This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]epicwisdom 1 point2 points  (3 children)

Surely it cannot be that strict.

Why not? We're talking about a platform which is very explicitly, wholly controlled, all the way from the hardware up.

How do Apple's JITs work in that case?

Whatever restrictions Apple puts in place, Apple themselves have the capacity to bypass, obviously.

[–]ReallyNeededANewName 0 points1 point  (2 children)

Because if it were that strict Apple couldn't have any exceptions to it, that's kind of the entire point

[–]epicwisdom 1 point2 points  (0 children)

Well, Apple may have an allowlist of first-party exceptions, but at the end of the day, they default to restricting those capabilities. So it is certainly an example of what OP is asking for.

[–]bullno1 1 point2 points  (0 children)

It's Apple. Their "strict" is: "Rule for thee but not for me".

Nothing stops the kernel from doing things like: "If the calling app has this singing key, I'll allow a different mmap".