In macOS, the App Sandbox is designed to restrict applications' access to system resources and user data, mitigating damage from potential threats. However, I'm unclear on its relationship with permissions and how it effectively reduces such threats.
For example, with com.apple.security.device.camera, it seems to me that NSCameraUsageDescription should suffice. If an application is granted permission via NSCameraUsageDescription, configuring com.apple.security.device.camera still doesn't guarantee protection against malicious access to user data, does it?
Or, if I haven't configured both com.apple.security.device.camera and NSCameraUsageDescription, could a malicious app still somehow prompt the camera permission dialog or bypass permission checks and access the camera without the com.apple.security.device.camera configuration?
One eternal rule on macOS is that there must be two of everything (-: In this case:
-
The
com.apple.security.device.cameraentitlement originated with the App Sandbox. -
NSCameraUsageDescriptionoriginated on iOS.
When we added iOS-style protection for the camera, NSCameraUsageDescription came along for the ride. At that point we could’ve turned com.apple.security.device.camera into a no-op, but it’s not clear that that would’ve been a win.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
