Re: API to determine status of System Integrity Protection?
Re: API to determine status of System Integrity Protection?
- Subject: Re: API to determine status of System Integrity Protection?
- From: Ed Wynne <email@hidden>
- Date: Mon, 14 Sep 2015 11:33:50 -0400
On Sep 14, 2015, at 7:05 AM, Jean-Daniel Dupas <email@hidden> wrote:
>> Le 14 sept. 2015 à 01:33, Ed Wynne <email@hidden> a écrit :
>> On Sep 13, 2015, at 5:47 PM, Stephane Sudre <email@hidden> wrote:
>>>>>> That document doesn't mention an API…
>>>>> Hence, since that is the current documentation, my conclusion : “Don’t think so”.
>>>> There is an API. Much like with sandboxing it just may not be public, which means it is inappropriate for discussion here. I’m not sure why Apple considers this kind of thing off limits, but that is inappropriate for discussion here as well.
>>>
>>> I must be missing something but why should there be an API?
>>
>> There are many reasons. For example, writing to the areas SIP protects typically requires authorization. Not offering the user an impossible action is a much better UX than letting them go through the trouble of authenticating only to have it fail anyway.
>
> No trying to write in a protected area in the first place is even better. You don’t need to check, just don’t do it.
For the most part, this is true… and even more true as time goes by and Apple gives us better alternatives.
The problem is that OS X is a complex mature ecosystem that already has advanced and potentially non-app/user oriented software that needs to do stuff like this. The non-negotiable mandate of “don’t do that” isn’t always as simple to deal with as you might expect.
-Ed
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden