If the scope of the entitlements is too large, then the developer's application may be rejected. As part of this mandate, Apple will review all of the entitlements that the developer has implemented, to ensure the scope of the program's entitlement access is not too broad for its purposes.
While normally a voluntary procedure, Apple's will now make sandboxing mandatory if the developer wants to distribute its application through the Mac App Store. The developer does not have to do this, but if not then errors in the program may result in a larger problem than a merely hung or crashed process. Sandboxing of a program is done by the developer for the benefit of the community, to prevent his program from inadvertently accessing files it was not built to access (which may happen with bugs, or if the program is exploited by a hacker). The developer can add as many entitlements as he wishes to give his program as much system access as is necessary however, the idea is the developer only enables the entitlements that are needed to allow his program to run. The entitlements are managed by Apple, and thereby allow Apple to centralize how sandboxed programs can access resources in OS X. To then meet the program's needs, the developer includes a sandbox rule called an "entitlement," that allows the program to access the needed resource defined in that entitlement.
When enabled, the program will by default have no access to the system resources, including the network, user documents, the ability to open and save files, access to peripherals such as printers and cameras, and access to locations, address books, calendars, and similar central services. The system cannot do this itself, so the developer voluntarily turns on sandboxing for its program. The way this works is a virtual barrier called a "sandbox" is set up around a running program that isolates it from the rest of the system.
Sandboxing is a security technique that acts as a last line of defense against exploited, buggy, or otherwise compromised applications, which Apple is implementing to ensure programs distributed through the Mac App Store are as safe and secure as possible.
Since Apple initially scheduled to implement this requirement in November of this year, this announcement is nothing new and is more of a timeframe shift than anything else however, it still raises questions and concern over what this means for developers and end users. Recently Apple announced to developers that beginning in March 2012, all applications submitted to the Mac App Store will require support for Apple's sandboxing routines.
0 kommentar(er)
