SBPL Compilator

Building a SandBox Policy Language Compilator Wrapper in C

Karol Mazurek
12 min readJul 9, 2024

--

INTRO

I am currently learning different things about Apple App Sandbox and stumbled on the .com.apple.containermanagerd.metadata.plist which stores compiled Sandbox Profile in SandboxProfileData field:

The sandbox_inspector is a custom script I uploaded to the Snake & Apple repository. Here is the Python code for converting the PLIST to XML:

with open('.com.apple.containermanagerd.metadata.plist', 'rb') as f:
plist = plistlib.load(f)
print(plistlib.dumps(plist, fmt=plistlib.FMT_XML).decode('utf-8'))

I wanted to learn how to make SandboxProfileData I figured it out by decompiling the code of the various Apple App Sandbox components.

This piece will document my approach to creating a simple C program utilizing Apple’s undocumented functions to compile SandboxProfileData.

It is also practical introduction to writing C code without documentation based on decompiled code.

SandboxProfileData

--

--