1

Apple's SMJobBless is supposed to be the new, correct way to write a program that runs in the sandbox and requires privileges. However, when I downloaded the code and turned on the Sandbox, it doesn't work. Instead I get this error:

2015-09-27 15:10:30.820 SMJobBlessApp[78676:4426508] ApplePersistence=NO
2015-09-27 15:10:31.273 SMJobBlessApp[78676:4426508] Something went wrong! NSOSStatusErrorDomain / -60005

I need to write a file in /etc from an app that runs in the Sandbox. Is this possible?

vy32
  • 28,461
  • 37
  • 122
  • 246

1 Answers1

1

I think your opening sentence of "Apple's SMJobBless is supposed to be the new, correct way to write a program that runs in the sandbox and requires privileges" is incorrect.

When I look at the "Determine Whether Your App Is Suitable for Sandboxing" section of Apple's App Sandbox Design guide, it looks like you can't use Authorization Services to elevate privileges.

If you're in a sandbox, you really can't access the "/etc" directory.

Community
  • 1
  • 1
Michael Dautermann
  • 88,797
  • 17
  • 166
  • 215
  • Hm. That's unfortunate, because sandboxing is required for any app in the App Store. Does this mean that apps that require Authorization simply can't be put in the App Store? – vy32 Sep 27 '15 at 21:04
  • According to the top sentence of ["Authorization Services Programming Guide"](https://developer.apple.com/library/mac/documentation/Security/Conceptual/authorization_concepts/01introduction/introduction.html), "The authorization services API is not supported within an app sandbox because it allows privilege escalation." It sounds like what you are trying to do falls under the "privilege escalation" definition of: "install privileged tools or require access to restricted areas of the operating system". – Michael Dautermann Sep 27 '15 at 21:18
  • That's true. And the same document says to file a bugreport if you need to do privilege escalation within the sandbox, so I've done that. My current plan is to open a window with instructions to the user to copy the text from the window and paste it into the console. – vy32 Sep 28 '15 at 03:03