mac_policies.txt

Dump of iOS MACF policy operations 

335 operations total
Only 148 present 
AMFI.kext holds 18, Sandbox.kext holds 130
Data dumped from iPhone9,3 running iOS 12.1.2 

AMFI policy:

operation mpo_cred_check_label_update_execve (6) is present
operation mpo_cred_label_associate (11) is present
operation mpo_cred_label_destroy (13) is present
operation mpo_cred_label_init (16) is present
operation mpo_cred_label_update_execve (18) is present
operation mpo_file_check_mmap (36) is present
operation mpo_file_check_library_validation (64) is present
operation mpo_policy_initbsd (116) is present
operation mpo_policy_syscall (117) is present
operation mpo_proc_check_inherit_ipc_ports (119) is present
operation mpo_proc_check_expose_task (125) is present
operation mpo_proc_check_debug (157) is present
operation mpo_proc_check_get_task (160) is present
operation mpo_proc_check_mprotect (164) is present
operation mpo_vnode_check_exec (258) is present
operation mpo_vnode_check_signature (304) is present
operation mpo_proc_check_run_cs_invalid (307) is present
operation mpo_proc_check_map_anon (315) is present

Sandbox policy:

operation mpo_cred_check_label_update_execve (6) is present
operation mpo_cred_check_label_update (7) is present
operation mpo_cred_label_associate (11) is present
operation mpo_cred_label_destroy (13) is present
operation mpo_cred_label_update_execve (18) is present
operation mpo_cred_label_update (19) is present
operation mpo_file_check_fcntl (29) is present
operation mpo_file_check_mmap (36) is present
operation mpo_file_check_set (38) is present
operation mpo_mount_check_fsctl (84) is present
operation mpo_mount_check_mount (87) is present
operation mpo_mount_check_remount (88) is present
operation mpo_mount_check_umount (91) is present
operation mpo_policy_init (115) is present
operation mpo_policy_initbsd (116) is present
operation mpo_policy_syscall (117) is present
operation mpo_system_check_sysctlbyname (118) is present
operation mpo_vnode_check_rename (120) is present
operation mpo_kext_check_query (121) is present
operation mpo_proc_check_expose_task (125) is present
operation mpo_proc_check_set_host_special_port (126) is present
operation mpo_proc_check_set_host_exception_port (127) is present
operation mpo_vnode_check_trigger_resolve (134) is present
operation mpo_skywalk_flow_check_connect (138) is present
operation mpo_skywalk_flow_check_listen (139) is present
operation mpo_posixsem_check_create (140) is present
operation mpo_posixsem_check_open (141) is present
operation mpo_posixsem_check_post (142) is present
operation mpo_posixsem_check_unlink (143) is present
operation mpo_posixsem_check_wait (144) is present
operation mpo_posixshm_check_create (148) is present
operation mpo_posixshm_check_open (150) is present
operation mpo_posixshm_check_stat (151) is present
operation mpo_posixshm_check_truncate (152) is present
operation mpo_posixshm_check_unlink (153) is present
operation mpo_proc_check_debug (157) is present
operation mpo_proc_check_fork (158) is present
operation mpo_proc_check_get_task_name (159) is present
operation mpo_proc_check_get_task (160) is present
operation mpo_proc_check_sched (165) is present
operation mpo_proc_check_setaudit (166) is present
operation mpo_proc_check_setauid (167) is present
operation mpo_proc_check_signal (169) is present
operation mpo_socket_check_bind (175) is present
operation mpo_socket_check_connect (176) is present
operation mpo_socket_check_create (177) is present
operation mpo_socket_check_listen (181) is present
operation mpo_socket_check_receive (182) is present
operation mpo_socket_check_send (185) is present
operation mpo_system_check_acct (202) is present
operation mpo_system_check_audit (203) is present
operation mpo_system_check_auditctl (204) is present
operation mpo_system_check_auditon (205) is present
operation mpo_system_check_host_priv (206) is present
operation mpo_system_check_nfsd (207) is present
operation mpo_system_check_reboot (208) is present
operation mpo_system_check_settime (209) is present
operation mpo_system_check_swapoff (210) is present
operation mpo_system_check_swapon (211) is present
operation mpo_socket_check_ioctl (212) is present
operation mpo_sysvmsq_check_enqueue (217) is present
operation mpo_sysvmsq_check_msgrcv (218) is present
operation mpo_sysvmsq_check_msgrmid (219) is present
operation mpo_sysvmsq_check_msqctl (220) is present
operation mpo_sysvmsq_check_msqget (221) is present
operation mpo_sysvmsq_check_msqrcv (222) is present
operation mpo_sysvmsq_check_msqsnd (223) is present
operation mpo_sysvsem_check_semctl (228) is present
operation mpo_sysvsem_check_semget (229) is present
operation mpo_sysvsem_check_semop (230) is present
operation mpo_sysvshm_check_shmat (235) is present
operation mpo_sysvshm_check_shmctl (236) is present
operation mpo_sysvshm_check_shmdt (237) is present
operation mpo_sysvshm_check_shmget (238) is present
operation mpo_proc_notify_exit (243) is present
operation mpo_mount_check_snapshot_revert (244) is present
operation mpo_vnode_check_getattr (245) is present
operation mpo_mount_check_snapshot_create (246) is present
operation mpo_mount_check_snapshot_delete (247) is present
operation mpo_vnode_check_clone (248) is present
operation mpo_proc_check_get_cs_info (249) is present
operation mpo_proc_check_set_cs_info (250) is present
operation mpo_iokit_check_hid_control (251) is present
operation mpo_vnode_check_access (252) is present
operation mpo_vnode_check_chroot (254) is present
operation mpo_vnode_check_create (255) is present
operation mpo_vnode_check_deleteextattr (256) is present
operation mpo_vnode_check_exchangedata (257) is present
operation mpo_vnode_check_exec (258) is present
operation mpo_vnode_check_getattrlist (259) is present
operation mpo_vnode_check_getextattr (260) is present
operation mpo_vnode_check_ioctl (261) is present
operation mpo_vnode_check_link (264) is present
operation mpo_vnode_check_listextattr (265) is present
operation mpo_vnode_check_open (267) is present
operation mpo_vnode_check_readlink (270) is present
operation mpo_vnode_check_revoke (273) is present
operation mpo_vnode_check_setattrlist (275) is present
operation mpo_vnode_check_setextattr (276) is present
operation mpo_vnode_check_setflags (277) is present
operation mpo_vnode_check_setmode (278) is present
operation mpo_vnode_check_setowner (279) is present
operation mpo_vnode_check_setutimes (280) is present
operation mpo_vnode_check_stat (281) is present
operation mpo_vnode_check_truncate (282) is present
operation mpo_vnode_check_unlink (283) is present
operation mpo_vnode_notify_create (303) is present
operation mpo_vnode_check_uipc_bind (305) is present
operation mpo_vnode_check_uipc_connect (306) is present
operation mpo_proc_check_suspend_resume (308) is present
operation mpo_iokit_check_set_properties (310) is present
operation mpo_system_check_chud (311) is present
operation mpo_vnode_check_searchfs (312) is present
operation mpo_priv_check (313) is present
operation mpo_priv_grant (314) is present
operation mpo_proc_check_map_anon (315) is present
operation mpo_vnode_check_fsgetpath (316) is present
operation mpo_iokit_check_open (317) is present
operation mpo_vnode_notify_rename (319) is present
operation mpo_vnode_check_setacl (320) is present
operation mpo_system_check_kas_info (322) is present
operation mpo_vnode_check_lookup_preflight (323) is present
operation mpo_system_check_info (325) is present
operation mpo_pty_notify_grant (326) is present
operation mpo_pty_notify_close (327) is present
operation mpo_kext_check_load (329) is present
operation mpo_kext_check_unload (330) is present
operation mpo_proc_check_proc_info (331) is present
operation mpo_iokit_check_filter_properties (333) is present
operation mpo_iokit_check_get_property (334) is present