Hacker News new | ask | show | jobs
by amarshall 2297 days ago
> Third-party apps are sandboxed on macOS. You have to explicitly grant them access to the file system.

There’s missing nuance there. The “full disk access” and similar permissions apply even if an app is not using the traditional macOS Sandbox. Only software from the Mac App Store is required to use the traditional Sandbox, but the restrictions on disk access to certain directories apply to all processes not whitelisted (implicitly or explicitly), regardless of Sandboxing.

This nuance is somewhat important because an app listed “Sandbox: No” in e.g. Activity Monitor is still subject to disk access restrictions.
1 comments
saagarjha 2297 days ago
> Only software from the Mac App Store is required to use the traditional Sandbox

Nit: not every App Store app must be sandboxed.

link
amarshall 2297 days ago
Err, are you sure about that? Excluding apps submitted prior to the sandboxing deadline (which was in 2012), App Store review guidelines [1] state:

> 2.4.5 Apps distributed via the Mac App Store have some additional requirements to keep in mind: (i) They must be appropriately sandboxed

[1] https://developer.apple.com/app-store/review/guidelines/

link
saagarjha 2297 days ago
> Excluding apps submitted prior to the sandboxing deadline

I'm not.

link