;; Phase 18 (Track E.2) — DESERIALIZE profile.
;;
;; Unsafe-deserialise gadgets (pickle / Marshal / unserialize /
;; ObjectInputStream) commonly chain to `exec()` or filesystem reads
;; once a gadget object lands.  `allow default` keeps the gadget paths
;; runnable; the filesystem denylist prevents the gadget from
;; exfiltrating host secrets.

(version 1)
(allow default)

;; The `/Users` denylist uses regex matches on specific secret-bearing
;; subpaths instead of a blanket `(subpath "/Users")` deny.  See the
;; matching comment in `cmdi.sb` for the cold-start rationale.
(deny file-read*
    (literal "/etc/passwd")
    (literal "/etc/master.passwd")
    (literal "/etc/shadow")
    (literal "/etc/sudoers")
    (literal "/private/etc/passwd")
    (literal "/private/etc/master.passwd")
    (literal "/private/etc/shadow")
    (literal "/private/etc/sudoers")
    (regex #"^/Users/[^/]+/\.ssh(/|$)")
    (regex #"^/Users/[^/]+/\.aws(/|$)")
    (regex #"^/Users/[^/]+/\.gnupg(/|$)")
    (regex #"^/Users/[^/]+/\.netrc$")
    (regex #"^/Users/[^/]+/\.docker(/|$)")
    (regex #"^/Users/[^/]+/\.kube(/|$)")
    (regex #"^/Users/[^/]+/\.config/gh(/|$)")
    (regex #"^/Users/[^/]+/Library/Keychains(/|$)")
    (regex #"^/Users/[^/]+/Library/Cookies(/|$)")
    (regex #"^/Users/[^/]+/Library/Mail(/|$)")
    (regex #"^/Users/[^/]+/Library/Application Support/com\.apple\.TCC(/|$)")
    (regex #"^/Users/[^/]+/Library/Application Support/Slack(/|$)")
    (subpath "/Library/Keychains"))