이 페이지에서는 기본 macOS 샌드박스 내에서 임의의 명령을 실행하는 앱을 만드는 방법을 찾을 수 있습니다:
애플리케이션 컴파일하기:
main.m
#include <Foundation/Foundation.h>
int main(int argc, const char * argv[]) {
@autoreleasepool {
while (true) {
char input[512];
printf("Enter command to run (or 'exit' to quit): ");
if (fgets(input, sizeof(input), stdin) == NULL) {
break;
}
// Remove newline character
size_t len = strlen(input);
if (len > 0 && input[len - 1] == '\n') {
input[len - 1] = '\0';
}
if (strcmp(input, "exit") == 0) {
break;
}
system(input);
}
}
return 0;
}
컴파일 실행: clang -framework Foundation -o SandboxedShellApp main.m
.app 번들 빌드
mkdir-pSandboxedShellApp.app/Contents/MacOSmvSandboxedShellAppSandboxedShellApp.app/Contents/MacOS/cat<<EOF>SandboxedShellApp.app/Contents/Info.plist<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>CFBundleIdentifier</key><string>com.example.SandboxedShellApp</string><key>CFBundleName</key><string>SandboxedShellApp</string><key>CFBundleVersion</key><string>1.0</string><key>CFBundleExecutable</key><string>SandboxedShellApp</string></dict></plist>EOF
권한 정의
cat<<EOF>entitlements.plist<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.app-sandbox</key><true/></dict></plist>EOF
cat<<EOF>entitlements.plist<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.app-sandbox</key><true/><key>com.apple.security.files.downloads.read-write</key><true/></dict></plist>EOF
앱에 서명하기 (키체인에서 인증서를 생성해야 함)
codesign--entitlementsentitlements.plist-s"YourIdentity"SandboxedShellApp.app./SandboxedShellApp.app/Contents/MacOS/SandboxedShellApp# An d in case you need this in the futurecodesign--remove-signatureSandboxedShellApp.app
