SBPL Compilator
Building a SandBox Policy Language Compilator Wrapper in C
INTRO
I am currently learning different things about Apple App Sandbox and stumbled on the .com.apple.containermanagerd.metadata.plist
which stores compiled Sandbox Profile in SandboxProfileData
field:
The sandbox_inspector
is a custom script I uploaded to the Snake & Apple repository. Here is the Python code for converting the PLIST to XML:
with open('.com.apple.containermanagerd.metadata.plist', 'rb') as f:
plist = plistlib.load(f)
print(plistlib.dumps(plist, fmt=plistlib.FMT_XML).decode('utf-8'))
I wanted to learn how to make SandboxProfileData
I figured it out by decompiling the code of the various Apple App Sandbox components.
This piece will document my approach to creating a simple C program utilizing Apple’s undocumented functions to compile
SandboxProfileData
.
It is also practical introduction to writing C code without documentation based on decompiled code.