macOS授权音频输入与麦克风 [英] macOS Entitlements audio-input vs. microphone

问题描述

对于macOS沙箱，有两个授权密钥:

For the macOS sandbox there are two entitlement keys:

com.apple.security.device.audio-input
com.apple.security.device.microphone

我都测试了这两者，并且都允许麦克风输入.

I tested both and both allow microphone input.

它们之间有什么区别?

推荐答案

com.apple.security.device.microphone 是沙盒授权.如果您想在沙盒应用中使用麦克风，则需要将其启用，

com.apple.security.device.microphone is a sandbox entitlement. If you want to use the microphone in a sandboxed app, you will need to enable it,

com.apple.security.device.audio-input 是强化的运行时权利.如果要在经过强化的运行时的应用程序中使用麦克风，则需要将其启用.

com.apple.security.device.audio-input is a hardened runtime entitlement. If you want to use the microphone in an app built with the hardened runtime, you will need to enable it.

如果您的应用同时经过沙箱和加固，则需要同时启用两者.

If your app is both sandboxed and hardened, you will want to enable both.

在这种情况下，沙箱和硬化提供了重叠的保护.

Sandboxing and hardening provide overlapping protections in this case.

在沙盒应用程序中，如果您没有 com.apple.security.device.microphone 权利，则您的应用程序将无法访问麦克风.

In a sandboxed app, if you don't have the com.apple.security.device.microphone entitlement, your app will not be able to access the microphone.

在加固的应用程序中，如果您没有 com.apple.security.device.audio-input 权利，则您的应用程序将无法使用来访问麦克风或任何音频输入核心音频，

In a hardened app, if you don't have the com.apple.security.device.audio-input entitlement, your app will not be able to access the microphone or any audio input using Core Audio,

这很好地解释了沙箱和强化之间的关系.

This provides a good explanation of the relationship between sandboxing and hardening.

我们在Xcode 10中可以看到，强化运行时的资源访问"部分与应用程序沙箱"有很多重叠，而运行时例外"部分具有强化运行时所独有的功能.重叠的原因是什么?沙盒主要是为App Store设计的，而强化运行时则主要是为Developer ID设计的.我刚刚详细解释了这两种技术如何可以应用于同一应用程序，并且不依赖于分发方法，但是在不久的将来，大多数应用程序可能最多使用以下两种之一:Mac App的沙箱存储应用程序，并对经过公证的开发人员ID应用程序进行强化.这就是为什么存在重复的权利.

We can see in Xcode 10 that the Resource Access section of the Hardened Runtime shows a great deal of overlap with the App Sandbox, while the Runtime Exceptions section has functionality unique to the hardened runtime. What's the reason for the overlap? The sandbox was designed mainly for the App Store, while the hardened runtime was designed mainly for Developer ID. I've just explained in detail how the two technologies can apply to the same app and don't depend on the distribution method, but in the near future the majority of apps will probably use at most one of the two: sandboxing for Mac App Store apps and hardening for notarized Developer ID apps. This is why duplicate entitlements exist.

这篇关于macOS授权音频输入与麦克风的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！