Sandbox Validator
Building a tool to verify decompiled Sandbox Profiles in C
INTRO
I have published two posts about App Sandbox on macOS. The first one was about compiling the Sandbox Profiles with sandbox_compile_file:
After publishing the article guyru commented on this to check out their SandBlaster fork if I am interested in Sandbox Profiles decompilation:
I looked into the tool and noticed no Sandbox Operation extractor had been implemented. I continued learning about Sandbox, discovered how to achieve this on macOS, and pushed the change to SandBlaster forked repo.
The extraction is simple, and I described it below. I was happy the tool worked for Sonoma, so I did not have to write a decompiler from scratch.
Then, I have published the second article about detecting if a running process is sandboxed with the sandbox_check using…