Check Sandbox Status at Runtime

I’m using this code but it always returns false even when it’s Sandboxed. Any ideas?

[code]Public Function IsSandboxed() as Boolean
Declare Function SecCodeCopySelf Lib “Security” (flags as integer, byref proc as ptr) As Integer
Declare Function SecCodeCheckValidity Lib “Security” (code as ptr, flags as integer, requirement as ptr) As Integer
Declare Function SecRequirementCreateWithString Lib “Security” (text as cfstringref, flags as integer, byref requirement as ptr) As Integer

dim myProc as ptr
dim res As integer
dim req As ptr

res=SecCodeCopySelf(0,myProc) //get a code object for the current process
res=res+SecRequirementCreateWithString(“com.apple.security.app-sandbox”,0,req) //create a code requirement
res=res+SecCodeCheckValidity(myProc,0,req) //check the validity with a requirement

if res<>0 then Return false //error or failure… in either case, we failed!

Return True
End Function[/code]

  1. For each security function, you should check the return value, the way the code is set-up now, it could be failing in any one of those 3 functions and you current;y don’t know which.

  2. The way how I do it; which may or may not be any more secure, but does appear to work; is to use

[code] declare function SecCodeCopySigningInformation lib SecurityFramework ( code as ptr, flags as Uint32, _
byref CFDicRef as ptr ) as Int32

if SecCodeCopySigningInformation( SecCodeObj, 2, rvalue ) <> 0 then return nil[/code]
Which returns a CFDictionary. I then grab the “entitlements-dict” value (if it exists) and from that dictionary I can verify if the Sandbox key is present in the “entitlements-dict”.