Here it is a version I consider good enough to come out of draft status. I have added more information – one thing I was especially interested was to match the available operations in the SBPL syntax with the system/kernel functions that they control. This helps to better understand what is the impact of each operation. Appendix B features the lazy IDC script I used to extract this information from the sandbox kernel module (then I had to match with XNU kernel sources).
I tried to provide examples for all operations and make notes of some problems/features where available. Also added a few more references about this subject. The book “Enterprise Mac Security: Mac OS X Snow Leopard” has a pretty good chapter dedicated to this.

I hope it’s useful for you. I have been using it as reference while developing some custom profiles.

Enjoy,
fG!

Apple Sandbox Guide v1.0.pdf
SHA256(Apple Sandbox Guide v1.0.pdf)= c6ae8502a48f09a6309a9485e9bf7794389e969fd9ab65c46d805307a9a1cb8e

vienna.sb.gz
SHA256(vienna.sb)= 0831910e4d2a92253e5b64e92ec0f27e1408b926253eca9eee3f9918036077c0