My app is sandboxed (and cannot open or write any file). I was curious what happened to child processes. I had my app execute a bash script (that just writes to a file). The behaviour was expected: the script, launched by my sandboxed app, was sandboxed too.
However, when I tried to have my app launch another app (not mine), the child app was not sandboxed. I was curious what was different?
I launch my script with
[task setLaunchPath: @"/bin/bash"];
[task setArguments:@[@"path/to/script.sh"]];
[task launch];
and my app with
[task setLaunchPath: @"/usr/bin/open"];
[task setArguments:@[@"-a", @"/Applications/some.app"]];
[task launch];
Note that the same problem happens when launching the app with [[NSWorkspace sharedWorkspace] launchApplication:@"/Applications/some.app"]; and with posix_spawn.
Apple's docmentions that child processes should inherit sandbox properties, but also mentions that helper apps should include some entitlements properties to do so.
What behaviour should we see? Also, how could I make child processes inherit from sandbox properties?
Thanks
Thomas