Re: Difference between sandboxed and restricted App
Re: Difference between sandboxed and restricted App
- Subject: Re: Difference between sandboxed and restricted App
- From: "Quinn \"The Eskimo!\"" <email@hidden>
- Date: Thu, 30 Nov 2017 08:20:58 +0000
On 29 Nov 2017, at 17:04, Prokash Sinha <email@hidden> wrote:
> Difference between sandboxed and restricted App
A “sandboxed” app is one running in a sandbox as discussed in the “App Sandbox
Design Guide”
<https://developer.apple.com/library/content/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html#//apple_ref/doc/uid/TP40011183>
A “restricted” app is one that has the `CS_RESTRICT` flag set (see
<kern/cs_blobs.h>). This has a bunch of consequences, one of which is that you
can’t attach to it with the debugger. On modern systems System Integrity
Protection means that all built-in apps are restricted. In addition, it’s
possible for other apps to opt in to this (for example, Xcode).
Share and Enjoy
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden