Thanks so much for your explanation.

By spawn a child process. I figured out why this happens. It is because when launching the XPCService, during dyld, there was an error, it can not locate a lib file, so it crashed. After setting the rpath of XPCService, it can be launched successfully. The error message confused me. Thanks a lot. By the way, does it matter that starts the helper application by spawn a child process or using NSWorkspace? Which one do you suggest?

Thanks for your response. There are two options to config per-program sandbox policies. SBPL (Sandbox Profile Language), a low-level configuration language. Entitlements As you mentioned The only tricky thing is that the child’s executable must be signed with the com.apple.security.app-sandbox and com.apple.security.inherit entitlements If the child executable is not signed with entitlements(app-sandbox), but using sandbox_init with SBPL policy after child process is launched to enable its sandbox capacity. Can it pass Mac App Store rule? Child process is also sandboxed. I saw some developers experience about the sandbox entitlements Cannot submit mac app because com.apple.security.app-sandbox is removed from entitlements What's more, adding one prerequisite to my question before, Do you have any suggestions for my application scenario, sandboxed child processes having its own privilege not inheriting from sandboxed parent process? This application plans to deliver to MAS.