20
edits
Changes
Update macOS sandbox level 3 description
|-
| Level 3 ||
* write access to most all of the filesystem
* read access to most of the filesystem
** read access to the profile directory (apart from the chrome and extensions subdirectories)
* exec, fork
* printing
* access to most system services
|}
Note that the macOS sandbox is whitelist based, not blacklist, so this section is effectively the inverse of what we allow.
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.
