macOS Entitlements 音频输入与麦克风
macOS Entitlements audio-input vs. microphone
对于 macOS 沙箱,有两个授权密钥:
com.apple.security.device.audio-input
com.apple.security.device.microphone
我都测试过,都允许麦克风输入。
它们有什么区别?
com.apple.security.device.microphone 是沙盒授权。如果您想在沙盒应用程序中使用麦克风,您需要启用它,
com.apple.security.device.audio-input 是强化的运行时权利。如果您想在使用强化运行时构建的应用程序中使用麦克风,则需要启用它。
如果您的应用程序既是沙盒又是强化的,您将希望同时启用两者。
在这种情况下,沙盒和强化提供重叠保护。
在沙盒应用中,如果您没有 com.apple.security.device.microphone 授权,您的应用将无法访问麦克风。
在强化应用中,如果您没有 com.apple.security.device.audio-input 授权,您的应用将无法使用核心音频访问麦克风或任何音频输入,
This很好地解释了沙盒和加固之间的关系。
We can see in Xcode 10 that the Resource Access section of the Hardened Runtime shows a great deal of overlap with the App Sandbox, while the Runtime Exceptions section has functionality unique to the hardened runtime. What's the reason for the overlap? The sandbox was designed mainly for the App Store, while the hardened runtime was designed mainly for Developer ID. I've just explained in detail how the two technologies can apply to the same app and don't depend on the distribution method, but in the near future the majority of apps will probably use at most one of the two: sandboxing for Mac App Store apps and hardening for notarized Developer ID apps. This is why duplicate entitlements exist.
对于 macOS 沙箱,有两个授权密钥:
com.apple.security.device.audio-input
com.apple.security.device.microphone
我都测试过,都允许麦克风输入。
它们有什么区别?
com.apple.security.device.microphone 是沙盒授权。如果您想在沙盒应用程序中使用麦克风,您需要启用它,
com.apple.security.device.audio-input 是强化的运行时权利。如果您想在使用强化运行时构建的应用程序中使用麦克风,则需要启用它。
如果您的应用程序既是沙盒又是强化的,您将希望同时启用两者。
在这种情况下,沙盒和强化提供重叠保护。
在沙盒应用中,如果您没有 com.apple.security.device.microphone 授权,您的应用将无法访问麦克风。
在强化应用中,如果您没有 com.apple.security.device.audio-input 授权,您的应用将无法使用核心音频访问麦克风或任何音频输入,
This很好地解释了沙盒和加固之间的关系。
We can see in Xcode 10 that the Resource Access section of the Hardened Runtime shows a great deal of overlap with the App Sandbox, while the Runtime Exceptions section has functionality unique to the hardened runtime. What's the reason for the overlap? The sandbox was designed mainly for the App Store, while the hardened runtime was designed mainly for Developer ID. I've just explained in detail how the two technologies can apply to the same app and don't depend on the distribution method, but in the near future the majority of apps will probably use at most one of the two: sandboxing for Mac App Store apps and hardening for notarized Developer ID apps. This is why duplicate entitlements exist.