Re: Sandboxing and helper apps
On Wed, May 30, 2012 at 3:28 AM, Todd Heberlein todd_heberl...@mac.com wrote: In the past you could include a full UNIX application inside a Mac application bundle. For example, in the directory MyApp.app/Contents/MacOS could be the Cocoa executable MyApp and the UNIX executable my_helper_app. In addition to running this helper app from the Cocoa app, this UNIX app could be launched by the command line from a Terminal application $ /Applications/MyApp.app/Contents/MacOS/my_helper_app -i /Users/Todd/some_file or via a launchd configuration to be run in the background when I log in. Is this functionality no longer allowed with Sandboxing? It's allowed. IIRC, when the helper app is launched from the main application, it inherits the entitlements/restrictions of its parent. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Sandboxing and helper apps
On May 30, 2012, at 4:53 AM, Stephane Sudre wrote: It's allowed. IIRC, when the helper app is launched from the main application, it inherits the entitlements/restrictions of its parent. I thought (and I'm barely getting up to speed on this) if the program was launched as an NSTask, it would inherit the entitlements container of the parent. If it was launched as an XPC service it would have its own entitlements and container. But… if the program is launched from a Terminal window or by launchd (e.g., scheduled to run at midnight), what then? Does it run like a normal UNIX program with no sandboxing? What if this UNIX helper app is copied to a different directory? Does Apple forbid a program from MAS that can be launched this way or if the developer induces its users to run it this way? Todd ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Sandboxing and helper apps
On Wed, May 30, 2012 at 4:20 PM, Todd Heberlein todd_heberl...@mac.com wrote: On May 30, 2012, at 4:53 AM, Stephane Sudre wrote: It's allowed. IIRC, when the helper app is launched from the main application, it inherits the entitlements/restrictions of its parent. I thought (and I'm barely getting up to speed on this) if the program was launched as an NSTask, it would inherit the entitlements container of the parent. If it was launched as an XPC service it would have its own entitlements and container. But… if the program is launched from a Terminal window or by launchd (e.g., scheduled to run at midnight), what then? Does it run like a normal UNIX program with no sandboxing? What if this UNIX helper app is copied to a different directory? Does Apple forbid a program from MAS that can be launched this way or if the developer induces its users to run it this way? I would believe this is the same case as for code-signing. Every executable must define its entitlements. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Sandboxing and helper apps
In the past you could include a full UNIX application inside a Mac application bundle. For example, in the directory MyApp.app/Contents/MacOS could be the Cocoa executable MyApp and the UNIX executable my_helper_app. In addition to running this helper app from the Cocoa app, this UNIX app could be launched by the command line from a Terminal application $ /Applications/MyApp.app/Contents/MacOS/my_helper_app -i /Users/Todd/some_file or via a launchd configuration to be run in the background when I log in. Is this functionality no longer allowed with Sandboxing? Thanks, Todd ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com