I'm developing an app that is currently sandboxed. It acts as a basic text editor. Recently, I wanted to test what happens when I open a file in my app and another app at the same time, make an update in one app, then then see the updated in the other. I'm using Coda
or BBEdit
as my alternative editors. If I turn off sandboxing -- then this issue does not exist. However, since apps are required to be sandboxed as of March 1, I would rather implement a solution rather than wait and see.
When I open both files and make an edit in my app and then switch to the other app, the changes are reflected so that those editors have the version just saved from my app. However, if I perform the converse of saving from their app and then moving to mine -- no joy. Without performing any action, the console reports two specific errors: deny file-issue-extension
and deny file-write-data
. The app appears to be losing privileges to edit the document since it was changed by an external editor after the document was opened in my app. If I try to save the file in my app, it asks to duplicate the document because it has lost access to the original document. This doesn't happen the other way around because those apps have not been sandboxed and therefor have permissions that my app does not. It also doesn't appear that you can prevent the other app from making the changes if you don't want this behavior.
The documentation on developer.apple.com mentions nothing of this type of situation. I am not sure if this is intended behavior. If it is, then I can just tell my user that the document permissions have been lost and they should either save a new version or re-open the file. If it is NOT intended behavior, then what method in the NSDocument API would grant permission to the file once it has been lost? I'm assuming the answer is the former, that this is intended, but can anyone confirm and is there documentation?
Overview. The App Sandbox is an access control technology that macOS provides and enforces at the kernel level. The sandbox's primary function is to contain damage to the system and the user's data if the user executes a compromised app.
If you don't have permission to open a file or folder, you may be able to change the permissions settings. On your Mac, select the item, then choose File > Get Info, or press Command-I. Click the arrow next to Sharing & Permissions to expand the section.
You can decide which apps and websites are allowed to access files and folders in specific locations. On your Mac, choose Apple menu > System Preferences, click Security & Privacy , then click Privacy. Select Files and Folders. Select the checkbox below an app to allow it to access files and folders in that location.
All third-party apps are “sandboxed,” so they are restricted from accessing files stored by other apps or from making changes to the device. Sandboxing is designed to prevent apps from gathering or modifying information stored by other apps.
Without performing any action, the console reports two specific errors: deny file-issue-extension and deny file-write-data. The app appears to be losing privileges to edit the document since it was changed by an external editor after the document was opened in my app. If I try to save the file in my app, it asks to duplicate the document because it has lost access to the original document
The correct behavior in a situation like this is to not overwrite the file, but to prompt the user if they want to reload the document, if so reload it and then write it.
The OS is doing the right thing by not allowing a blind write over a file that has changed.
See NSFilePresenter - (void)presentedItemDidChange to see if it changed. Reread the file and then see if you can save it. You dont say you have been denied a read on the file.
Also, since you havent posted any code it might be helpful to show what code you are using to access the file and to save it. NSDocument has built in handling for some types of file changes in the sandbox.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With