; Copyright (C) 2010-2019 Apple Inc. All rights reserved.
;
; Redistribution and use in source and binary forms, with or without
; modification, are permitted provided that the following conditions
; are met:
; 1. Redistributions of source code must retain the above copyright
; notice, this list of conditions and the following disclaimer.
; 2. Redistributions in binary form must reproduce the above copyright
; notice, this list of conditions and the following disclaimer in the
; documentation and/or other materials provided with the distribution.
;
; THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
; BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
; SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
; INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
; CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
; ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
; THE POSSIBILITY OF SUCH DAMAGE.

(version 1)
(deny default (with partial-symbolication))
(allow system-audit file-read-metadata)

(import "common.sb")

(deny mach-lookup (xpc-service-name-prefix ""))

(deny lsopen)

;;;
;;; The following rules were originally contained in 'UIKit-apps.sb'. We are duplicating them here so we can
;;; remove unneeded sandbox extensions.
;;;

(allow mach-lookup
    (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
    (global-name-regex #"^com\.apple\.uikit\.viewservice\..+"))

;; Any app could use ubiquity.
(ubiquity-client)

;; Any app can play audio & movies.
(play-audio)
(play-media)

;; Access to media controls
(media-remote)

(url-translation)

;; TextInput framework
(allow mach-lookup
    (global-name "com.apple.TextInput"))

(mobile-preferences-read "com.apple.da")

;; Speak Selection & VoiceOver
;; <rdar://problem/12030530> AX: Sandbox violation with changing Language while VO is on
;; and <rdar://problem/13071747>
(mobile-preferences-read
    "com.apple.SpeakSelection" ; Needed for WebSpeech
    "com.apple.VoiceOverTouch" ; Needed for non-US english language synthesis
    "com.apple.voiceservices") ; Ditto

(allow mach-lookup
    (global-name "com.apple.audio.AudioComponentRegistrar"))

(allow mach-register
    (local-name "com.apple.iphone.axserver")) ; Needed for Application Accessibility

;; <rdar://problem/14555119> Access to high quality speech voices
;; Needed for WebSpeech
(allow file-read*
    (home-subpath "/Library/VoiceServices/Assets")
    (home-subpath "/Library/Assets/com_apple_MobileAsset_VoiceServicesVocalizerVoice"))

;; MediaAccessibility (captions)
;; <rdar://problem/12801477>
(mobile-preferences-read "com.apple.mediaaccessibility")
(allow mach-lookup (global-name "com.apple.accessibility.mediaaccessibilityd"))

;; Permit reading assets via MobileAsset framework.
(asset-access 'with-media-playback)

;; Network Extensions / VPN helper.
(allow mach-lookup
    (global-name "com.apple.nehelper")
    (global-name "com.apple.nesessionmanager.content-filter")) ;; <rdar://problem/48442387>

;; allow 3rd party applications to access nsurlstoraged's top level domain data cache
(allow-well-known-system-group-container-literal-read
    "/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")

;; Access the keyboards
(allow file-read*
    (home-subpath "/Library/Caches/com.apple.keyboards"))

;; <rdar://problem/19525887>
(allow mach-lookup (xpc-service-name-regex #"\.apple-extension-service$"))
;; <rdar://problem/31252371>
(allow mach-lookup (xpc-service-name-regex #"\.viewservice$"))

;; Power logging
(allow mach-lookup
    (global-name "com.apple.powerlog.plxpclogger.xpc")) ;;  <rdar://problem/36442803>

(mobile-preferences-read
    "com.apple.EmojiPreferences"
    ; <rdar://problem/8477596> com.apple.InputModePreferences
    "com.apple.InputModePreferences"
    ; <rdar://problem/8206632> Weather(1038) deny file-read-data ~/Library/Preferences/com.apple.keyboard.plist
    "com.apple.keyboard"
    ; <rdar://problem/9384085>
    "com.apple.Preferences"
    "com.apple.lookup.shared" ; Needed for DataDetector (Spotlight) support
)

;; Silently deny unnecessary accesses caused by MessageUI framework.
;; This can be removed once <rdar://problem/47038102> is resolved.
(deny file-read*
    (home-literal "/Library/Preferences/com.apple.mobilemail.plist")
    (with no-log))

;; <rdar://problem/12985925> Need read access to /var/mobile/Library/Fonts to all apps
(allow file-read*
    (home-subpath "/Library/Fonts"))

;; <rdar://problem/7344719&26323449> LaunchServices app icons
(allow file-read*
    (well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
(allow mach-lookup
    (xpc-service-name "com.apple.iconservices")
    (global-name "com.apple.iconservices"))

;; Common mach services needed by UIKit.
(allow mach-lookup
    (global-name "com.apple.CARenderServer")
    (global-name "com.apple.iohideventsystem")
    (global-name "com.apple.frontboard.systemappservices"))

;; <rdar://problem/47268166>
(allow mach-lookup (xpc-service-name "com.apple.MTLCompilerService"))

(allow-preferences-common)

;; CoreMotion
(mobile-preferences-read "com.apple.CoreMotion")

;; CoreMotion’s deviceMotion API
(with-filter
    (require-any
        (iokit-registry-entry-class "AppleOscarNub")
        (iokit-registry-entry-class "AppleSPUHIDInterface"))
    (allow iokit-get-properties
        (iokit-property "gyro-interrupt-calibration")))
(with-filter
    (iokit-registry-entry-class "IOHIDEventServiceFastPathUserClient")
    (allow iokit-open)
    (allow iokit-get-properties iokit-set-properties
        (iokit-property "interval"
                        "mode"
                        "QueueSize"
                        "useMag"))
    (allow iokit-get-properties
        (iokit-property "client")))

;; Home Button
(with-filter (iokit-registry-entry-class "IOPlatformDevice")
    (allow iokit-get-properties
        (iokit-property "home-button-type")))

;; Common preferences read by UIKit.
(mobile-preferences-read "com.apple.Accessibility"
    "com.apple.UIKit"
    "com.apple.WebUI"
    "com.apple.airplay"
    "com.apple.avkit"
    "com.apple.coreanimation"
    "com.apple.mt"
    "com.apple.preferences.sounds")

;; Silence sandbox violations from apps trying to create the empty plist if it doesn't exist.
;; <rdar://problem/13796537>
(deny file-write-create
    (home-prefix "/Library/Preferences/com.apple.UIKit.plist")
    (with no-report))

;; <rdar://problem/10809394>
(deny file-write-create
    (home-prefix "/Library/Preferences/com.apple.Accessibility.plist")
    (with no-report))

;; <rdar://problem/9404009>
(mobile-preferences-read "kCFPreferencesAnyApplication")

;; <rdar://problem/12250145>
(mobile-preferences-read "com.apple.mediaaccessibility")

; Dictionary Services used by UITextFields.
; <rdar://problem/9386926>
(allow-create-directory
    (home-literal "/Library/Caches/com.apple.DictionaryServices"))

; <rdar://problem/8548856> Sub-TLF: Sandbox change for apps for read-only access to the dictionary directory/data
(allow file-read*
    ; XXX - /Library ought to be allowed in all UI profiles but isn't (CF, MobileSafari)
    (subpath "/Library/Dictionaries")
    (home-subpath "/Library/Dictionaries"))

; <rdar://problem/8440231>
(allow file-read*
    (home-literal "/Library/Caches/DateFormats.plist"))
; Silently deny writes when CFData attempts to write to the cache directory.
(deny file-write*
    (home-literal "/Library/Caches/DateFormats.plist")
    (with no-log))

; UIKit-required IOKit nodes.
(allow iokit-open
    (iokit-user-client-class "AppleJPEGDriverUserClient")
    (iokit-user-client-class "IOSurfaceAcceleratorClient")
    (iokit-user-client-class "IOSurfaceSendRight")
    ;; Requires by UIView -> UITextMagnifierRenderer -> UIWindow
    (iokit-user-client-class "IOSurfaceRootUserClient"))

(framebuffer-access)

;; <rdar://problem/7822790>
(mobile-keybag-access)

; <rdar://problem/7595408> , <rdar://problem/7643881>
(opengl)

(location-services)

; CRCopyRestrictionsDictionary periodically tries to CFPreferencesAppSynchronize com.apple.springboard.plist
; which will attempt to create the plist if it doesn't exist -- from any application.  Only SpringBoard is
; allowed to write its plist; ignore all others, they don't know what they are doing.
; See <rdar://problem/9375027> for sample backtraces.
(deny file-write*
    (home-prefix "/Library/Preferences/com.apple.springboard.plist")
    (with no-log))

;; <rdar://problem/34986314>
(mobile-preferences-read "com.apple.indigo")

;;;
;;; End UIKit-apps.sb content
;;;

(deny sysctl*)
(allow sysctl-read
    (sysctl-name
        "hw.availcpu"
        "hw.ncpu"
        "hw.model"
        "kern.memorystatus_level"
        "vm.footprint_suspend"))

(deny iokit-get-properties (with partial-symbolication))
(allow iokit-get-properties
    (iokit-property-regex #"^AAPL,(DisplayPipe|OpenCLdisabled|IOGraphics_LER(|_RegTag_1|_RegTag_0|_Busy_2)|alias-policy|boot-display|display-alias|mux-switch-state|ndrv-dev|primary-display|slot-name)")
    (iokit-property "APTDevice")
    (iokit-property "AVCSupported")
    (iokit-property-regex #"^AppleJPEG(NumCores|Supports(AppleInterchangeFormats|MissingEOI|RSTLogging))")
    (iokit-property "BaseAddressAlignmentRequirement")
    (iokit-property-regex #"^DisplayPipe(PlaneBaseAlignment|StrideRequirements)")
    (iokit-property "HEVCSupported")
    (iokit-property-regex #"^IOGL(|ES(|Metal))BundleName")
    (iokit-property "IOGLESDefaultUseMetal")
    (iokit-property-regex #"IOGVA(BGRAEnc|Codec|EncoderRestricted|Scaler)")
    (iokit-property "IOClassNameOverride")
    (iokit-property "IOPlatformUUID")
    (iokit-property "IOSurfaceAcceleratorCapabilitiesDict")
    (iokit-property-regex #"^MetalPlugin(Name|ClassName)")
    (iokit-property "Protocol Characteristics")
    (iokit-property "als-colorCfg") ;; <rdar://problem/52903475>
    (iokit-property "artwork-device-idiom") ;; <rdar://problem/49497720>
    (iokit-property "artwork-device-subtype")
    (iokit-property "artwork-display-gamut") ;; <rdar://problem/49497788>
    (iokit-property "artwork-dynamic-displaymode") ;; <rdar://problem/49497720>
    (iokit-property "artwork-scale-factor") ;; <rdar://problem/49497788>
    (iokit-property-regex #"(canvas-height|canvas-width)")
    (iokit-property "chip-id") ;; <rdar://problem/52903477>
    (iokit-property "class-code")
    (iokit-property "color-accuracy-index")
    (iokit-property "compatible") ;; <rdar://problem/47523516>
    (iokit-property "compatible-device-fallback") ;; <rdar://problem/49497720>
    (iokit-property "device-colors") ;; <rdar://problem/51322072>
    (iokit-property "device-id")
    (iokit-property "device-perf-memory-class")
    (iokit-property "display-corner-radius") ;; <rdar://problem/50602737>
    (iokit-property "emu")
    (iokit-property "graphics-featureset-class") ;; <rdar://problem/49497720>
    (iokit-property "graphics-featureset-fallbacks") ;; <rdar://problem/51322072>
    (iokit-property "hdcp-hoover-protocol")
    (iokit-property "iommu-present")
    (iokit-property "oled-display") ;; <rdar://problem/51322072>
    (iokit-property "product-description") ;; <rdar://problem/49497788>
    (iokit-property "product-id")
    (iokit-property "region-info") ;; <rdar://problem/52903475>
    (iokit-property "regulatory-model-number") ;; <rdar://problem/52903475>
    (iokit-property "soc-generation") ;; <rdar://problem/52903476>
    (iokit-property "software-behavior")
    (iokit-property "vendor-id")
    (iokit-property "udid-version") ;; <rdar://problem/52903475>
    (iokit-property "ui-pip") ;; <rdar://problem/48867037>
)

;; Read-only preferences and data
(mobile-preferences-read
    "com.apple.LaunchServices"
    "com.apple.WebFoundation"
    "com.apple.mobileipod"
    "com.apple.avfoundation.frecents" ;; <rdar://problem/33137029>
    "com.apple.avfoundation.videoperformancehud" ;; <rdar://problem/31594568>
    "com.apple.voiceservices.logging")

;; Sandbox extensions
(define (apply-read-and-issue-extension op path-filter)
    (op file-read* path-filter)
    (op file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read") path-filter)))
(define (apply-write-and-issue-extension op path-filter)
    (op file-write* path-filter)
    (op file-issue-extension (require-all (extension-class "com.apple.app-sandbox.read-write") path-filter)))
(define (read-only-and-issue-extensions path-filter)
    (apply-read-and-issue-extension allow path-filter))
(define (read-write-and-issue-extensions path-filter)
    (apply-read-and-issue-extension allow path-filter)
    (apply-write-and-issue-extension allow path-filter))
(read-only-and-issue-extensions (extension "com.apple.app-sandbox.read"))
(read-write-and-issue-extensions (extension "com.apple.app-sandbox.read-write"))

;; Access to client's cache folder & re-vending to CFNetwork.
;; FIXME: Remove the webkti specific extension classes <rdar://problem/17755931>
(allow file-issue-extension (require-all
    (extension "com.apple.app-sandbox.read-write")
    (extension-class "com.apple.nsurlstorage.extension-cache")))

;; MediaAccessibility
(mobile-preferences-read "com.apple.mediaaccessibility")
(mobile-preferences-read-write "com.apple.mediaaccessibility.public")

;; Remote Web Inspector
(allow mach-lookup
       (global-name "com.apple.webinspector"))

;; Various services required by CFNetwork and other frameworks
(allow mach-lookup
    (global-name "com.apple.PowerManagement.control")
    (global-name "com.apple.analyticsd"))

(deny file-write-create (vnode-type SYMLINK))
(deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))

;; Allow loading injected bundles.
(allow file-map-executable)

;; AWD logging
(awd-log-directory "com.apple.WebKit.WebContent")

;; Allow ManagedPreference access
(allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))

(allow file-read-data
    (literal "/usr/local/lib/log") ; <rdar://problem/36629495>
)

;; Allow mediaserverd to issue file extensions for the purposes of reading media
(allow file-issue-extension (require-all
    (extension "com.apple.app-sandbox.read")
    (extension-class "com.apple.mediaserverd.read")))

;; Allow CoreMedia to communicate with mediaserverd in order to implement custom media loading
(allow mach-lookup
    (global-name "com.apple.coremedia.customurlloader.xpc"))

;; Media capture, microphone access
(with-filter (extension "com.apple.webkit.microphone")
    (allow device-microphone))

;; Media capture, camera access
(with-filter (extension "com.apple.webkit.camera")
    (allow user-preference-read
        (preference-domain "com.apple.coremedia"))
    (allow file-read* (subpath "/Library/CoreMediaIO/Plug-Ins/DAL"))
    (allow mach-lookup (extension "com.apple.app-sandbox.mach"))
    (allow device-camera))

;; Support incoming video connections
(allow mach-lookup
    (global-name "com.apple.coremedia.compressionsession")
    (global-name "com.apple.coremedia.decompressionsession")
    (global-name "com.apple.coremedia.videoqueue"))

;; FIXME: remove the send-signal when this rule is no longer generating crashes.
(deny mach-lookup (with send-signal SIGKILL)
    (global-name "com.apple.backboard.hid.services"))

(allow mach-lookup (extension "com.apple.webkit.extension.mach"))

;; These services have been identified as unused during living-on.
;; This list overrides some definitions above and in common.sb.
;; FIXME: remove overridden rules once the final list has been
;; established, see https://bugs.webkit.org/show_bug.cgi?id=193840
(deny mach-lookup
    (global-name "com.apple.CoreAuthentication.daemon.libxpc")
    (global-name "com.apple.FileCoordination")
    (global-name "com.apple.FileProvider")
    (global-name "com.apple.Honeybee.event-notify")
    (global-name "com.apple.MediaPlayer.RemotePlayerService")
    (global-name "com.apple.ReportCrash.SimulateCrash")
    (global-name "com.apple.accountsd.accountmanager")
    (global-name "com.apple.appsupport.cplogd")
    (global-name "com.apple.assertiond.processassertionconnection")
    (global-name "com.apple.audio.reporting.xpc")
    (global-name "com.apple.bird")
    (global-name "com.apple.bird.token")
    (global-name "com.apple.cfprefsd.agent")
    (global-name "com.apple.containermanagerd")
    (global-name "com.apple.coremedia.assetcacheinspector")
    (global-name "com.apple.coremedia.audiodeviceclock")
    (global-name "com.apple.coremedia.audioprocessingtap.xpc")
    (global-name "com.apple.coremedia.endpointremotecontrolsession.xpc")
    (global-name "com.apple.coremedia.sandboxserver")
    (global-name "com.apple.coremedia.videocompositor")
    (global-name "com.apple.coremedia.visualcontext.xpc")
    (global-name "com.apple.coreservices.lsuseractivitymanager.xpc")
    (global-name "com.apple.ctkd.token-client")
    (global-name "com.apple.cvmsServ")
    (global-name "com.apple.duetknowledged.activity")
    (global-name "com.apple.dyld.closured")
    (global-name "com.apple.gpumemd.source")
    (global-name "com.apple.hangtracerd")
    (global-name "com.apple.itunescloudd.xpc")
    (global-name "com.apple.itunesstored.xpc")
    (global-name "com.apple.librariand")
    (global-name "com.apple.locationd.spi")
    (global-name "com.apple.locationd.synchronous")
    (global-name "com.apple.lsd")
    (global-name "com.apple.lsd.advertisingidentifiers")
    (global-name "com.apple.lsd.icons")
    (global-name "com.apple.lsd.openurl")
    (global-name "com.apple.lsdiconservice")
    (global-name "com.apple.managedconfiguration.profiled.public")
    (global-name "com.apple.marco")
    (global-name "com.apple.mediaserverd")
    (global-name "com.apple.mobile.usermanagerd.xpc")
    (global-name "com.apple.nesessionmanager")
    (global-name "com.apple.pegasus")
    (global-name "com.apple.pluginkit.pkd")
    (global-name "com.apple.pluginkit.plugin-service")
    (global-name "com.apple.quicklook.ThumbnailsAgent")
    (global-name "com.apple.revisiond")
    (global-name "com.apple.springboard.backgroundappservices")
    (global-name "com.apple.system.libinfo.muser")
    (global-name "com.apple.webkit.camera")
)

(when (defined? 'syscall-unix)
    (deny syscall-unix (with send-signal SIGKILL))
    (allow syscall-unix
        (syscall-number SYS_exit)
        (syscall-number SYS_read)
        (syscall-number SYS_write)
        (syscall-number SYS_open)
        (syscall-number SYS_close)
        (syscall-number SYS_unlink)
        (syscall-number SYS_chmod)
        (syscall-number SYS_getuid)
        (syscall-number SYS_geteuid)
        (syscall-number SYS_recvfrom)
        (syscall-number SYS_getpeername)
        (syscall-number SYS_access)
        (syscall-number SYS_dup)
        (syscall-number SYS_pipe)
        (syscall-number SYS_getegid)
        (syscall-number SYS_getgid)
        (syscall-number SYS_sigprocmask)
        (syscall-number SYS_sigaltstack)
        (syscall-number SYS_ioctl)
        (syscall-number SYS_readlink)
        (syscall-number SYS_umask)
        (syscall-number SYS_msync)
        (syscall-number SYS_munmap)
        (syscall-number SYS_mprotect)
        (syscall-number SYS_madvise)
        (syscall-number SYS_fcntl)
        (syscall-number SYS_select)
        (syscall-number SYS_fsync)
        (syscall-number SYS_setpriority)
        (syscall-number SYS_socket)
        (syscall-number SYS_connect)
        (syscall-number SYS_setsockopt)
        (syscall-number SYS_gettimeofday)
        (syscall-number SYS_getrusage)
        (syscall-number SYS_getsockopt)
        (syscall-number SYS_writev)
        (syscall-number SYS_fchmod)
        (syscall-number SYS_rename)
        (syscall-number SYS_flock)
        (syscall-number SYS_sendto)
        (syscall-number SYS_shutdown)
        (syscall-number SYS_socketpair)
        (syscall-number SYS_mkdir)
        (syscall-number SYS_rmdir)
        (syscall-number SYS_pread)
        (syscall-number SYS_pwrite)
        (syscall-number SYS_csops)
        (syscall-number SYS_csops_audittoken)
        (syscall-number SYS_kdebug_trace64)
        (syscall-number SYS_kdebug_trace)
        (syscall-number SYS_sigreturn)
        (syscall-number SYS_pathconf)
        (syscall-number SYS_getrlimit)
        (syscall-number SYS_setrlimit)
        (syscall-number SYS_mmap)
        (syscall-number SYS_lseek)
        (syscall-number SYS_ftruncate)
        (syscall-number SYS_sysctl)
        (syscall-number SYS_mlock)
        (syscall-number SYS_munlock)
        (syscall-number SYS_getattrlist)
        (syscall-number SYS_getxattr)
        (syscall-number SYS_fgetxattr)
        (syscall-number SYS_listxattr)
        (syscall-number SYS_shm_open)
        (syscall-number SYS_sem_wait)
        (syscall-number SYS_sem_post)
        (syscall-number SYS_sysctlbyname)
        (syscall-number SYS_psynch_mutexwait)
        (syscall-number SYS_psynch_mutexdrop)
        (syscall-number SYS_psynch_cvbroad)
        (syscall-number SYS_psynch_cvsignal)
        (syscall-number SYS_psynch_cvwait)
        (syscall-number SYS_psynch_rw_wrlock)
        (syscall-number SYS_psynch_rw_unlock)
        (syscall-number SYS_psynch_cvclrprepost)
        (syscall-number SYS_process_policy)
        (syscall-number SYS_issetugid)
        (syscall-number SYS___pthread_kill)
        (syscall-number SYS___pthread_sigmask)
        (syscall-number SYS___disable_threadsignal)
        (syscall-number SYS___semwait_signal)
        (syscall-number SYS_proc_info)
        (syscall-number SYS_stat64)
        (syscall-number SYS_fstat64)
        (syscall-number SYS_lstat64)
        (syscall-number SYS_getdirentries64)
        (syscall-number SYS_statfs64)
        (syscall-number SYS_fstatfs64)
        (syscall-number SYS_getfsstat64)
        (syscall-number SYS_getaudit_addr)
        (syscall-number SYS_bsdthread_create)
        (syscall-number SYS_bsdthread_terminate)
        (syscall-number SYS_workq_kernreturn)
        (syscall-number SYS_thread_selfid)
        (syscall-number SYS_kevent_qos)
        (syscall-number SYS_kevent_id)
        (syscall-number SYS___mac_syscall)
        (syscall-number SYS_read_nocancel)
        (syscall-number SYS_write_nocancel)
        (syscall-number SYS_open_nocancel)
        (syscall-number SYS_close_nocancel)
        (syscall-number SYS_sendmsg_nocancel)
        (syscall-number SYS_recvfrom_nocancel)
        (syscall-number SYS_fcntl_nocancel)
        (syscall-number SYS_select_nocancel)
        (syscall-number SYS_connect_nocancel)
        (syscall-number SYS_sendto_nocancel)
        (syscall-number SYS_fsgetpath)
        (syscall-number SYS_fileport_makeport)
        (syscall-number SYS_guarded_open_np)
        (syscall-number SYS_guarded_close_np)
        (syscall-number SYS_change_fdguard_np)
        (syscall-number SYS_proc_rlimit_control)
        (syscall-number SYS_connectx)
        (syscall-number SYS_getattrlistbulk)
        (syscall-number SYS_openat)
        (syscall-number SYS_openat_nocancel)
        (syscall-number SYS_fstatat64)
        (syscall-number SYS_mkdirat)
        (syscall-number SYS_bsdthread_ctl)
        (syscall-number SYS_csrctl)
        (syscall-number SYS_guarded_pwrite_np)
        (syscall-number SYS_getentropy)
        (syscall-number SYS_necp_open)
        (syscall-number SYS_necp_client_action)
        (syscall-number SYS_ulock_wait)
        (syscall-number SYS_ulock_wake)
        (syscall-number SYS_kdebug_typefilter)
        (syscall-number SYS_shared_region_check_np)
        (syscall-number SYS_getpid)
        (syscall-number SYS_bsdthread_register)
        (syscall-number SYS_sigaction)
        (syscall-number SYS_gettid)
        (syscall-number SYS_workq_open)
        (syscall-number SYS_chdir)
        (syscall-number SYS_memorystatus_control)
        (syscall-number SYS_sem_open)
        (syscall-number SYS_sem_close)
        (syscall-number SYS_fsetattrlist)
        (syscall-number SYS_guarded_open_dprotected_np) ; <rdar://problem/48166729>
        (syscall-number SYS_mremap_encrypted)
        (syscall-number SYS_dup2)
        (syscall-number SYS_fileport_makefd)
        (syscall-number SYS_os_fault_with_payload)
        (syscall-number SYS_persona)
        (syscall-number SYS_work_interval_ctl)
        (syscall-number SYS_open_dprotected_np)
        (syscall-number SYS_pread_nocancel)
        (syscall-number SYS___semwait_signal_nocancel)
        (syscall-number SYS_kdebug_trace_string) ;; Needed for performance sampling, see <rdar://problem/48829655>.
        (syscall-number SYS_fgetattrlist) ;; <rdar://problem/50266257>
        (syscall-number SYS_fsetxattr) ;; <rdar://problem/49795964>
        (syscall-number SYS_abort_with_payload) ;; <rdar://problem/50967271>
        (syscall-number SYS_kqueue) ;; <rdar://problem/49609201>
        (syscall-number SYS_kqueue_workloop_ctl) ;; <rdar://problem/50999499>
        (syscall-number SYS_psynch_rw_rdlock) ;; <rdar://problem/51134351>
    )
)