Hello,
I have an application which is running sandboxed and it also launches a child processes via posix_spawn. I already learned that child processes are running in the same sandbox as the launching application.
What I wonder is if there is a way to launch the child with different sandbox profile from the parent application while maintaining the parent-child relationship?
My use case is that helper applications doesn't need access to bunch of stuff the parent needs and we want to limit blast radius in case of security problem. I know that's what XPCServices are for, but we have a multi-platform code which is relying on POSIX process model quite heavily.
Thank you
Also have to add that from experimentation I learned that basically once sandbox_init[1][2] is called in the parent process, a child can't init its own sandbox, any attempt to re-init will fail.
[1] Doesn't matter if triggered by entitlements via libsecinit or manually calling sandbox_init in the main()[2] The role of com.apple.security.inherit was for long time lost on me, it seems its sole role is to prevent libsecinit to init a sandbox when com.apple.security.app-sandbox is present :)