base-dev

Foundation policy for macOS development, granting basic permissions for common system directories, built-in processes, and localhost.

What's Included

File Access

System directories (read-only):

• / (root directory listing)
• /Applications
• /System/**
• /Library/Apple/System/Library/PrivateFrameworks/**
• /Library/Developer/**
• /bin/**, /sbin/**, /usr/**
• /opt and /opt/homebrew/**
• /dev/**
• /private/etc/**
• /private/var/db/**
• /var/**

Full access (read/write):

• /private/tmp/** and /var/tmp/** (temp directories)
• /private/var/folders/** (per-user temp)
• /dev/null and /private/etc/services
• ~/Library/Caches/** and ~/Library/Logs/**
• ~/Library/Developer/Xcode/DerivedData/**
• ~/Library/Developer/Xcode/UserData/**

User config (read-only):

• ~/.CFUserTextEncoding
• ~/.zshenv
• ~/Library and ~/Library/Application Support
• ~/Library/Audio/Plug-Ins/Components
• ~/Library/Developer/CoreSimulator
• ~/Library/Developer/DVTDownloads/Assets/MetalToolchain
• ~/Library/Developer/Xcode/*.plist mappings
• ~/Library/Input Methods and ~/Library/Keyboard Layouts

Process Execution

Allows execution of system binaries in:

• /bin/**
• /sbin/**
• /usr/bin/**
• /usr/libexec/**
• /usr/sbin/**

Network Access

• Localhost only: 127.0.0.1, ::1, localhost

Environment Variables

• Built-in ENV variables
• Homebrew ENV variables