Cocoa应用程序中的“应用程序沙箱"处于打开状态时,套接字上未接收任何UDP数据 [英] Not receiving any UDP data on a socket when App Sandbox is on in Cocoa app
问题描述
我有一个用Swift 3.0编写的可可应用程序,该应用程序使用使用C ++/Boost编写的框架在套接字上接收UDP数据.但是,当可可应用程序中的应用程序沙箱功能打开时,我没有从套接字接收任何数据,我也正在使用该数据首先将数据发送到服务器.关闭应用程序沙箱后,一切都会按预期运行. 权限com.apple.security.network.client和om.apple.security.network.server设置为YES.
I have a cocoa app written in Swift 3.0, which is using framework written using C++/Boost to receive UDP data on socket. But when the App Sandbox Capability is switched on in cocoa app i am not receiving any data from the socket, which i am also using to send data to the server first. When App Sandbox is switched off everything is working as expected. Entitlements com.apple.security.network.client and om.apple.security.network.server are set to YES.
在打开应用沙箱"(Mac App Store中的应用是必需的)时,我可以做些什么吗?
Is there anything i can do to make it working with App Sandbox switched on (which is mandatory for apps in Mac App Store)?
推荐答案
可以使用以下权利来允许UDP/TCP套接字连接:
It's possible to use the following entitlements to allow UDP/TCP socket connections:
com.apple.security.network.client
com.apple.security.network.server
According to Apple's "Elevating Privileges Safely" section in the documentation, opening raw sockets, or port numbers below 1024 (UDP/TCP) require elevated privileges. Elevating privileges is apparently not permitted at all in Sandboxed Apps.
需要特权的情况
无论用户是否以管理员身份登录, 程序可能必须在以下位置获得管理权限或root权限 为了完成一项任务.需要提升的任务示例 特权包括:
Regardless of whether a user is logged in as an administrator, a program might have to obtain administrative or root privileges in order to accomplish a task. Examples of tasks that require elevated privileges include:
* manipulating file permissions, ownership
* creating, reading, updating, or deleting system and user files
* opening privileged ports (those with port numbers less than 1024) for TCP and UDP connections
* opening raw sockets
* managing processes
* reading the contents of virtual memory
* changing system settings
* loading kernel extensions
如果必须执行需要提升特权的任务,则必须意识到以下事实:以提升特权运行意味着,如果程序中存在任何安全漏洞,攻击者也可以获取提升特权,并且然后可以执行上面列出的任何操作.
If you have to perform a task that requires elevated privileges, you must be aware of the fact that running with elevated privileges means that if there are any security vulnerabilities in your program, an attacker can obtain elevated privileges as well, and would then be able to perform any of the operations listed above.
注意:提交到的应用程序不允许提升特权 Mac App Store(在iOS中是不可能的).
这篇关于Cocoa应用程序中的“应用程序沙箱"处于打开状态时,套接字上未接收任何UDP数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
