Mac Developer: Everything You Wanted to Know About the Sandbox (but were afraid to ask)
The Apple Sandbox by Dionysus Blazakis
The rest of the paper is organized as follows. Section 2 gives a brief overview of the entire system. Section 3 describes the public interface and the utility function provided by the OS. Next, Section 4 walks through the details of the userspace libraries used to turn policies into sandbox syscall arguments for installing a sandbox. After the userspace interface is fully explored, Section 5 begins by brie y describing the TrustedBSD interface and how the sandbox implements this interface. Next, each kernel extension is examined.
Labels: sandbox, sandbox kext, sandbox policy language, sandboxd