Little Flocker
Little Flocker is a utility for keeping your personal data safe from spyware, ransomware, misbehaving applications, and other common threats to your computer’s security, by preventing any application from accessing your files without explicit permission.
[…]
In short, Little Flocker is like the popular “Little Snitch” program, but for file access instead of network connections.
Sounds like a good way to keep tabs on applications that are not sandboxed.
The official site is here. I read that it was open source, although the GitHub page is not working for me.
Zdziarski has been approved for a kext signing certificate from Apple, required to allow users to install kernel-level software without disabling System Integrity Protection (SIP), which was added in El Capitan. (The “flocker” part of the name is a play on “flock,” an ancient Unix characteristic used to note that a file is in use, or “locked.”)
Update (2016-10-21): Jonathan Zdziarski (via dkhamsing):
I’ve made #LittleFlocker a private repo; I’ll push Beta 7 on http://littleflocker.com soon. Sorry, but the OSS community is too disparaging.
2 Comments RSS · Twitter
Oh no! I had wanted to write such a tool for years. Even with a rules editor as I had imagined. Well, one more item I can take off my never-ending list of things the world may need and which may or may not help me pay my rent.
I've never used Hands Off, but doesn't it do this type of file access restriction, along with some subset of Little Snitch?