Given that signature checks for kernel extensions and executables are both carried out in userspace, this tells me that SIP and the sandbox aren't running when
launchd is still the only process running. But, I can't be sure, so I ask: is launche completely unconfined by the security features that were introduced by SIP (e.g., Sandbox, AMFI, entitlements, SIP, etc.)?
Asked by Melab
(1039 rep)
Apr 5, 2024, 01:11 AM
Last activity: Apr 5, 2024, 01:44 AM
Last activity: Apr 5, 2024, 01:44 AM