I'm reading about Mac app sandboxing and am wondering what exactly happens when a user selects a folder in an NSOpenPanel or NSSavePanel. The “App Sandbox Design Guide” gives the following example:
When a user of your app specifies they want to use a file or a folder, the system adds the associated path to your app’s sandbox. Say, for example, a user drags the
~/Documents
folder onto your app’s Dock tile (or onto your app’s Finder icon, or into an open window of your app), thereby indicating they want to use that folder. In response, the system makes the~/Documents
folder, its contents, and its subfolders available to your app.
It's not clear to me what's meant by the “contents” here. Is this limited to seeing what files are in the folder without being able to read what's in those files? Or does this simply mean that the app will be able to read any file that's (recursively) inside the Documents folder (so it can, for example, read both ~/Documents/Foo.txt
and ~/Documents/Bar/Baz.txt
)? And what about write operations (writing to an existing file, deleting one or creating a new file or folder)?
The App Sandbox is an access control technology that macOS provides and enforces at the kernel level. The sandbox's primary function is to contain damage to the system and the user's data if the user executes a compromised app.
Android sandboxThe Android platform isolates apps from each other and protects them -- and the overall system -- from malicious apps and intruders. Android assigns a unique user ID (UID) to each application to create a kernel-level sandbox. This kernel ensures security between apps and the system at the process level.
On your Mac, select a disk, folder, or file, then choose File > Get Info. If the information in Sharing & Permissions isn't visible, click the arrow . Select a user or group in the Name column, then choose a privilege setting from the pop-up menu. Read & Write: Allows a user to open the item and change it.
Essentially, an app's processes are enforced with customizable rules, such as the ability to read or write specific files. The App Sandbox also restricts the processes' access to system resources and user data to minimize the impact or damage if the app becomes compromised.
The app can read all files in the selected folder as well as its subfolders. Same is true for writing, both for new files as well as overwriting existing ones. Deleting is also possible as well as new folder creation, folder movement within the bounds of the folder (or other folders you have the required rights for).
Simply put, you have the freedom to do whatever you want within this folder and its subfolders.
Caveat: When the save panel opens up and it shows Documents
as target, it might be ~/Library/Containers/<app signature>/Data/Documents
. You may change the location, but the first time I was baffled after the file had successfully been saved but was not located at ~/Documents
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With