Deconfusing the term permissions from security controls and privacy protection. While permissions are set in a file’s attributes, privacy is controlled through elaborate rules.
sandbox
Whether they enable an App Store app to go beyond its sandbox, provide access to features that are privacy-protected, or give access to macOS features only permitted for approved apps, entitlements are important.
Permissions, ACLs, TCC’s privacy controls, SIP and app sandboxes. What they are, and how you can control them to access and maintain your files.
Although macOS won’t tell, Apparency will, even down to launch constraints. Other alternatives, and how to check in the command line.
Everything you need to know about Containers, Group Containers and Daemon Containers, providing a sandboxed Home folder for apps.
A sandboxed and isolation version of Viable designed for security and other researchers, now updated to match features in the latest release of Viable.
Why is it, what is it, and how can you tell whether an app runs in it? What can you do to remove an app’s entitlements?
What is going to change in notarization and code signing? Will sandboxing be required? How does this affect privacy controls?
There’s a lot standing between your app and what it can edit and save: POSIX permissions, ACLs, SIP, TCC, and maybe the sandbox too.
Refactored for a smoother experience and with control over shared folders, Viable beta 7 now has a sandboxed and locked-down sibling ViableS, ideal for research.
The Eclectic Light Company 