Menu
I have an application that is targeted to run in both sandboxed and non-sandboxed MacOS. If a user upgrades from MacOS 10.6 to a later OS I need the user to re-pick folders so I can bookmark them with secure bookmarks.
How do I detect that my application is on an OS that supports sandboxing?
238
The macOS operating system and its file system operate differently and are structured differently. The idea is similar, though. Every application is given a sandbox, a directory it can use to store data in.
Android sandboxThe Android platform isolates apps from each other and protects them -- and the overall system -- from malicious apps and intruders. Android assigns a unique user ID (UID) to each application to create a kernel-level sandbox. This kernel ensures security between apps and the system at the process level.
The only way I know of is to look for APP_SANDBOX_CONTAINER_ID environment variable. It is present when the app is running inside a sandbox container.
NSDictionary* environ = [[NSProcessInfo processInfo] environment];
BOOL inSandbox = (nil != [environ objectForKey:@"APP_SANDBOX_CONTAINER_ID"]);
BOOL isSandboxed = NO;
SecStaticCodeRef staticCode = NULL;
NSURL *bundleURL = [[NSBundle mainBundle] bundleURL];
if (SecStaticCodeCreateWithPath((__bridge CFURLRef)bundleURL, kSecCSDefaultFlags, &staticCode) == errSecSuccess) {
if (SecStaticCodeCheckValidityWithErrors(staticCode, kSecCSBasicValidateOnly, NULL, NULL) == errSecSuccess) {
SecRequirementRef sandboxRequirement;
if (SecRequirementCreateWithString(CFSTR("entitlement[\"com.apple.security.app-sandbox\"] exists"), kSecCSDefaultFlags,
&sandboxRequirement) == errSecSuccess)
{
OSStatus codeCheckResult = SecStaticCodeCheckValidityWithErrors(staticCode, kSecCSBasicValidateOnly, sandboxRequirement, NULL);
if (codeCheckResult == errSecSuccess) {
isSandboxed = YES;
}
}
}
CFRelease(staticCode);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
