I've recently been working to understand what triggers certain TCC prompts on macOS. During this investigation I noticed something that many prior analyses of TCC overlook: TCC prompts can be triggered not only by system frameworks, but by the Sandbox kernel extension in response to rules defined by the platform sandbox policy.
My latest blog post documents the sandbox features behind this and provides examples of some of the responsible sandbox policies.
https://bdash.net.nz/posts/tcc-and-the-platform-sandbox-policy/
=> More informations about this toot | View the thread | More toots from mrowe@bdash.net.nz
text/geminiThis content has been proxied by September (ba2dc).