Non sandboxed app

[ghost]

This sample project helped me understanding the concept of how a helper tool is installed. But when I finally added all the components to my own project, I always got an errAuthorizationDenied error when calling AuthorizationCreate.

After investigating the issue, I found out that the AuthorizationCreate is now allowed in a sandboxed app. I then saw that this sample project is not sandboxed, which leads to my question: Why create a helper tool at all and not just call the code itself?

Is it even possible to have a helper tool with privileged rights?

[erikberglund]

Hi. I created this example project to help a few people that were asking for ways to create an internal tool that was going to use privilege escalation. I have not heard of ways to escalate your privileges within a sandbox, so if you have links to that information I would be interested to read about that.

When I have been reading about sandboxing this feature is the first thing listed as unsupported: AppSandboxDesignGuide

The following app behaviors are incompatible with App Sandbox: Use of Authorization Services With App Sandbox, you cannot do work with the functions described in Authorization Services C Reference.

And here: authorization_services

Important The Authorization Services API is not supported within an App Sandbox because the API allows privilege escalation.

BUT, that is only for escalating privileges, and it probably wasn't clear in this project that it was designed to do that. I could update the description to make it more clear.

You could very well use a helper tool without escalating privileges to separate your code for improved security or move some work to another process. You could watch this session from WWDC for a sandboxed example of that: WWDC2012-Cocoa Interprocess Communication with XPC. It also speaks on why you would want to use a helper.

Some code in this example should still be valid for that, you just have to remove the privilege escalation parts and you can just call the code in the helper without verifying or escalating the privileges.

I have one call checkWithoutAuthorization that does just that. So that should be usable in the sandbox.

But, you would have to change these parts: installHelper, to not try and install a privileged helper, and just install a standard helper.

I haven't done that so I don't have any direct examples unfortunately.

[erikberglund]

I update the readme and short description to be more clear that it's only for unsandboxed applications.

[ghost]

Thanks for the reply. Let me just clarifiy what I am trying to do:

• I am writing an app that has afeature to show the hardware sensor value.

• I am using a second application, that is also sandboxed but must be installed by the user (the helper can be downloaded from my homepage).

• The reason why I do this is because opening IOKit connectzions is not allowed in sandboxed apps. I added the temporary exception "(allow iokit-open)" to my helper app.

• The two apps communicate with DistributedNotifications.

• I really don't like that and I would like to use a PrivilegedHelperTool for that but it seems that this is not really doable.

• Sandboxed app (obviously)

• Helper app that could also be sandboxed. I could add the temporary exception in the entitlements file.

So, if I understand you correctly, I don't need special privileges, right? So a helper app would still be an option?

Regards, Sascha