2012-07-25

Mac gets some optional Sandboxing

6.2: news.cyb/dev.mac/sandboxes
Apple brings sandboxing to the desktop:
. most PCs have not been into sandboxing
[because backward compatability was an issue;
smartphone platforms are more recent inventions,
so sandboxing is an obvious good .]
. to access resources within a sandbox,
apps must request “entitlements” [aka, capabilities.]
Android apps must ask the user for permissions
and then the OS constrains the app
to the allowed permissions .
[ but Android apps may be all-or-nothing:
either the user accepts all the requests,
or else the app fails to be usable at all .]
Apple’s iOS sandboxing doesn’t involve the user,
as all permissions are handled by
Apple's App Store evaluators .
[7.25:. in order to be accepted into the app store,
developers must divide their app into modules
so as to more easily explain why each part
needs a particular set of entitlements .][7.20:
Apple decides for the user,
what entitlements are appropriate,
not only for the whole app,
but more smartly, for each of its modules .]
. iOS users can still control certain entitlements:
(eg, opening a list of recent files
or saving documents elsewhere in the file system).

Concerns from Developers:

# no more AppleScript:
[7.20:
AppleScript is a programming language
meant to allow the user to reuse apps
by having scripts make calls to apps .
. if an app wants to reuse other apps,
then it too can use AppleScript
to make calls to other apps;
however, in sandboxing this can't be done,
because,
when an app is entitled to AppleScript
it's entitled to anything AppleScript can do
-- which is basically anything!
. if apps are instead designed to be
reused directly by other apps
then sandboxed apps can still be
entitled to use particular other apps
without having to give them access to
the wide world of AppleScript .]
# no more file system management: [7.20:
. Apple sandboxing asks the user
for each and every file access;
so, apps that need access to many files
or that need to work in the background
are not considered sandboxable;
nevertheless, sandboxing of the file system
could work like vmware's shared folders:
. vmware lets you run an OS in a sandbox
as a virtual machine (vm);
and then gives the vm {read, write} access
to just the folders the user requests
(Virtualbox has a similar feature).
. you can divide your file system by sensitivity levels;
eg, if the sandboxed app has access to the web,
then give it entitlements should be
read-only access to non-sensitives,
and write access to a downloads folder .
. letting sandboxes share folders
is important to generativity .]
. see Jonathan Zittrain's Chapter 7 of
The Future of the Internet and How to Stop It .