Hello,
It seems that an App Store version App uses a default sandbox configuration. However, my app contains multiple binaries, and I would like to apply additional sandbox restrictions to a specific binary.
Is it possible to set different sandbox rules for different binaries within the same app?
Thank you for your help!
You’re talking about App Sandbox in a Mac App Store app, right?
If so, then yes, it’s fine to have different executables within your app use different sandbox configurations. For example, it’s a good design pattern to use the strictest sandbox for your main app and then add:
-
An XPC services with a looser sandbox, so it can access the network
-
An XPC service with a tighter sandbox, to process the data coming in off the network
However, the standard requirements apply:
-
All executables must be sandboxed.
-
App Review takes a dim view of folks using temporary exception entitlements.
Note that the Mac App Store re-signs your app as part of its distribution process, but that re-signing preserves your sandbox entitlements.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"