-
-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Figure out if I can use the macOS sandbox #31
Comments
Got some tips from https://twitter.com/Matsubue/status/1432881158237212672:
|
This bit of the Electron documentation talks about the kind of sandbox I am interested in here: https://www.electronjs.org/docs/tutorial/mac-app-store-submission-guide#enable-apples-app-sandbox It says "Apps submitted to the Mac App Store must run under Apple's App Sandbox" - but presumably I can use the sandbox even for apps that I'm not distributing through the app store? |
This thread on Stack Overflow looks relevant: https://stackoverflow.com/questions/58481610/proper-entitlements-to-automatically-open-directory-on-macos |
Also useful: https://developapa.com/security-scoped-bookmark/ |
Apple documentation: https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html These three concepts look particularly relevant:
|
Trying to figure out where the sandbox folder for my app is. https://stackoverflow.com/a/26237331/6083 suggests:
|
These docs are particularly useful: https://developer.apple.com/library/archive/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/EnablingAppSandbox.html
|
I did some experiments and it looks like the packaged app can currently read any file that the user has access to... with the exception of files in the Desktop and Documents folders (and a few other similar ones). The first time my test plugin attempted to access a file in Documents I got a system prompt asking if the Datasette app should be allowed to access files in that folder. |
Something that makes me nervous about this app is that people can install plugins - and I can't guarantee they won't end up installing a malicious plugin that runs malware or steals data or similar.
On macOS it's now possible to lock down apps so they can only interact with their own private "sandbox" folder plus any files that the user explicitly opens using the native file open dialog. This sounds ideal! I can use the sandbox for the virtual environment and install plugins in there, but any malicious plugins (or bugs in my own code) would be limited in how much trouble they could cause.
Researching how to do this with Electron apps is made harder by the fact that Electron has its own sandbox concept which is something completely different - a browser security concept inherited from Chrome.
The text was updated successfully, but these errors were encountered: