Block Application access to network via a Cocoa API (LittleSnitch APIs)?

Question

I am using OS X 10.5 and I am looking for a way to detect if an application attempts to access the Internet. At this point I would like to block the application if it matches a set of rules that I will define.

There is the ipfw Unix command that I realise can be used to block access to certain ports, but that affects ALL applications. I read the man pages and didn't see a way to use ipfw to block access but limit it to a specific application.

My main problem lies in detecting which application that is trying to gain outside access to the network. Programmatically there must be a way to do this, whether is it by using some Mac OS X API or Unix command how can this be accomplished?

Update: Essentially I want to do what Little Snitch does, but i want to write it from scratch myself because I don't like Little Snitch. I just need to know what API's can let me accomplish the application network sandboxing and how exactly does Little Snitch do this?

Answer 1

I realize this is a year late, but I was digging for something similar and came across what I think is the answer. Hopefully this could help someone else down the line.

Little Snitch appears to use Network Kernel Extensions to filter traffic coming into the system. I've validated this by discovering it installs a kernel extension on the box:

[~] kextstat
...
55 0 0x687000 0x2b000 0x2a000 at.obdev.nke.LittleSnitch (2.0.46) <7 6 5 4 2>
...

If you programmatically wish to prevent network access to another application, this seems to be your best bet. If you simply want to monitor network usage by other apps, however, you have other options, like libpcap.

Answer 2

If you are targeting OS X 10.5 (Leopard), you can use the sandboxing API. sandbox_init is probably a good place to start; you can use the kSBXProfileNoInternet option to stop Internet access.

There is also a more detailed article here which gives some examples of more fine-grained control using the Seatbelt extensions.