The code snippets are purely declarative because they are reconstructed from the simple bytecode that the macOS sandbox library generates after evaluating the Scheme code. At that point any abstractions present in the source code are long gone and only predicates and actions remain.
If you look at typical SBPL source code you'll see it tends to contain a mix of straightforward, declarative `(allow …)` policies and custom functions/macros used to simplify repeated patterns. See https://github.com/WebKit/WebKit/blob/11b5279aec6113c661dac3..., for example.
If you look at typical SBPL source code you'll see it tends to contain a mix of straightforward, declarative `(allow …)` policies and custom functions/macros used to simplify repeated patterns. See https://github.com/WebKit/WebKit/blob/11b5279aec6113c661dac3..., for example.