openai · nornagon-openai · Sep 12, 2025 · Sep 11, 2025 · ithilgore · Sep 12, 2025
diff --git a/codex-rs/core/src/seatbelt_base_policy.sbpl b/codex-rs/core/src/seatbelt_base_policy.sbpl
@@ -2,14 +2,21 @@
 
 ; inspired by Chrome's sandbox policy:
 ; https://source.chromium.org/chromium/chromium/src/+/main:sandbox/policy/mac/common.sb;l=273-319;drc=7b3962fe2e5fc9e2ee58000dc8fbf3429d84d3bd
+; https://source.chromium.org/chromium/chromium/src/+/main:sandbox/policy/mac/renderer.sb;l=64;drc=7b3962fe2e5fc9e2ee58000dc8fbf3429d84d3bd
 
 ; start with closed-by-default
 (deny default)
 
 ; child processes inherit the policy of their parent
 (allow process-exec)
 (allow process-fork)
-(allow signal (target self))
+(allow signal (target same-sandbox))
+
+; Allow cf prefs to work.
+(allow user-preference-read)
+
+; process-info
+(allow process-info* (target same-sandbox))
 
 (allow file-write-data
   (require-all
@@ -32,28 +39,22 @@
   (sysctl-name "hw.l3cachesize_compat")
   (sysctl-name "hw.logicalcpu_max")
   (sysctl-name "hw.machine")
+  (sysctl-name "hw.memsize")
   (sysctl-name "hw.ncpu")
   (sysctl-name "hw.nperflevels")
-  (sysctl-name "hw.optional.arm.FEAT_BF16")
-  (sysctl-name "hw.optional.arm.FEAT_DotProd")
-  (sysctl-name "hw.optional.arm.FEAT_FCMA")
-  (sysctl-name "hw.optional.arm.FEAT_FHM")
-  (sysctl-name "hw.optional.arm.FEAT_FP16")
-  (sysctl-name "hw.optional.arm.FEAT_I8MM")
-  (sysctl-name "hw.optional.arm.FEAT_JSCVT")
-  (sysctl-name "hw.optional.arm.FEAT_LSE")
-  (sysctl-name "hw.optional.arm.FEAT_RDM")
-  (sysctl-name "hw.optional.arm.FEAT_SHA512")
-  (sysctl-name "hw.optional.armv8_2_sha512")
-  (sysctl-name "hw.memsize")
-  (sysctl-name "hw.pagesize")
+  ; Chrome locks these CPU feature detection down a bit more tightly,
+  ; but mostly for fingerprinting concerns which isn't an issue for codex.
+  (sysctl-name-prefix "hw.optional.arm.")
+  (sysctl-name-prefix "hw.optional.armv8_")
   (sysctl-name "hw.packages")
   (sysctl-name "hw.pagesize_compat")
+  (sysctl-name "hw.pagesize")
   (sysctl-name "hw.physicalcpu_max")
   (sysctl-name "hw.tbfrequency_compat")
   (sysctl-name "hw.vectorunit")
   (sysctl-name "kern.hostname")
   (sysctl-name "kern.maxfilesperproc")
+  (sysctl-name "kern.maxproc")
   (sysctl-name "kern.osproductversion")
   (sysctl-name "kern.osrelease")
   (sysctl-name "kern.ostype")
@@ -63,14 +64,27 @@
   (sysctl-name "kern.usrstack64")
   (sysctl-name "kern.version")
   (sysctl-name "sysctl.proc_cputype")
+  (sysctl-name "vm.loadavg")
   (sysctl-name-prefix "hw.perflevel")
+  (sysctl-name-prefix "kern.proc.pgrp.")
+  (sysctl-name-prefix "kern.proc.pid.")
+  (sysctl-name-prefix "net.routetable.")
+)
+
+; IOKit
+(allow iokit-open
+  (iokit-registry-entry-class "RootDomainUserClient")
+)
+
+; needed to look up user info, see https://crbug.com/792228
+(allow mach-lookup
+  (global-name "com.apple.system.opendirectoryd.libinfo")
 )
 
 ; Added on top of Chrome profile
 ; Needed for python multiprocessing on MacOS for the SemLock
 (allow ipc-posix-sem)
 
-; needed to look up user info, see https://crbug.com/792228
 (allow mach-lookup
-  (global-name "com.apple.system.opendirectoryd.libinfo")
+  (global-name "com.apple.PowerManagement.control")
 )