theevilbit/macos_sonoma_launch_constraints.txt

## macos_sonoma_launch_constraints.txt
Original by LinuS Henze for iOS16: https://gist.github.com/LinusHenze/4cd5d7ef057a144cda7234e2c247c056

Following his format I updated it for macOS Sonoma (14) and I guess it's the same for iOS17, but didn't cross check.

Constraint Categories:
    Category 0:
        Self Constraint: N/A
        Parent Constraint: N/A

    Category 1:
        Self Constraint: (on-authorized-authapfs-volume || on-system-volume) && launch-type == 1 && validation-category == 1
        Parent Constraint: is-init-proc

    Category 2:
        Self Constraint: on-authorized-authapfs-volume || on-system-volume
        Parent Constraint:

    Category 3:
        Self Constraint: (on-authorized-authapfs-volume || on-system-volume) && (launch-type == 0 || launch-type == 1) && validation-category == 1
        Parent Constraint:

    Category 4:
        Self Constraint: (on-authorized-authapfs-volume || on-system-volume) && (launch-type == 0 || launch-type == 1) && validation-category == 1
        Parent Constraint: (on-system-volume && signing-identifier == "com.apple.mbfloagent" && validation-category == 1) || is-init-proc

    Category 5:
        Self Constraint: validation-category == 1
        Parent Constraint: (on-system-volume && signing-identifier == "com.apple.mbfloagent" && validation-category == 1) || is-init-proc

    Category 6:
        Self Constraint: (!in-tc-with-constraint-category || is-sip-protected || on-authorized-authapfs-volume || on-system-volume) && launch-type == 1 && validation-category == 1
        Parent Constraint: (apple-internal && entitlements["com.apple.private.set-launch-type.internal"] == 1) || is-init-proc

    Category 7:
        Self Constraint: validation-category == 1
        Parent Constraint:

    Category 8:
        Self Constraint: (on-authorized-authapfs-volume || on-system-volume) && launch-type == 2 && validation-category == 1
        Parent Constraint: (on-authorized-authapfs-volume || on-system-volume) && (signing-identifier == "com.apple.sysdiagnose" || signing-identifier == "com.apple.sysdiagnose") && validation-category == 1

    Category 9:
        Self Constraint: (on-authorized-authapfs-volume || on-system-volume) && apple-internal == 1 && (launch-type == 0 || launch-type == 2) && validation-category == 1
        Parent Constraint:

    Category 10:
        Self Constraint: (on-authorized-authapfs-volume || on-system-volume) && (launch-type == 0 || launch-type == 2) && validation-category == 1
        Parent Constraint:

    Category 11: (same as 10?)
        Self Constraint:
        Parent Constraint:

    Category 12:
        Self Constraint: (on-authorized-authapfs-volume || on-system-volume) && (launch-type == 0 || launch-type == 1 || launch-type == 2) && validation-category == 1
        Parent Constraint:

    Category 13:
        Self Constraint: (launch-type == 0 || launch-type == 2) && validation-category == 1
        Parent Constraint:

    Category 14:
        Self Constraint: (on-authorized-authapfs-volume || on-system-volume) && launch-type == 3 && validation-category == 1
        Parent Constraint: is-init-proc

    Category 15:
        Self Constraint: (on-authorized-authapfs-volume || on-system-volume) && (launch-type == 0 || launch-type == 3) && validation-category == 1
        Parent Constraint: is-init-proc

    Category 16:
        Self Constraint: launch-type == 3 && validation-category == 1
        Parent Constraint: is-init-proc

    Category 17:
        Self Constraint: (((is-sip-protected || on-authorized-authapfs-volume || on-system-volume) && validation-category == 1) || apple-internal == 1) && launch-type == 2
        Parent Constraint:

    Category 18:
        Self Constraint: (on-authorized-authapfs-volume || on-system-volume) && developer-mode && validation-category == 1
        Parent Constraint: ((is-init-proc || signing-identifier == "com.apple.CoreDevice.dtdebugproxyd") && validation-category == 1) || apple-internal

    Category 19: (same as 2?)
        Self Constraint:
        Parent Constraint:

    Category 20:
        Self Constraint: (on-authorized-authapfs-volume || on-system-volume) && (launch-type == 0 || launch-type == 1 || launch-type == 3) && validation-category == 1
        Parent Constraint:

Launch Types:
  CS_LAUNCH_TYPE_NONE = 0
  CS_LAUNCH_TYPE_SYSTEM_SERVICE = 1
  CS_LAUNCH_TYPE_SYSDIAGNOSE = 2
  CS_LAUNCH_TYPE_APPLICATION = 3
	Original by LinuS Henze for iOS16: https://gist.github.com/LinusHenze/4cd5d7ef057a144cda7234e2c247c056

	Following his format I updated it for macOS Sonoma (14) and I guess it's the same for iOS17, but didn't cross check.

	Constraint Categories:
	Category 0:
	Self Constraint: N/A
	Parent Constraint: N/A

	Category 1:
	Self Constraint: (on-authorized-authapfs-volume \|\| on-system-volume) && launch-type == 1 && validation-category == 1
	Parent Constraint: is-init-proc

	Category 2:
	Self Constraint: on-authorized-authapfs-volume \|\| on-system-volume
	Parent Constraint:

	Category 3:
	Self Constraint: (on-authorized-authapfs-volume \|\| on-system-volume) && (launch-type == 0 \|\| launch-type == 1) && validation-category == 1
	Parent Constraint:

	Category 4:
	Self Constraint: (on-authorized-authapfs-volume \|\| on-system-volume) && (launch-type == 0 \|\| launch-type == 1) && validation-category == 1
	Parent Constraint: (on-system-volume && signing-identifier == "com.apple.mbfloagent" && validation-category == 1) \|\| is-init-proc

	Category 5:
	Self Constraint: validation-category == 1
	Parent Constraint: (on-system-volume && signing-identifier == "com.apple.mbfloagent" && validation-category == 1) \|\| is-init-proc

	Category 6:
	Self Constraint: (!in-tc-with-constraint-category \|\| is-sip-protected \|\| on-authorized-authapfs-volume \|\| on-system-volume) && launch-type == 1 && validation-category == 1
	Parent Constraint: (apple-internal && entitlements["com.apple.private.set-launch-type.internal"] == 1) \|\| is-init-proc

	Category 7:
	Self Constraint: validation-category == 1
	Parent Constraint:

	Category 8:
	Self Constraint: (on-authorized-authapfs-volume \|\| on-system-volume) && launch-type == 2 && validation-category == 1
	Parent Constraint: (on-authorized-authapfs-volume \|\| on-system-volume) && (signing-identifier == "com.apple.sysdiagnose" \|\| signing-identifier == "com.apple.sysdiagnose") && validation-category == 1

	Category 9:
	Self Constraint: (on-authorized-authapfs-volume \|\| on-system-volume) && apple-internal == 1 && (launch-type == 0 \|\| launch-type == 2) && validation-category == 1
	Parent Constraint:

	Category 10:
	Self Constraint: (on-authorized-authapfs-volume \|\| on-system-volume) && (launch-type == 0 \|\| launch-type == 2) && validation-category == 1
	Parent Constraint:

	Category 11: (same as 10?)
	Self Constraint:
	Parent Constraint:

	Category 12:
	Self Constraint: (on-authorized-authapfs-volume \|\| on-system-volume) && (launch-type == 0 \|\| launch-type == 1 \|\| launch-type == 2) && validation-category == 1
	Parent Constraint:

	Category 13:
	Self Constraint: (launch-type == 0 \|\| launch-type == 2) && validation-category == 1
	Parent Constraint:

	Category 14:
	Self Constraint: (on-authorized-authapfs-volume \|\| on-system-volume) && launch-type == 3 && validation-category == 1
	Parent Constraint: is-init-proc

	Category 15:
	Self Constraint: (on-authorized-authapfs-volume \|\| on-system-volume) && (launch-type == 0 \|\| launch-type == 3) && validation-category == 1
	Parent Constraint: is-init-proc

	Category 16:
	Self Constraint: launch-type == 3 && validation-category == 1
	Parent Constraint: is-init-proc

	Category 17:
	Self Constraint: (((is-sip-protected \|\| on-authorized-authapfs-volume \|\| on-system-volume) && validation-category == 1) \|\| apple-internal == 1) && launch-type == 2
	Parent Constraint:

	Category 18:
	Self Constraint: (on-authorized-authapfs-volume \|\| on-system-volume) && developer-mode && validation-category == 1
	Parent Constraint: ((is-init-proc \|\| signing-identifier == "com.apple.CoreDevice.dtdebugproxyd") && validation-category == 1) \|\| apple-internal

	Category 19: (same as 2?)
	Self Constraint:
	Parent Constraint:

	Category 20:
	Self Constraint: (on-authorized-authapfs-volume \|\| on-system-volume) && (launch-type == 0 \|\| launch-type == 1 \|\| launch-type == 3) && validation-category == 1
	Parent Constraint:

	Launch Types:
	CS_LAUNCH_TYPE_NONE = 0
	CS_LAUNCH_TYPE_SYSTEM_SERVICE = 1
	CS_LAUNCH_TYPE_SYSDIAGNOSE = 2
	CS_LAUNCH_TYPE_APPLICATION = 3