Hacker News new | ask | show | jobs
by sibartlett 2297 days ago
Third-party apps are sandboxed on macOS. You have to explicitly grant them access to the file system.

Finder is not lying at all. The permissions it shows in “Get Info” are the user/group permissions; not app permissions.

Maybe Apple could enhance the UX somehow to better what’s going on, but I wouldn’t go as far as to say Finder is lying.
2 comments
amarshall 2297 days ago
> Third-party apps are sandboxed on macOS. You have to explicitly grant them access to the file system.

There’s missing nuance there. The “full disk access” and similar permissions apply even if an app is not using the traditional macOS Sandbox. Only software from the Mac App Store is required to use the traditional Sandbox, but the restrictions on disk access to certain directories apply to all processes not whitelisted (implicitly or explicitly), regardless of Sandboxing.

This nuance is somewhat important because an app listed “Sandbox: No” in e.g. Activity Monitor is still subject to disk access restrictions.

link
saagarjha 2297 days ago
> Only software from the Mac App Store is required to use the traditional Sandbox

Nit: not every App Store app must be sandboxed.

link
amarshall 2297 days ago
Err, are you sure about that? Excluding apps submitted prior to the sandboxing deadline (which was in 2012), App Store review guidelines [1] state:

> 2.4.5 Apps distributed via the Mac App Store have some additional requirements to keep in mind: (i) They must be appropriately sandboxed

[1] https://developer.apple.com/app-store/review/guidelines/

link
saagarjha 2297 days ago
> Excluding apps submitted prior to the sandboxing deadline

I'm not.

link
tinus_hn 2297 days ago
This is exactly the same thing as happens on Windows, the real permissions are far too complex to convey in a simple dialog.

It’s just more sour grapes about SIP. Tough luck, it’s there to stay, if you don’t like it, turn it off.

link
ksaj 2297 days ago
You can see this with Linux as well. For example, with ext# file systems, extended attributes allow you to make files append-only, copy-on-write, or give files project and version numbers. It also lets you decide which files are or are not compressed if the file system is set to be compressed. Other attributes determine what happens to a file when you delete it (nothing, zeroing the sectors, etc)

The chattr/lsattr commands are used for accessing them.

The only time I've seen these come up are for secure locations that set log files to append-only. But I'm sure there are people out there that swear by extended attributes.

link
saagarjha 2297 days ago
(This isn’t SIP, technically.)
link