When I try to turn on sandboxing on a helper tool, it crashes on launch. I thought my problem was solved when I found the post Sandboxed Helper Tool Crashing in libsystem_secinit
, but no. I set CODE_SIGN_INJECT_BASE_ENTITLEMENTS = NO in the target that builds the tool, and verified that the only entitlement in the built tool is that com.apple.security.app-sandbox
is true, but it still crashes.
Backtrace:
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_secinit.dylib 0x7ff81af68400 _libsecinit_appsandbox.cold.7 + 49
1 libsystem_secinit.dylib 0x7ff81af6793c _libsecinit_appsandbox + 1831
2 libsystem_trace.dylib 0x7ff80f06649c _os_activity_initiate_impl + 51
3 libsystem_secinit.dylib 0x7ff81af671d4 _libsecinit_initializer + 67
4 libSystem.B.dylib 0x7ff81af7b8b9 libSystem_initializer + 286
5 dyld 0x7ff80efa1618 invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 172
6 dyld 0x7ff80efe0de9 invocation function for block in dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 242
7 dyld 0x7ff80efd4ef7 invocation function for block in dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 557
8 dyld 0x7ff80ef870b7 dyld3::MachOFile::forEachLoadCommand(Diagnostics&, void (load_command const*, bool&) block_pointer) const + 245
9 dyld 0x7ff80efd40a7 dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 175
10 dyld 0x7ff80efe08d2 dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 470
11 dyld 0x7ff80efa14f6 dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 150
12 dyld 0x7ff80efa9fd4 dyld4::PrebuiltLoader::runInitializers(dyld4::RuntimeState&) const + 30
13 dyld 0x7ff80efc100d dyld4::APIs::runAllInitializersForMain() + 71
14 dyld 0x7ff80ef8c369 dyld4::prepare(dyld4::APIs&, dyld3::MachOAnalyzer const*) + 3743
15 dyld 0x7ff80ef8b281 start + 2289
Whoops, never mind! I needed to set com.apple.security.inherit
to true in the entitlements. Now I see more documentation: Embedding a command-line tool in a sandboxed app