Techly NewsGet the app

Get the latest tech news

TCC and the macOS Platform Sandbox Policy


How some macOS privacy prompts are triggered from within the kernel via sandbox policies

Amongst other things, the platform sandbox policy uses process attributes (such as signing identity, bundle identifier, and entitlements) to allow specific applications to bypass restrictions that System Integrity Protection would typically apply to them. To safeguard against this, the Platform Sandbox Profile has a policy in place for iokit-open-user-client operations that will trigger a TCC prompt if a camera device is accessed directly via IOKit: Most of the storage classes describe data as belonging to a specific application or framework ( CloudKit, FaceTime, Safari, and many others), while a handful correspond directly to TCC policies (for instance, kTCCServiceAddressBook, kTCCServiceSystemPolicyAppBundles, kTCCServiceSsytemPolicySysAdminFiles).

Get the Android app

Or read this on Hacker News

« Tesla sued by deceased driver’s family over 'fraudulent misrepresentation' of Autopilot safety
Added sugar intake and its associations with incidence of cardiovascular disease »