923.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5924.     )
5925.     (require-all
5926.         (global-name "com.apple.spotlight.IndexAgent")
5927.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5928.     )
5929.     (require-all
5930.         (global-name "com.apple.ABDatabaseDoctor")
5931.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5932.     )
5933.     (require-all
5934.         (extension "com.apple.sandbox.application-group")
5935.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
5936.     )
5937.     (require-all
5938.         (require-not (34 a18d 5e67 9e85))
5939.         (require-any
5940.             (require-any
5941.                 (global-name "com.apple.appsupport.cplogd")
5942.                 (global-name "com.apple.dyld.closured")
5943.             )
5944.             (require-any
5945.                 (global-name "com.apple.ctkd.token-client")
5946.                 (global-name "com.apple.CoreAuthentication.daemon.libxpc")
5947.                 (global-name "com.apple.managedconfiguration.profiled.public")
5948.             )
5949.             (global-name "com.apple.aggregated")
5950.             (local-name "com.apple.cfprefsd.agent")
5951.             (global-name "com.apple.diagnosticd")
5952.             (global-name "com.apple.distributed_notifications@1v3")
5953.             (global-name "com.apple.system.notification_center")
5954.             (global-name "com.apple.system.logger")
5955.             (require-any
5956.                 (global-name "com.apple.assertiond.processassertionconnection")
5957.                 (global-name "com.apple.coreservices.lsuseractivitymanager.xpc")
5958.                 (global-name "com.apple.lsd.icons")
5959.             )
5960.             (require-any
5961.                 (global-name "com.apple.lsd.advertisingidentifiers")
5962.                 (global-name "com.apple.lsd.openurl")
5963.             )
5964.             (global-name "com.apple.tccd")
5965.             (global-name "com.apple.logd.events")
5966.             (global-name "com.apple.logd")
5967.             (global-name "com.apple.lsd.mapdb")
5968.             (require-any
5969.                 (global-name "com.apple.lsd.open")
5970.                 (global-name "com.apple.lsd")
5971.                 (global-name "com.apple.duetknowledged.activity")
5972.             )
5973.             (global-name "com.apple.system.libinfo.muser")
5974.             (require-any
5975.                 (global-name "com.apple.cfprefsd.daemon")
5976.                 (global-name "com.apple.cfprefsd.agent")
5977.             )
5978.             (global-name "com.apple.containermanagerd")
5979.             (global-name "com.apple.mobilegestalt.xpc")
5980.             (require-entitlement "com.apple.private.assets.accessible-asset-types")
5981.             (require-any
5982.                 (global-name "com.apple.mobileassetd")
5983.                 (global-name "com.apple.mobileassetd.v2")
5984.             )
5985.             (require-entitlement "com.apple.private.bmk.allow")
5986.             (require-all
5987.                 (global-name "com.apple.coreduetd")
5988.                 (require-entitlement "com.apple.coreduetd.allow")
5989.             )
5990.             (require-all
5991.                 (global-name "com.apple.coreduetd.people")
5992.                 (require-entitlement "com.apple.coreduetd.allow")
5993.             )
5994.             (require-all
5995.                 (global-name "com.apple.suggestd.PersonalizationPortrait.DeletionTracking")
5996.                 (require-entitlement "com.apple.coreduetd.allow")
5997.             )
5998.             (require-all
5999.                 (global-name "com.apple.symptom_diagnostics")
6000.                 (require-entitlement "com.apple.symptom_diagnostics.report")
6001.             )
6002.             (require-all
6003.                 (require-any
6004.                     (global-name "com.apple.appstored.xpc.jobmanager")
6005.                     (global-name "com.apple.appstored.xpc.request")
6006.                 )
6007.                 (require-entitlement "com.apple.appstored.install-apps")
6008.             )
6009.             (require-all
6010.                 (process-attribute 4)
6011.                 (require-any
6012.                     (global-name "com.apple.analyticsd")
6013.                     (global-name "com.apple.Honeybee.event-notify")
6014.                 )
6015.             )
6016.             (require-all
6017.                 (global-name "com.apple.securityd.ckks")
6018.                 (require-entitlement "com.apple.private.ckks")
6019.             )
6020.             (require-all
6021.                 (global-name "com.apple.symptom_analytics")
6022.                 (require-any
6023.                     (require-entitlement "com.apple.symptoms.NetworkOfInterest")
6024.                     (require-entitlement "com.apple.symptom_analytics.configure")
6025.                     (require-entitlement "com.apple.symptom_analytics.healthcheck")
6026.                     (require-entitlement "com.apple.symptom_analytics.query")
6027.                     (require-entitlement "com.apple.symptom_analytics.refresh")
6028.                     (require-entitlement "com.apple.symptom_analytics.reset")
6029.                     (require-entitlement "com.apple.symptom_analytics.setsnapshot")
6030.                     (require-entitlement "com.apple.symptom_analytics.setwatchpoint")
6031.                     (require-entitlement "com.apple.symptom_analytics.train")
6032.                 )
6033.             )
6034.             (require-all
6035.                 (global-name "com.apple.appstored.xpc.request")
6036.                 (require-any
6037.                     (require-entitlement "com.apple.appstored.install-system-apps")
6038.                     (require-entitlement "com.apple.appstored.install-apps")
6039.                 )
6040.             )
6041.             (require-all
6042.                 (global-name "com.apple.tailspind")
6043.                 (require-any
6044.                     (require-entitlement "com.apple.tailspin.config-apply")
6045.                     (require-entitlement "com.apple.tailspin.dump-output")
6046.                 )
6047.             )
6048.             (require-all
6049.                 (global-name "com.apple.rtcreportingd")
6050.                 (require-entitlement "com.apple.private.rtcreportingd")
6051.             )
6052.             (require-all
6053.                 (global-name "com.apple.nfcd.service.corenfc")
6054.                 (require-entitlement "com.apple.developer.nfc.readersession.formats")
6055.             )
6056.             (require-all
6057.                 (global-name "com.apple.ibooks.BLService")
6058.                 (require-entitlement "com.apple.itunesstored.private")
6059.             )
6060.             (require-all
6061.                 (global-name "com.apple.corecaptured")
6062.                 (require-entitlement "com.apple.corecapture.manager-access")
6063.             )
6064.             (require-all
6065.                 (global-name "com.apple.adid")
6066.                 (require-entitlement "adi-client")
6067.             )
6068.             (require-all
6069.                 (global-name "com.apple.absd")
6070.                 (require-any
6071.                     (require-entitlement "abs-client")
6072.                     (require-entitlement "absinthe-client")
6073.                 )
6074.             )
6075.             (require-all
6076.                 (global-name "com.apple.absinthed")
6077.                 (require-entitlement "absinthe-client")
6078.             )
6079.             (require-all
6080.                 (global-name "com.apple.contactsd.launch-services-proxy")
6081.                 (require-entitlement "com.apple.private.contactsui")
6082.             )
6083.             (require-all
6084.                 (global-name "com.apple.dprivacyd")
6085.                 (require-entitlement "com.apple.private.dprivacyd.allow")
6086.             )
6087.             (require-all
6088.                 (global-name "com.apple.telephonyutilities.callservicesdaemon.callprovidermanager")
6089.                 (require-entitlement "com.apple.telephonyutilities.callservicesd")
6090.             )
6091.             (require-all
6092.                 (global-name "com.apple.logd.admin")
6093.                 (require-any
6094.                     (require-entitlement "com.apple.private.logging.diagnostic")
6095.                     (require-entitlement "com.apple.diagnosticd.diagnostic")
6096.                 )
6097.             )
6098.             (require-all
6099.                 (global-name "com.apple.springboard.statusbarservices")
6100.                 (require-entitlement "com.apple.springboard.statusbarstyleoverrides")
6101.             )
6102.             (require-all
6103.                 (global-name "com.apple.passd.trusted-device-enrollment-info-provider")
6104.                 (require-entitlement "com.apple.private.passkit.trusted-device-enrollment-info")
6105.             )
6106.             (require-all
6107.                 (global-name "com.apple.bulletinboard.dataproviderconnection")
6108.                 (require-entitlement "com.apple.bulletinboard.dataprovider")
6109.             )
6110.             (require-all
6111.                 (global-name "com.apple.appstored.xpc.updates")
6112.                 (require-any
6113.                     (require-entitlement "com.apple.appstored.update-apps")
6114.                     (require-entitlement "com.apple.itunesstored.private")
6115.                 )
6116.             )
6117.             (require-all
6118.                 (global-name "com.apple.itunesstored.xpc")
6119.                 (require-entitlement "com.apple.itunesstored.private")
6120.             )
6121.         )
6122.     )
6123.     (require-all
6124.         (require-entitlement "com.apple.private.signing-identifier"
6125.             (require-any
6126.                 (require-all
6127.                     (entitlement-value "com.apple.mobilemail")
6128.                     (require-any
6129.                         (global-name "com.apple.sharingd.nsxpc")
6130.                         (require-any
6131.                             (global-name "com.apple.harvestd.manager")
6132.                             (global-name "com.apple.bulletindistributord.server")
6133.                         )
6134.                         (global-name "com.apple.backupd")
6135.                         (global-name "com.apple.mobilemail")
6136.                         (global-name "com.apple.nanoprefsync")
6137.                         (global-name "com.apple.routined.registration")
6138.                         (global-name "com.apple.identityservicesd.embedded.auth")
6139.                     )
6140.                 )
6141.                 (require-all
6142.                     (global-name "com.apple.nanoprefsync")
6143.                     (entitlement-value "com.apple.Music")
6144.                 )
6145.                 (require-all
6146.                     (global-name "com.apple.mobilesafari-settings")
6147.                     (entitlement-value "com.apple.WebSheet")
6148.                 )
6149.                 (require-all
6150.                     (entitlement-value "com.apple.mobilesafari")
6151.                     (require-any
6152.                         (global-name "com.apple.lsd.xpc")
6153.                         (global-name "com.apple.safarifetcherd")
6154.                         (global-name "com.apple.rtcreportingd")
6155.                     )
6156.                 )
6157.                 (require-all
6158.                     (entitlement-value "com.apple.Maps")
6159.                     (require-any
6160.                         (global-name "com.apple.assistant.analytics")
6161.                         (require-any
6162.                             (global-name "com.apple.nanomaps.xpc.Navigation")
6163.                             (global-name "com.apple.nanomaps.xpc.Maps")
6164.                         )
6165.                         (global-name "com.apple.routined.registration")
6166.                         (global-name "com.apple.nanomaps.xpc.GeoServices.Navigation")
6167.                         (global-name "com.apple.Maps.mapspushd")
6168.                         (global-name "com.apple.Maps.SpringBoard")
6169.                     )
6170.                 )
6171.                 (require-all
6172.                     (global-name "com.apple.mobile.keybagd.xpc")
6173.                     (entitlement-value "com.apple.WebContentFilter.remoteUI.WebContentAnalysisUI")
6174.                 )
6175.                 (require-all
6176.                     (global-name "com.apple.FileCoordination")
6177.                     (require-any
6178.                         (entitlement-value "com.apple.PassbookUIService")
6179.                         (require-all
6180.                             (entitlement-value "com.apple.stocks.watchkitextension")
6181.                             (require-any
6182.                                 (global-name "com.apple.FileCoordination")
6183.                                 (global-name "com.apple.nanoprefsync")
6184.                             )
6185.                         )
6186.                     )
6187.                 )
6188.                 (require-all
6189.                     (global-name "com.apple.nanoprefsync")
6190.                     (require-any
6191.                         (entitlement-value "com.apple.PassbookUIService")
6192.                         (require-all
6193.                             (entitlement-value "com.apple.stocks.watchkitextension")
6194.                             (require-any
6195.                                 (global-name "com.apple.FileCoordination")
6196.                                 (global-name "com.apple.nanoprefsync")
6197.                             )
6198.                         )
6199.                     )
6200.                 )
6201.             )
6202.         )
6203.     )
6204. )
6205. (allow mach-register
6206.     (require-all
6207.         (local-name-regex #".+")
6208.         (extension "com.apple.security.exception.mach-register.local-name")
6209.     )
6210.     (require-all
6211.         (global-name-regex #".+")
6212.         (extension "com.apple.security.exception.mach-register.global-name")
6213.     )
6214.     (require-all
6215.         (require-not (global-name-regex #"-idswake$" #".+-idswake$"))
6216.         (require-any
6217.             (local-name "com.apple.assistant.contextprovider.")
6218.             (local-name "com.apple.accessibility.gax.client")
6219.             (local-name "com.apple.iphone.axserver")
6220.             (require-all
6221.                 (extension "com.apple.sandbox.application-group")
6222.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6223.             )
6224.             (require-all
6225.                 (require-entitlement "com.apple.private.signing-identifier"
6226.                     (entitlement-value "com.apple.Music")
6227.                     (require-any
6228.                         (global-name "com.apple.Music.MPMusicPlayerControllerInternal")
6229.                         (global-name "com.apple.Music.MPMusicPlayerMigServerExists")
6230.                     )
6231.                 )
6232.             )
6233.         )
6234.     )
6235. )
6236. (allow network-inbound
6237.     (local ip "*:*")
6238.     (require-all
6239.         (subpath-prefix "${HOME}/Library/Mobile Documents")
6240.         (require-any
6241.             (extension "com.apple.librarian.ubiquity-container")
6242.             (extension "com.apple.app-sandbox.read-write")
6243.             (require-entitlement "com.apple.private.librarian.container-proxy")
6244.         )
6245.     )
6246.     (require-all
6247.         (subpath-prefix "${FRONT_USER_HOME}")
6248.         (extension "com.apple.sandbox.container")
6249.         (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
6250.     )
6251.     (require-all
6252.         (subpath-prefix "${HOME}")
6253.         (extension "com.apple.sandbox.application-group")
6254.         (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
6255.         (require-entitlement "com.apple.private.amfi.can-execute-cdhash")
6256.     )
6257. )
6258. (allow network-outbound
6259.     (require-all
6260.         (subpath-prefix "${HOME}/Library/Mobile Documents")
6261.         (require-any
6262.             (extension "com.apple.librarian.ubiquity-container")
6263.             (extension "com.apple.app-sandbox.read-write")
6264.             (require-entitlement "com.apple.private.librarian.container-proxy")
6265.         )
6266.     )
6267.     (require-all
6268.         (subpath-prefix "${FRONT_USER_HOME}")
6269.         (extension "com.apple.sandbox.container")
6270.         (regex #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/tmp$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Library$" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents/" #"^/private/var/mobile/Containers/Data/[^/]+/[^/]+/Documents$" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/euser[0-9]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/[-0-9A-F]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)/" #"^/private/var/Users/[^/]+/Containers/Data/[^/]+/[^/]+/((tmp|Library)|Documents)$")
6271.     )
6272.     (require-all
6273.         (process-attribute 4)
6274.         (literal "/private/var/run/lockdown.sock")
6275.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6276.     )
6277.     (require-all
6278.         (require-not (remote tcp "localhost:22"))
6279.         (require-not (remote tcp "localhost:23"))
6280.         (require-not (remote tcp "localhost:873"))
6281.         (require-not (remote tcp "localhost:62078"))
6282.         (require-any
6283.             (remote ip "*:*")
6284.             (literal "/private/var/run/mDNSResponder")
6285.             (require-any
6286.                 (control-name "com.apple.network.statistics")
6287.                 (control-name "com.apple.netsrc")
6288.             )
6289.             (literal "/private/var/run/printd")
6290.             (require-all
6291.                 (subpath-prefix "${HOME}")
6292.                 (extension "com.apple.sandbox.application-group")
6293.                 (regex #"^/private/var/mobile/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/euser[0-9]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/[-0-9A-F]+/Containers/Shared/AppGroup/[^/]+/" #"^/private/var/Users/[^/]+/Containers/Shared/AppGroup/[^/]+/")
6294.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6295.             )
6296.             (require-all
6297.                 (subpath-prefix "${HOME}/Library/Mobile Documents")
6298.                 (require-any
6299.                     (extension "com.apple.librarian.ubiquity-container")
6300.                     (require-entitlement "com.apple.private.librarian.container-proxy")
6301.                     (require-all
6302.                         (subpath-prefix "${HOME}/Library/Mobile Documents")
6303.                         (extension "com.apple.app-sandbox.read-write")
6304.                     )
6305.                 )
6306.             )
6307.             (require-all
6308.                 (vnode-type SOCKET)
6309.                 (literal-prefix "${FRONT_USER_HOME}/Library/ExternalAccessory/ea")
6310.             )
6311.         )
6312.     )
6313. )
6314. (allow nvram*)
6315. (allow nvram-delete)
6316. (allow nvram-get)
6317. (allow nvram-set)
6318. (allow user-preference-read
6319.     (preference-domain "com.apple.CoreMotion")
6320.     (preference-domain "com.apple.itunesstored")
6321.     (preference-domain "com.apple.mobileipod")
6322.     (preference-domain "com.apple.avfoundation")
6323.     (preference-domain "com.apple.coreaudio")
6324.     (preference-domain "com.apple.coremedia")
6325.     (preference-domain "com.apple.corevideo")
6326.     (require-any
6327.         (preference-domain "com.apple.pairedsync")
6328.         (preference-domain "com.apple.NanoRegistry")
6329.     )
6330.     (preference-domain "com.apple.demo-settings")
6331.     (preference-domain "com.apple.logging")
6332.     (extension "com.apple.security.exception.shared-preference.read-only")
6333.     (preference-domain "com.apple.hangtracer")
6334.     (preference-domain "com.apple.telephonyutilities.dialassist")
6335.     (preference-domain "com.apple.carrier")
6336.     (preference-domain "kCFPreferencesAnyApplication")
6337.     (preference-domain "com.apple.CFNetwork")
6338.     (require-any
6339.         (preference-domain "com.apple.LaunchServices")
6340.         (preference-domain "com.apple.avfoundation.videoperformancehud")
6341.     )
6342.     (preference-domain "com.apple.AOSNotification.public.notbackedup")
6343.     (preference-domain "com.apple.AdLib")
6344.     (preference-domain "com.apple.ConfigServer")
6345.     (preference-domain "com.apple.GMM")
6346.     (extension "com.apple.security.exception.shared-preference.read-write")
6347.     (preference-domain "com.apple.MapKit.internal")
6348.     (require-any
6349.         (preference-domain "com.apple.MobileAddressBook")
6350.         (preference-domain "com.apple.VoiceMemos")
6351.         (preference-domain "com.apple.XCTest")
6352.         (preference-domain "com.apple.certui")
6353.         (preference-domain "com.apple.gamekit")
6354.         (preference-domain "com.apple.imagent")
6355.         (preference-domain "com.apple.madrid")
6356.         (preference-domain "com.apple.managedconfiguration.janitor")
6357.         (preference-domain "com.apple.messagesbadgecontroller")
6358.         (preference-domain "com.apple.mobile.SyncMigrator")
6359.         (preference-domain "com.apple.mobileme.fmf.assistant")
6360.         (preference-domain "com.apple.mobilestoresettings")
6361.         (preference-domain "com.apple.mobiletimer")
6362.         (preference-domain "com.apple.mobilevpn")
6363.         (preference-domain "com.apple.network.eapclient.tls.TrustExceptions")
6364.         (preference-domain "com.apple.nike")
6365.         (preference-domain "com.apple.preferences.datetime")
6366.         (preference-domain "com.apple.preferences.network")
6367.         (preference-domain "com.apple.voicemail")
6368.         (preference-domain "mediaremote")
6369.         (preference-domain "itdbprepserver")
6370.     )
6371.     (preference-domain "com.apple.OTASyncState")
6372.     (preference-domain "com.apple.TTY")
6373.     (preference-domain "com.apple.mt")
6374.     (preference-domain "com.apple.WebFoundation")
6375.     (preference-domain "com.apple.coreanimation")
6376.     (preference-domain "com.apple.adtracking")
6377.     (preference-domain "com.apple.aggregated")
6378.     (preference-domain "com.apple.appleaccount")
6379.     (preference-domain "com.apple.apsd")
6380.     (preference-domain "com.apple.assistant.support")
6381.     (preference-domain "com.apple.atc")
6382.     (preference-domain "com.apple.camera")
6383.     (preference-domain "com.apple.celestial")
6384.     (preference-domain "com.apple.avkit")
6385.     (preference-domain "com.apple.compass")
6386.     (preference-domain "com.apple.dataaccess.dataaccessd")
6387.     (preference-domain "com.apple.gamed")
6388.     (preference-domain "com.apple.airplay")
6389.     (preference-domain "com.apple.WebUI")
6390.     (preference-domain "com.apple.imdsmsrecordstore")
6391.     (preference-domain "com.apple.imessage")
6392.     (preference-domain "com.apple.iqagent")
6393.     (preference-domain "com.apple.itdbprep.server")
6394.     (preference-domain "com.apple.UIKit")
6395.     (preference-domain "com.apple.Accessibility")
6396.     (preference-domain "com.apple.marco")
6397.     (preference-domain "com.apple.mmcs")
6398.     (preference-domain "com.apple.mms_override")
6399.     (preference-domain "com.apple.mediaaccessibility")
6400.     (preference-domain "com.apple.iokit.IOMobileGraphicsFamily")
6401.     (preference-domain "com.apple.mobilenotes")
6402.     (preference-domain "com.apple.mobileslideshow")
6403.     (require-any
6404.         (preference-domain "com.apple.opengl")
6405.         (preference-domain "com.apple.Metal")
6406.     )
6407.     (preference-domain "com.apple.softwareupdateservicesd")
6408.     (preference-domain "com.apple.GEO")
6409.     (preference-domain "com.apple.indigo")
6410.     (preference-domain "com.apple.youtubeframework")
6411.     (preference-domain "com.apple.persistentconnection-mcc")
6412.     (preference-domain "com.apple.persistentconnection")
6413.     (preference-domain "com.apple.videos")
6414.     (preference-domain "com.apple.ubd")
6415.     (preference-domain "com.apple.preferences.sounds")
6416.     (preference-domain "com.apple.preferences-sounds")
6417.     (preference-domain "com.apple.Sharing")
6418.     (preference-domain "com.apple.camera")
6419.     (preference-domain "com.apple.assistant.support")
6420.     (preference-domain "com.apple.EmojiPreferences")
6421.     (preference-domain "com.apple.iapd")
6422.     (preference-domain "com.apple.InputModePreferences")
6423.     (preference-domain "com.apple.keyboard")
6424.     (preference-domain "com.apple.lookup.shared")
6425.     (preference-domain "com.apple.Preferences")
6426.     (preference-domain "com.apple.nanoprefsyncd")
6427.     (preference-domain "com.apple.MobileAsset")
6428.     (preference-domain "com.apple.itunesstored")
6429.     (preference-domain "com.apple.mobileipod")
6430.     (preference-domain "com.apple.avfoundation")
6431.     (preference-domain "com.apple.coreaudio")
6432.     (preference-domain "com.apple.coremedia")
6433.     (preference-domain "com.apple.corevideo")
6434.     (preference-domain "com.apple.mediaaccessibility")
6435.     (preference-domain "com.apple.SpeakSelection")
6436.     (preference-domain "com.apple.VoiceOverTouch")
6437.     (preference-domain "com.apple.voiceservices")
6438.     (preference-domain "com.apple.da")
6439.     (preference-domain "com.apple.mediaremote")
6440.     (preference-domain "com.apple.mobileslideshow")
6441.     (preference-domain "com.apple.assistant.backedup")
6442.     (require-any
6443.         (preference-domain "com.apple.AppStore")
6444.         (preference-domain "com.apple.MobileStore")
6445.     )
6446.     (require-entitlement "com.apple.itunesstored.private")
6447.     (require-all
6448.         (preference-domain "com.apple.DataAccess.BehaviorOptions")
6449.         (process-attribute 4)
6450.         (require-any
6451.             (preference-domain "com.apple.demo-settings")
6452.             (preference-domain "com.apple.security")
6453.             (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6454.             (require-all
6455.                 (extension "com.apple.tcc.kTCCServicePhotos")
6456.                 (require-any
6457.                     (preference-domain "com.apple.avfoundation")
6458.                     (preference-domain "com.apple.coreaudio")
6459.                     (preference-domain "com.apple.coremedia")
6460.                     (preference-domain "com.apple.corevideo")
6461.                 )
6462.             )
6463.         )
6464.     )
6465.     (require-all
6466.         (preference-domain "com.apple.springboard")
6467.         (require-any
6468.             (require-entitlement "com.apple.system.set-alert-tone")
6469.             (require-entitlement "com.apple.media.ringtones.read-only")
6470.             (require-entitlement "com.apple.private.signing-identifier" (entitlement-value "com.apple.mobilemail"))
6471.             (require-entitlement "com.apple.system.get-wallpaper")
6472.             (require-entitlement "com.apple.private.signing-identifier"
6473.                 (require-any
6474.                     (entitlement-value "com.apple.iBooks")
6475.                     (entitlement-value "com.apple.itunesu")
6476.                 )
6477.             )
6478.             (require-entitlement "com.apple.container2")
6479.         )
6480.     )
6481.     (require-all
6482.         (preference-domain "com.apple.books")
6483.         (require-any
6484.             (require-entitlement "com.apple.private.signing-identifier"
6485.                 (require-any
6486.                     (entitlement-value "com.apple.iBooks")
6487.                     (entitlement-value "com.apple.itunesu")
6488.                 )
6489.             )
6490.             (require-entitlement "com.apple.container2")
6491.         )
6492.     )
6493.     (require-all
6494.         (preference-domain "com.apple.homesharing")
6495.         (require-any
6496.             (require-entitlement "com.apple.private.signing-identifier"
6497.                 (require-any
6498.                     (entitlement-value "com.apple.mobilesafari")
6499.                     (require-any
6500.                         (entitlement-value "com.apple.iBooks")
6501.                         (entitlement-value "com.apple.itunesu")
6502.                     )
6503.                 )
6504.             )
6505.             (require-entitlement "com.apple.container2")
6506.         )
6507.     )
6508.     (require-all
6509.         (preference-domain "com.apple.medialibrary")
6510.         (require-any
6511.             (require-entitlement "com.apple.private.signing-identifier"
6512.                 (require-any
6513.                     (entitlement-value "com.apple.mobilesafari")
6514.                     (require-any
6515.                         (entitlement-value "com.apple.iBooks")
6516.                         (entitlement-value "com.apple.itunesu")
6517.                     )
6518.                 )
6519.             )
6520.             (require-entitlement "com.apple.container2")
6521.         )
6522.     )
6523.     (require-all
6524.         (preference-domain "com.apple.mobilecal.alarmengine")
6525.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6526.     )
6527.     (require-all
6528.         (preference-domain "com.apple.mobilecal")
6529.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6530.     )
6531.     (require-all
6532.         (preference-domain "com.apple.AppSupport")
6533.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6534.     )
6535.     (require-all
6536.         (preference-domain "com.apple.GEO")
6537.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6538.     )
6539.     (require-all
6540.         (preference-domain "com.apple.locationd")
6541.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6542.     )
6543.     (require-all
6544.         (preference-domain "com.apple.CoreDuet")
6545.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6546.     )
6547.     (require-all
6548.         (preference-domain "com.apple.DataMigration")
6549.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6550.     )
6551.     (require-all
6552.         (require-any
6553.             (preference-domain "com.apple.icloud.findmydeviced.postwipe")
6554.             (preference-domain "com.apple.icloud.findmydeviced.public.notbackedup")
6555.         )
6556.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6557.     )
6558.     (require-all
6559.         (preference-domain "com.apple.AppSupport")
6560.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6561.     )
6562.     (require-all
6563.         (preference-domain "com.apple.PeoplePicker")
6564.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6565.     )
6566.     (require-all
6567.         (process-attribute 4)
6568.         (require-any
6569.             (preference-domain "com.apple.demo-settings")
6570.             (preference-domain "com.apple.security")
6571.             (require-all
6572.                 (extension "com.apple.tcc.kTCCServicePhotos")
6573.                 (require-any
6574.                     (preference-domain "com.apple.avfoundation")
6575.                     (preference-domain "com.apple.coreaudio")
6576.                     (preference-domain "com.apple.coremedia")
6577.                     (preference-domain "com.apple.corevideo")
6578.                 )
6579.             )
6580.         )
6581.     )
6582.     (require-all
6583.         (preference-domain "com.apple.proactive.PersonalizationPortrait")
6584.         (require-entitlement "com.apple.coreduetd.allow")
6585.     )
6586.     (require-all
6587.         (preference-domain "com.apple.avfoundation.frecents")
6588.         (require-entitlement "com.apple.avfoundation.allows-access-to-device-list")
6589.     )
6590.     (require-all
6591.         (preference-domain "com.apple.bulletinboard")
6592.         (require-entitlement "com.apple.bulletinboard.dataprovider")
6593.     )
6594.     (require-all
6595.         (preference-domain "com.apple.storeservices.itfe")
6596.         (require-entitlement "com.apple.itunesstored.private")
6597.     )
6598.     (require-all
6599.         (require-entitlement "com.apple.private.signing-identifier"
6600.             (require-any
6601.                 (preference-domain "com.apple.nanoprefsyncd")
6602.                 (require-all
6603.                     (preference-domain "com.apple.cloud.quota")
6604.                     (require-any
6605.                         (entitlement-value "com.apple.iCloudDriveApp")
6606.                         (entitlement-value "com.apple.mobilemail")
6607.                     )
6608.                 )
6609.                 (require-all
6610.                     (preference-domain "com.apple.youtube.dp")
6611.                     (entitlement-value "com.apple.mobilesafari")
6612.                 )
6613.                 (require-all
6614.                     (preference-domain "com.apple.mail.composition")
6615.                     (entitlement-value "com.apple.mobilemail")
6616.                 )
6617.                 (require-all
6618.                     (require-any
6619.                         (preference-domain "com.apple.MailAccount-ExtProperties")
6620.                         (preference-domain "com.apple.OTASyncAgent")
6621.                     )
6622.                     (entitlement-value "com.apple.mobilemail")
6623.                 )
6624.                 (require-all
6625.                     (preference-domain "com.apple.OTASyncState")
6626.                     (entitlement-value "com.apple.mobilemail")
6627.                 )
6628.                 (require-all
6629.                     (entitlement-value "com.apple.Maps")
6630.                     (require-any
6631.                         (preference-domain "com.apple.GMM")
6632.                         (require-any
6633.                             (preference-domain "com.apple.NanoMailKit")
6634.                             (preference-domain "com.apple.internal.Voltaire")
6635.                             (preference-domain "com.skyhookwireless.wps")
6636.                         )
6637.                         (preference-domain "com.apple.assistant")
6638.                     )
6639.                 )
6640.                 (require-all
6641.                     (preference-domain "com.apple.weather")
6642.                     (entitlement-value "com.apple.Maps")
6643.                 )
6644.             )
6645.         )
6646.     )
6647. )
6648. (allow managed-preference-read
6649.     (preference-domain "kCFPreferencesAnyApplication")
6650.     (extension "com.apple.security.exception.managed-preference.read-only")
6651.     (require-all
6652.         (preference-domain "com.apple.ist.AppleConnect")
6653.         (require-entitlement "com.apple.private.signing-identifier" (entitlement-value "com.apple.ist.AppleConnect.extension"))
6654.     )
6655. )
6656. (allow user-preference-write
6657.     (extension "com.apple.security.exception.shared-preference.read-write")
6658.     (require-all
6659.         (preference-domain "com.apple.itunesstored")
6660.         (require-any
6661.             (require-entitlement "com.apple.private.signing-identifier"
6662.                 (require-any
6663.                     (entitlement-value "com.apple.mobilesafari")
6664.                     (require-any
6665.                         (entitlement-value "com.apple.iBooks")
6666.                         (entitlement-value "com.apple.itunesu")
6667.                     )
6668.                 )
6669.             )
6670.             (require-entitlement "com.apple.container2")
6671.         )
6672.     )
6673.     (require-all
6674.         (preference-domain "com.apple.avfoundation.frecents")
6675.         (require-entitlement "com.apple.avfoundation.allows-access-to-device-list")
6676.     )
6677.     (require-all
6678.         (preference-domain "com.apple.itunesstored")
6679.         (require-entitlement "com.apple.itunesstored.private")
6680.     )
6681.     (require-all
6682.         (preference-domain "com.apple.springboard")
6683.         (require-entitlement "com.apple.system.set-alert-tone")
6684.     )
6685.     (require-all
6686.         (preference-domain "com.apple.mobileipod")
6687.         (require-any
6688.             (require-entitlement "com.apple.private.signing-identifier"
6689.                 (require-any
6690.                     (entitlement-value "com.apple.mobilesafari")
6691.                     (require-any
6692.                         (entitlement-value "com.apple.iBooks")
6693.                         (entitlement-value "com.apple.itunesu")
6694.                     )
6695.                 )
6696.             )
6697.             (require-entitlement "com.apple.container2")
6698.         )
6699.     )
6700.     (require-all
6701.         (require-entitlement "com.apple.private.signing-identifier"
6702.             (require-any
6703.                 (require-all
6704.                     (preference-domain "com.apple.cloud.quota")
6705.                     (require-any
6706.                         (entitlement-value "com.apple.iCloudDriveApp")
6707.                         (entitlement-value "com.apple.mobilemail")
6708.                     )
6709.                 )
6710.                 (require-all
6711.                     (preference-domain "com.apple.youtube.dp")
6712.                     (entitlement-value "com.apple.mobilesafari")
6713.                 )
6714.                 (require-all
6715.                     (preference-domain "com.apple.mail.composition")
6716.                     (entitlement-value "com.apple.mobilemail")
6717.                 )
6718.                 (require-all
6719.                     (require-any
6720.                         (preference-domain "com.apple.MailAccount-ExtProperties")
6721.                         (preference-domain "com.apple.OTASyncAgent")
6722.                     )
6723.                     (entitlement-value "com.apple.mobilemail")
6724.                 )
6725.                 (require-all
6726.                     (preference-domain "com.apple.OTASyncState")
6727.                     (entitlement-value "com.apple.mobilemail")
6728.                 )
6729.                 (require-all
6730.                     (entitlement-value "com.apple.Maps")
6731.                     (require-any
6732.                         (preference-domain "com.apple.GMM")
6733.                         (require-any
6734.                             (preference-domain "com.apple.NanoMailKit")
6735.                             (preference-domain "com.apple.internal.Voltaire")
6736.                             (preference-domain "com.skyhookwireless.wps")
6737.                         )
6738.                         (preference-domain "com.apple.assistant")
6739.                     )
6740.                 )
6741.             )
6742.         )
6743.     )
6744. )
6745. (allow process-info-codesignature
6746.     (require-entitlement "com.apple.security.exception.process-info")
6747.     (require-all
6748.         (target others)
6749.         (require-entitlement "com.apple.DiagnosticExtensions.extension")
6750.     )
6751.     (require-all
6752.         (process-attribute 4)
6753.         (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6754.     )
6755. )
6756. (allow process-info-dirtycontrol (target self))
6757. (allow process-info-rusage (require-entitlement "com.apple.security.exception.process-info"))
6758. (allow process-info-pidinfo
6759.     (target self)
6760.     (require-entitlement "com.apple.security.exception.process-info")
6761.     (require-all
6762.         (target others)
6763.         (require-any
6764.             (require-entitlement "com.apple.DiagnosticExtensions.extension")
6765.             (require-entitlement "com.apple.private.signing-identifier" (entitlement-value "com.apple.webbookmarksd"))
6766.         )
6767.     )
6768. )
6769. (allow signal
6770.     (target self)
6771.     (require-all
6772.         (target others)
6773.         (require-any
6774.             (require-entitlement "com.apple.DiagnosticExtensions.extension")
6775.             (require-entitlement "com.apple.private.signing-identifier" (entitlement-value "com.apple.webbookmarksd"))
6776.         )
6777.     )
6778. )
6779. (allow socket-ioctl)
6780. (allow sysctl-read
6781.     (require-any
6782.         (sysctl-name "kern.ipc.maxsockbuf")
6783.         (sysctl-name "kern.nisdomainname")
6784.         (sysctl-name "net.routetable.")
6785.         (sysctl-name "net.statistics")
6786.     )
6787.     (extension "com.apple.security.exception.sysctl.read-only")
6788.     (sysctl-name "kern.bootsessionuuid")
6789.     (extension "com.apple.security.exception.sysctl.read-write")
6790.     (require-all
6791.         (require-any
6792.             (sysctl-name "kern.proc.")
6793.             (sysctl-name "kern.procargs2.")
6794.         )
6795.         (require-any
6796.             (require-entitlement "com.apple.security.exception.process-info")
6797.             (require-entitlement "com.apple.DiagnosticExtensions.extension")
6798.             (require-all
6799.                 (sysctl-name "kern.proc.all")
6800.                 (require-entitlement "com.apple.private.signing-identifier" (entitlement-value "com.apple.webbookmarksd"))
6801.             )
6802.         )
6803.     )
6804.     (require-all
6805.         (process-attribute 4)
6806.         (require-any
6807.             (require-all
6808.                 (sysctl-name "kern.argmax")
6809.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6810.             )
6811.             (require-all
6812.                 (sysctl-name "kern.proc.pid.")
6813.                 (require-not (require-entitlement "com.apple.private.amfi.can-execute-cdhash"))
6814.             )
6815.         )
6816.     )
6817.     (require-all
6818.         (require-not (sysctl-name "sysctl.proc_native"))
6819.         (require-any
6820.             (require-any
6821.                 (sysctl-name "vm.loadavg")
6822.                 (sysctl-name "hw.busfrequency")
6823.                 (sysctl-name "hw.busfrequency_compat")
6824.                 (sysctl-name "hw.byteorder")
6825.                 (sysctl-name "hw.activecpu")
6826.                 (sysctl-name "hw.cachelinesize")
6827.                 (sysctl-name "hw.cachelinesize_compat")
6828.                 (sysctl-name "hw.cpu64bit_capable")
6829.                 (sysctl-name "hw.cpufamily")
6830.                 (sysctl-name "hw.cpufrequency")
6831.                 (sysctl-name "hw.cpufrequency_max")
6832.                 (sysctl-name "hw.cpufrequency_compat")
6833.                 (sysctl-name "hw.cputype")
6834.                 (sysctl-name "hw.cpusubtype")
6835.                 (sysctl-name "hw.vectorunit")
6836.                 (sysctl-name "hw.usermem")
6837.                 (sysctl-name "hw.tbfrequency_compat")
6838.                 (sysctl-name "hw.tbfrequency")
6839.                 (sysctl-name "hw.physmem")
6840.                 (sysctl-name "hw.physicalcpu_max")
6841.                 (sysctl-name "hw.physicalcpu")
6842.                 (sysctl-name "hw.pagesize_compat")
6843.                 (sysctl-name "hw.pagesize")
6844.                 (sysctl-name "hw.memsize")
6845.                 (sysctl-name "hw.logicalcpu_max")
6846.                 (sysctl-name "hw.logicalcpu")
6847.                 (sysctl-name "hw.l3settings")
6848.                 (sysctl-name "hw.l3cachesize_compat")
6849.                 (sysctl-name "hw.l3cachesize")
6850.                 (sysctl-name "hw.l2settings")
6851.                 (sysctl-name "hw.l2cachesize_compat")
6852.                 (sysctl-name "hw.l2cachesize")
6853.                 (sysctl-name "hw.l1icachesize_compat")
6854.                 (sysctl-name "hw.l1icachesize")
6855.                 (sysctl-name "hw.l1dcachesize_compat")
6856.                 (sysctl-name "hw.l1dcachesize")
6857.                 (sysctl-name "sysctl.name2oid")
6858.                 (sysctl-name "security.mac.sandbox.sentinel")
6859.                 (sysctl-name "kern.waketime")
6860.                 (sysctl-name "kern.version")
6861.                 (sysctl-name "kern.usrstack")
6862.                 (sysctl-name "kern.secure_kernel")
6863.                 (sysctl-name "kern.saved_ids")
6864.                 (sysctl-name "kern.osversion")
6865.                 (sysctl-name "kern.osvariant_status")
6866.                 (sysctl-name "kern.ostype")
6867.                 (sysctl-name "kern.osrelease")
6868.                 (sysctl-name "kern.osproductversion")
6869.                 (sysctl-name "kern.ngroups")
6870.                 (sysctl-name "kern.monotoniclock_offset_usecs")
6871.                 (sysctl-name "kern.monotonicclock")
6872.                 (sysctl-name "kern.maxproc")
6873.                 (sysctl-name "kern.maxfilesperproc")
6874.                 (sysctl-name "kern.hostid")
6875.                 (sysctl-name "kern.development")
6876.                 (sysctl-name "kern.clockrate")
6877.                 (sysctl-name "kern.boottime")
6878.                 (sysctl-name "kern.bootargs")
6879.             )
6880.             (sysctl-name "kern.usrstack64")
6881.             (require-any
6882.                 (sysctl-name "kern.memorystatus_level")
6883.                 (sysctl-name "hw.ncpu")
6884.                 (sysctl-name "hw.model")
6885.             )
6886.             (sysctl-name "kern.maxvnodes")
6887.             (sysctl-name "kern.hostname")
6888.             (sysctl-name "hw.machine")
6889.         )
6890.     )
6891. )
6892. (allow system-info
6893.     (require-all
6894.         (info-type "net.link.addr")
6895.         (require-entitlement "fairplay-client")
6896.         (require-not (require-entitlement "com.apple.private.MobileGestalt.AllowedProtectedKeys"))
6897.     )
6898. )
6899. (allow system-privilege)