Sandbox Violation on Runtime Exec
Jessica Finley
jfinley at tech4learning.com
Fri Jun 8 06:27:49 PDT 2012
That makes sense… how, though, would I set the inherit entitlement for the new process? The only way I know to set entitlements is at codesigning time, but this process is generated on the fly at runtime.
That would be my preferred route.. if that isn't possible, I'll make a dylib.
Thanks!
-Jess
On Jun 8, 2012, at 4:11 AM, Marco Dinacci wrote:
> Hi,
>
>> Can anyone explain why that would be? And perhaps, what can I do differently in my java app to call this command (we're currently using Runtime.exec()) and not get pulled over by the sandbox police?
>
> my guess is that it is blocked because Runtime.exec() executes the
> command in a separate process, which doesn't inherit the sandbox
> entitlements of his parent.
>
> You could try either using the com.apple.security.inherit entitlement
> or create a small tool as an XPC service.
> As you say that NSTask works you could also make a dylib and wrap it using JNI.
>
>
> Best,
> Marco
More information about the macosx-port-dev
mailing list