Databases
StackOverflow2013
Postsdbo
PORetrieving Sandbox entitlements from an XPC bundle
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PORetrieving Sandbox entitlements from an XPC bundle
    text
    copied!<p>It's usually possible to see if sandbox entitlements exist for an application with the <em>codesign</em> command line call. For example, calling this</p> <pre><code>codesign --display --entitlements :- /Applications/Notes.app/ | grep sandbox </code></pre> <p>Will result in this output</p> <pre><code>Executable=/Applications/Notes.app/Contents/MacOS/Notes &lt;key&gt;com.apple.security.app-sandbox&lt;/key&gt; </code></pre> <p>Where the key com.apple.security.app-sandbox denotes that the app runs in a sandbox.</p> <p>On Mavericks, some XPC helper apps show in Activity Monitor to be running in a sandbox, but calling codesign on them doesn't reveal anything. An example for one of Safari's XPC helper applications: -</p> <pre><code>codesign -display --entitlements :- /System/Library/PrivateFrameworks/WebKit2.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent | grep sandbox </code></pre> <p>Just returns this: -</p> <pre><code>Executable=/System/Library/PrivateFrameworks/WebKit2.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent </code></pre> <p>I've also tried checking programatically if the bundle is sandboxed, with the code described in <a href="http://oleb.net/blog/2012/02/checking-code-signing-and-sandboxing-status-in-code/" rel="nofollow">this article</a>, but again, returns as not sandboxed, even though Activity Monitor clearly states that it is.</p> <p>Is it possible to check such an xpc bundle, to see if will be executed in a sandbox and uses sandbox entitlements?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload