site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com On 29 Nov 2017, at 17:04, Prokash Sinha <prokash@garlic.com> wrote:

Difference between sandboxed and restricted App

A “sandboxed” app is one running in a sandbox as discussed in the “App Sandbox Design Guide” <https://developer.apple.com/library/content/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html#//apple_ref/doc/uid/TP40011183> A “restricted” app is one that has the `CS_RESTRICT` flag set (see <kern/cs_blobs.h>). This has a bunch of consequences, one of which is that you can’t attach to it with the debugger. On modern systems System Integrity Protection means that all built-in apps are restricted. In addition, it’s possible for other apps to opt in to this (for example, Xcode). Share and Enjoy -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com