SBPL - SandBox Policy Language

Description of the SBPL - The Apple SandBox Policy Language

This is a description of the different primitives available in the SBPL - a language derived from TinyScheme used to describe what is allowed or denied to a process running on MacOSX 10.5 or higher operating system.

SBPL is a powerful language where one can construct simple one line rules or more complex program constructs. Unfortunately there is no real documentation available anywhere.

For those interested, there is a SBPL policy syntax file for vim available for download among with some install instructions.

File and disk handling primitives

File rule specifiers.

Interprocess communication


Network rule modifiers.

Process handling

System environment control


Last modified: Wed Jun 23 10:12:28 CEST 2010