Skip to content

0xbf00/macos-sandbox-coverage

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 

macos-sandbox-coverage

This project contains code to compute sandbox coverage statistics for macOS applications. Please refer to this article for a conceptual overview of the tool's inner workings.

Installation

This project depends on cmake and nlohmann/json. The dependencies can be installed using homebrew:

$ brew tap nlohmann/json
$ brew install cmake nlohmann_json
$ git clone --recursive https://github.com/0xbf00/macos-sandbox-coverage.git
$ cd macos-sandbox-coverage/
# Setup submodules:
# - maap: See instructions at https://github.com/0xbf00/maap
# - simbple: No need to build anything. We are only including some of the project's source code here.
# Build matching-core
$ mkdir matching-core/build
$ cd matching-core/build
$ cmake ..
$ make

Usage

The program only supports two switches:

  1. Use --app to specify the path to the application you want to collect sandbox coverage data for
  2. Use --timeout to specify the number of seconds for the app to run. If you do not specify a timeout, the app will run indefinitely or until it is closed by the user.
$ ./sandbox_coverage.py --app /Applications/Calculator.app > output.json
$ ./report.py output.json output.htm

Output files should contain all the information you need to reproduce the results. The JSON output is quite large and makes use of the following keys:

  • arguments: contains program parameters (path to app and timeout)
  • container_metadata: base64-encoded Container.plist of the target app
  • logs: under this key you'll find both raw and processed sandbox logs, which are used as input to the matcher.
  • match_results: contains the original match results.
  • rule_mapping: contains the mapping of original rules to normalised and generalised rules.
  • process_infos: contains PID and stderr / stdout output of the target app
  • sandbox_profiles: dictionary containing four different sandbox profiles. The original, normalised and generic (generic) profile are encoded as JSON, the patched profile compiled and encoded as base64

An example report can be found in data/example_report.htm (normalised profile of Calculator on macOS Catalina 10.15.3).

About

Tools to measure an app's App Sandbox usage

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published