How will Lion's New Security Model Affect things like Python?

Question

I'm curious to know how the new security model in OS X Lion will affect the future. Specifically, I'm questioning Entitlements and Sandboxing.

This isn't a question of whether or not these are good ideas. Rather, this is a question of best guess of what will happen in the future.

I'm curious about things like Python. My company makes a small Python App for emergency situations with out web-based software. This includes reading and writing to the file system.

Our app has no entitlements, namely because it's just Python code and we don't do any Cocoa wrapping. When the Mac App Store requirements that all apps have to be sandboxed and list their entitlements go into effect, I wonder if Apple will roll out an update to the operating system and say, "this is how we do security from now on and if your application doesn't meet our security model, it won't run because it's not secure."

I have mixed emotions about this. On the one hand, I think it's great for making consumer's machines more secure. Less rogue code and all that rot. On the other hand, it's going to make development a living hell for a lot of developers, methinks.

I also wonder if such an update should come out for Lion if the same update will be released for either Leopard or Snow Leopard. My thought would be not Leopard as it is two generations behind the current OS. Snow Leopard all depends on how long Apple wants to support an older OS.

So now I open it up to Apple developers to speak their minds on this topic and perhaps generate thoughts where previously there were none.

Answer 1

If you could embed Python along with your script and package it into a .app using something like py2app, I would imagine you could add/edit the Info.plist to satisfy Apple's requirements for signing. Similarly for entitlements, I would imagine you could edit the .app's entitlements.plist. I think the sandbox enforcer sandboxd is not language specific, it just allows/blocks the process's access to devices and files (for example, by not granting restricted file descriptors). Keep in mind, it's possible that an embedded Python interpreter would by default need access to some entitlements for initialization (because it may not be created with sandboxing in mind).

For iOS devices (which must be sandboxed to be sold on the store), Apple's policy (iOS developer program agreement section 3.3.2) is:

An Application may not download or install executable code. Interpreted code may only be used in an Application if all scripts, code and interpreters are packaged in the Application and not downloaded.

It seems that the above solution, if possible, would satisfy this requirement (assuming a similar stipulation would be made for OS X apps). However, if you are not interested in distributing your app on the App Store, I don't think you have anything to worry about. I very much doubt they will require code signing or entitlements for running applications on your computer anytime soon (instead just sandboxing those sold on the App Store, making it the 'safe' place to get apps).