Sandbox admin privileges

macos applications sandbox

Solution 1:

The App can have read/write access to a location if it gets your permission using an entitlement as part of the App Sandbox, in other words this is how its suppose to work. The App is code-signed and trusted, its asking your permission, in theory all should be good.

As noted in the Mac Technology overview:

App Sandbox

Introduced in OS X v10.7, App Sandbox provides a last line of defense against stolen, corrupted, or deleted user data if malicious code exploits your app. App Sandbox also minimizes the damage from coding errors. Its strategy is twofold:

App Sandbox enables you to describe how your app interacts with the system. The system then grants your app only the access it needs to get its job done, and no more.

App Sandbox allows the user to transparently grant your app additional access by using Open and Save dialogs, drag and drop, and other familiar user interactions.

Specifically a developer can implement the following entitlement as noted here in Enabling App Sandbox, this is exactly what you described in your question, so this is probably the entitlement that the A/V program developer had utilized to obtain just read and write access.

com.apple.security.files.user-selected.read-write

Read/write access to files the user has selected using an Open or Save dialog

Note that this is not the same as true administrator user, since the program would not be granted the execute privilege.

Solution 2:

You're not seeing it correctly. Sandboxing doesn't bypass file permissions. If you don't have write access to a file then having the file-write entitlement won't give you write access to the file. Likewise the NSOpen/NSSave dialogs can't access anything they can't access with sandboxing off.

Related

If $\sum a_n$ converges, prove $\sum a_n^3$ converges
Hilbert cube is compact
Prove that $\int_0^\infty \frac{e^{\cos(ax)}\cos\left(\sin (ax)+bx\right)}{c^2+x^2}dx =\frac{\pi}{2c}\exp\left(e^{-ac}-bc\right)$
Locating a paper in Euler's complete works
Can one always map a given triangle into a triangle with chosen angles by means of a parallel projection?
How can I show that $ \int_0^\pi \frac{x\,dx}{1+\cos^2(x)} = \frac{\pi^2}{2\sqrt{2}} $
Is every property of the integers provable?
Why is the slope of a line defined the way it is.
What is the derivative of max and min functions? [closed]
Prove that $x^3-2$ and $x^3-3$ are irreducible over $\Bbb{Q}(i)$
Why is something not a field if it's a proper class?
Evaluating $\displaystyle\int_0^1\frac{\sqrt{1-y^2}}{1+y^2}dy$ without trig substitution