Re: Aperture Edit Plugin sandbox NSTask workaround?
Re: Aperture Edit Plugin sandbox NSTask workaround?
- Subject: Re: Aperture Edit Plugin sandbox NSTask workaround?
- From: Paul Miller <email@hidden>
- Date: Thu, 16 May 2013 16:10:20 -0500
- Organization: FXTEC
On 5/16/2013 4:01 PM, Dylan Moore wrote:
Hi Paul!
I don't know the specifics of what you're doing, but something that you may want to explore is XPC Services. In a nutshell, it's how you can pass data to another process space with its own entitlements. The Service that you write to process the images can then return with data, or indicate if it finished successfully.
Here's why you may need this: Child processes launched by NSTask inherit the entitlements of the parent process. That's sort of how sandboxing is supposed to work, to keep malicious code from taking over a system. XPC Services can run with different entitlements, and are managed at the OS level, which dramatically mitigates risk. They're not too tough to get going, and I believe there's a lot of WWDC 2012 videos* up that talk about it.
Hopefully this wasn't totally left-field, and is what you're looking for.
*Here's a good one:
https://developer.apple.com/videos/wwdc/2012/?id=241
Thanks Dylan for the nice summary. Yes, it does sound like the "right"
way to do it. I may have a potential workaround, and if it works I'll
explain later, but if that one fails I'll take a good look at XPC.
Cheers,
-Paul
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Pro-apps-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden