Re: Sandboxing and "helper apps"
Re: Sandboxing and "helper apps"
- Subject: Re: Sandboxing and "helper apps"
- From: Stephane Sudre <email@hidden>
- Date: Wed, 30 May 2012 17:18:01 +0200
On Wed, May 30, 2012 at 4:20 PM, Todd Heberlein <email@hidden> wrote:
>
> On May 30, 2012, at 4:53 AM, Stephane Sudre wrote:
>
>> It's allowed. IIRC, when the helper app is launched from the main
>> application, it inherits the entitlements/restrictions of its parent.
>
> I thought (and I'm barely getting up to speed on this) if the program was launched as an NSTask, it would inherit the entitlements & container of the parent. If it was launched as an XPC service it would have its own entitlements and container.
>
> But… if the program is launched from a Terminal window or by launchd (e.g., scheduled to run at midnight), what then? Does it run like a normal UNIX program with no sandboxing? What if this UNIX helper app is copied to a different directory? Does Apple forbid a program from MAS that can be launched this way or if the developer induces its users to run it this way?
I would believe this is the same case as for code-signing. Every
executable must define its entitlements.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden