Two Apple patents have appeared at the U.S. Patent & Trademark Office that show some of Apple’s thinking on the “sandboxing” features of Mac OS X 10.8 Mountain Lion.
“Sandboxing” — which certainly hasn’t thrilled all developers — means that developers must “sandbox” their apps in order to take full advantage of new features like iCloud and Notification Center. In other words, they must limit access to system data much like iOS apps. Apple argues that sandboxing increases security on the Mac.
Patent number 20120311697 is for a system and method for preserving references in sandboxes. A system implementing the method receives a document for use in a sandbox environment and passes the document to a parser, via a coordinator. The parser finds references in the document to other resources and outputs a list of references. The system passes the list of references to a verifier that verifies each reference and outputs a list of verified references.
The system passes the list of verified references to the sandboxed application which extends the sandbox to include the resources on the list of verified references. In one embodiment, the system preserves references in sandboxes without the use a coordinator. The inventors are Ivan Krstic and Pierre-Olivier J. Martel.
Patent number 20120311697 involves a method for executing an application in a restricted operating environment. Per the patent, a user is presented with one or more user-level permissions in a human understandable language, where the one or more user-level permissions represent one or more application-level permissions requested from an application for accessing one or more resources.
A security profile is generated having one or more operating system (OS)-level permissions based on at least one of the user-level permissions authorized by the user. The security profile is enforced to restrict the application to accessing the one or more resources based on the OS-level permissions. The inventors are Michael A. Swingler and Thomas J. O’Brien.
