Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

App sandbox: how to allow XPC service to read file that user opened in parent app?

Tags:

cocoa

sandbox

xpc

appstore-sandbox

I have a simple Cocoa image preview app. The user selects a file using an NSOpenPanel and the app generates a preview image using the Quick Look API.

I'd like to move the preview generation into a separate XPC service. Without app sandboxing everything works fine, but after enabling app sandboxing for the parent app and the XPC service, the XPC service is denied read access to the user selected file.

The parent app is allowed to read the file (because it was selected through an NSOpenPanel).

How do I transfer the "file read" permissions for the user-selected file from the parent app to the XPC process so that the XPC process can read the file to generate the preview?

My XPC service requests file-read access via its entitlements and I added the following key to the XPC Service Info.plist, but that did not help:

JoinExistingSession = YES
like image 670
Mark Avatar asked Jul 06 '12 11:07

Mark

People also ask

What is Apple Sandbox helper?

App Sandbox is an access control technology provided in macOS, enforced at the kernel level. It is designed to contain damage to the system and the user's data if an app becomes compromised.

How does Apple Sandbox work?

Sandboxing. All third-party apps are “sandboxed,” so they are restricted from accessing files stored by other apps or from making changes to the device. Sandboxing is designed to prevent apps from gathering or modifying information stored by other apps.

How do I enable Sandbox on my Iphone?

In iOS and iPadOS, the sandbox account appears in Settings > App Store after the first time you use the device to attempt a purchase in a development-signed app. There's no need to sign out of the non-Sandbox Apple ID. Sign in using a Sandbox Apple ID.

1 Answers

I'm not 100% sure but I think Apple recommends passing an NSFileHandle to the XPC process in this case. That way, the XPC process can access the file's contents but does not need to know the file's URL.

Edit: This thread in the Apple Developer Forums is helpful. The recommendation is to create a normal (not security-scoped) bookmark for the URL of the file. This bookmark can then be passed to the XPC process and accessed by it.

like image 185
Ole Begemann Avatar answered Oct 15 '22 17:10

Ole Begemann
Sign in to Comment

Related questions

How to open Safari Extension ToolbarItem popover programmatically
NSMenuItem with custom view doesn't receive mouse events
Is it possible to have both an iOS app and Mac app in the same project?
How should I be associating Core Data entities for use with RestKit?
NSMenuItem KeyEquivalent " "(space) bug
Communicate between finder sync extension and XPC
using startMonitoringEventWithType: error: in the effort to detect wifi SSID change
How do I create NSColor instances that exactly match those in a Photoshop UI mockup?
Detect if cursor is hidden on Mac OS X
Notification when the system is idle or not on OS X
Retrieve info.plist file from command-line tool
NSDocumentController currentDocument returning nil
Ellipsize NSTextField?
how to write expected failures?
How to implement Ctrl-C and Ctrl-D with openpty?
Create a paginated PDF—Mac OS X
Are there any commercial add on programming controls for Mac and iOS Cocoa/Objective C?
Objective-C / Cocoa equivalent of C# ManualResetEvent
How to save off the pasteboard contents first and restore them afterward?
Build Cocoa application Bundle with private dylib/framework

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!