Mac Developer: Sandbox History III: OSX Sandboxing Design - The Chromium Projects
OSX Sandboxing Design - The Chromium Projects: "Sandboxing treats a process as a hostile environment which at any time can be compromised by a malicious attacker via buffer overruns or other such attack vectors. Once compromised, the goal is to allow the process in question access to as few resources of the user's machine as possible, above and beyond the standard file-system access control and user/group process controls enforced by the kernel."
A very clear description of the sandbox.
Labels: sandbox, sandbox policy language