Filters supported by libsandbox.dylib from macOS 10.15.4 (19E266)

libsandbox_10.15.4_19E266_filters.txt

path
mount-relative-path
xattr
file-mode
ipc-posix-name
global-name
local-name
local
remote
control-name
socket-domain
socket-type
socket-protocol
target
fsctl-command
ioctl-command
iokit-registry-entry-class
iokit-property
iokit-connection
device-major
device-minor
device-conforms-to
extension
extension-class
appleevent-destination
system-attribute
right-name
preference-domain
vnode-type
%entitlement-load
%entitlement-boolean
%entitlement-string
kext-bundle-id
info-type
notification-name
notification-payload
semaphore-owner
sysctl-name
process-path
rootless-boot-device-filter
rootless-disk-filter
privilege-id
process-attribute
uid
nvram-variable
csr
host-special-port
filesystem-name
boot-arg
xpc-service-name
signing-identifier
signal-number
target-signing-identifier
reboot-flags
datavault-disk-filter
extension-path-ancestor
file-attribute
storage-class
storage-class-extension
iokit-usb-interface-class
iokit-usb-interface-subclass
ancestor-signing-identifier
require-ancestor-with-entitlement
persona-type
syscall-number
syscall-mask
require-target-with-entitlement
iokit-registry-entry-attribute
user-intent-extension
snapshot-name