Getting sandbox(d into a corner?)
Getting sandbox(d into a corner?)
- Subject: Getting sandbox(d into a corner?)
- From: Clarence Locke <email@hidden>
- Date: Tue, 06 Sep 2011 12:51:58 -0700
I have an app that is currently available on the Mac App Store that I am updating to support the new sandboxing requirements.
In order to provide a more convenient and integrated user experience, my app coordinates the optional installation of export plug-ins for Aperture, iPhoto and Lightroom, as well as a command-line tool for more advanced users. Currently, the installation and removal mechanism for these plug-ins essentially boils down to the use of NSFileManager functions and the invocation of /bin/cp and /bin/rm via AuthorizationExecuteWithPrivileges(), all from within the application's process space (i.e., no helper apps).
As for the functionality of these integration plug-ins: when invoked by their respective parent applications, they use NSWorkspace, NSRunningApplication, Apple Events and Launch Services to locate, launch and/or send information to my application.
There are two major issues that arise when enabling the sandbox and assigning entitlements:
1) Loss of access to specific directories outside of my app's container hierarchy (e.g., ~/Library/Application Support/Aperture/Plug-Ins/Export/, /usr/local/bin/). I realize that I can ask for a temporary exception via the com.apple.security.temporary-exception.files.absolute-path.read-write entitlement, but this falls short as a proper solution because:
(a) it is only "temporary" and may be revoked in some future release.
(b) the directory list for this entitlement is a fixed, embedded and code-signed part of my executable. However, my app treats these third-party integrations themselves as its own kind of plug-in, and technically anybody can author additional ones and make them available for use by my app. If my app is sandboxed, then the installation/removal of those integrations will also not work because their needed directories will not be included in my com.apple.security.temporary-exception.files.absolute-path.read-write entitlement.
How do I resolve issues (a) and (b)?
2) Because the third-party integration plug-ins utilize Apple Events for communicating with my app, I am currently at the mercy of the hosting application's sandbox entitlements. Currently, none of the applications involved (Aperture, iPhoto, Lightroom and my own command line tool) are taking advantage of sandboxing. But when they do, the following issues will arise:
(a) Apple Event use may/may not be allowed. I have to assume that (eventually) they will not be allowed; therefore, what mechanism for communicating from the plug-in to my application should be used in place of Apple Events?
(b) If the host apps become sandboxed themselves, how will my app know that (for example) the Aperture integration plug-in should now be installed in ~/Library/Containers/com.apple.Aperture/Data/Library/Application Support/Aperture/Plug-Ins/Export/ instead of ~/Library/Application Support/Aperture/Plug-Ins/Export/ ?
Are there any suggestions for me to mitigate issue 2?
I also foresee a general problem to any application that supports the installation and use of plug-ins, where the location of its plug-in directory changes after it becomes sandboxed because the root location for locating the plug-ins directory has changed from $HOME (~/) to $CFFIXED_USER_HOME (~/Library/Containers/<bundle-identifier>/Data/). How is Apple going to solve this? And will there be a sandbox-sanctioned way of accessing other application's plug-in directories?
Clarence_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden