Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Read and Write access for FinderSync extension in a sandboxed environment

The scenario

The user right-clicks a directory in Finder and finds a custom MenuItem. Clicking that Item will tell my app to open up a window where the user can do his work. When he is finished files need to be written to to the folder he selected by right-clicking.

The Problem

I got everything to work now, but the very last part. The extension can't write to the selected folder.

The user selecting the folder he wants to interact with seems to not be part of the Powerbox which - how I understand it - is only activated with openPanel and savePanel. How do I get the rights to interact with the folder that the user selected through my menu item? I can't find a reference to any possible solution to that problem in the developer library. Not in the sandboxing guide not in the extensions guide.

The possibility to add custom menu items would be rather useless if there was no way to use the selected files and folders so I'm sure there must be a way for accessing them.

Maybe the way I'm trying to write is wrong. My main app writes a temporary file into a shared group folder. After that it sends a notification that the extension listens to:

func copyFile(notification:NSNotification)
{
    NSLog("write file")

    if let target = tmpTarget
    {
        let secureContainer = NSFileManager.defaultManager().containerURLForSecurityApplicationGroupIdentifier("group.de.enie.Nu")
        let contents = NSFileManager.defaultManager().contentsOfDirectoryAtURL(secureContainer!, includingPropertiesForKeys: nil, options: NSDirectoryEnumerationOptions.SkipsHiddenFiles | NSDirectoryEnumerationOptions.SkipsPackageDescendants | NSDirectoryEnumerationOptions.SkipsSubdirectoryDescendants , error: nil)
        
        for content in contents as! [NSURL]
        {
            NSLog("tmp data: \(content.path!)")
            if content.lastPathComponent!.stringByDeletingPathExtension == "SharedData"
            {
                NSLog("found shared file")
                
                NSFileManager.defaultManager().copyItemAtURL(content, toURL: target.URLByAppendingPathComponent(content.lastPathComponent!), error: nil)
                
                NSFileManager.defaultManager().removeItemAtURL(content, error: nil)
            }
        }
        tmpTarget = nil
    }
}

The attempt to write the file results in these console notifications:

  • open on /Users//Desktop/SharedData.png: Operation not permitted
  • deny file-write-create /Users//Desktop/SharedData.png

Any ideas how to get access to user selected folders are appreciated.

Update

I just reassured that I did no mistakes in any way. While I'm allowed to access folders via the NSOpenPanel (which means entitlements should be right) I can not create folders in / or even bookmark the target url of my default FIFinderSyncController.

like image 255
Enie Avatar asked May 16 '15 13:05

Enie


2 Answers

Even though the Finder Sync App Extension is granted "User Selected File" Sandbox File Access, the selectedItemURLs() files accessed by the user via Finder Sync App Extension right-click seemingly do not count as being "user-selected". The sandbox thus denies your Finder Sync app access to those files.

As the other answer notes, the only way around this is to use a temporary entitlement for wider file access. Or to use a Powerbox NSOpenPanel to have the user select a containing folder, and use that security-scoped bookmark to access the sandboxed files.

Please duplicate my Apple bug report requesting this behavior be allowed:

Finder Sync App Extension selectedItemURLs() should receive "User Selected File" Sandbox file access.

rdar://42874694
https://openradar.appspot.com/radar?id=5063363058991104

like image 86
pkamb Avatar answered Nov 09 '22 03:11

pkamb


You should be able to write to the selected file if you grant the entitlement: com.apple.security.files.user-selected.read-write

like image 2
dejuknow Avatar answered Nov 09 '22 01:11

dejuknow