In chapter 2 of their book The Mac Hacker’s Handbook
This led me to wonder whether I could construct a sandbox profile that would stop a client process from submitting launchd jobs. I have done that, but not in a very satisfying way or even necessarily a particularly complete one. My profile does this:
(version 1) (deny default) (debug deny) (allow process-exec) (allow file-fsctl) (allow file-ioctl) ; you can probably restrict access to even more files - don't forget to let dyld link Cocoa though! (allow file-read* file-write*) (deny file-read* (regex "^/System/Library/Frameworks/ServiceManagement.framework")) (deny file-read* (literal "/bin/launchctl" "/bin/launchd")) (allow signal (target self)) (allow ipc-posix-shm) (allow sysctl*) ; this lot was empirically discovered - Cocoa apps needs these servers (allow mach-lookup (global-name "com.apple.system.notification_center" "com.apple.system.DirectoryService.libinfo_v1" "com.apple.system.DirectoryService.membership_v1" "com.apple.distributed_notifications.2" "com.apple.system.logger" "com.apple.SecurityServer" "com.apple.CoreServices.coreservicesd" "com.apple.FontServer" "com.apple.dock.server" "com.apple.windowserver.session" "com.apple.pasteboard.1" "com.apple.pbs.fetch_services" "com.apple.tsm.uiserver"))
So processes run in the above sandbox profile are not allowed to use the launchd or launchctl processes, nor can they link the ServiceManagement framework that allows Cocoa apps to discover and submit jobs directly.
Unfortunately I wasn’t able to fully meet my goal: a process can still do the same IPC that launchctl et al use directly. I found that if I restricted IPC access to launchd, apps would crash when trying to check-in with the daemon. Of course the IPC protocol is completely documented so it might be possible to do finer-grained restrictions, but I’m not optimistic.
Of course, standard disclaimers apply: the sandbox Scheme environment is supposed to be off-limits to us smelly non-Apple types.
