Re: Sandboxing and file references
Re: Sandboxing and file references
- Subject: Re: Sandboxing and file references
- From: Peter N Lewis <email@hidden>
- Date: Wed, 21 Sep 2011 13:26:20 +0800
Thanks for the various answers, here is a summary:
The explicit entitlement to read a file following an open/drag exists only until the application quits (a fragile exception exists in using URLs stored into the restorable state archive, but even that won't work long term). Thus keeping references to files is essentially impossible (long term) in a sandboxed application - bizarre.
The Application Support folder can be automatically migrated into the sandbox container as described at:
<http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/Migration/Migration.html>
So my solution is to use entitlements of:
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
<key>com.apple.security.temporary-exception.files.home-relative-path.read-only</key>
<string>/</string>
thus allowing me to read any file the user selects, and temporarily to read any file in the home directory.
On first launch, I use the temporary entitlement to read any previously selected user images into my Application Support folder. Any future selected images are copied into my application's sandboxed Application Support folder when they are added using the normal user-selected.read-only entitlement. So future versions will not need the temporary exception.
I coud, but don't need to, migrate the Application Support/Desktop Calendar Maker/ folder into the sandbox. Since it doesn't exist in the old version and the new version can run sandboxed thanks to the temporary entitlement, I don't need to migrate anything.
Now to see if Apple agrees…
Thanks,
Peter.
> Background:
>
> I'm looking at what I'll need to do to sandbox some of my lesser apps (clearly Keyboard Maestro is impossible under sandboxing rules). One of my apps (Desktop Calendar Maker) keeps references (paths) to images. The paths are stored in the apps preferences file. The user gets the file references using either Open or Drag.
>
> So my application already exists and has references to images on the users harddisk. If I enable sandboxing, presumably I'm going to lose access to those files. I could potentially release an interim version that copies the files into my application support folder, but if I then enable sandboxing, I'll probably lose access to my existing application support folder (or is it moved/copied automatically?).
>
> This is quite a simple application, with minimal need to access stuff outside the sandbox, and yet I'm very confused as to how to enable sandboxing without losing the existing users data.
>
> Any advice on the best way forward would be greatly appreciated.
>
> Thanks,
> Peter.
>
> --
> New release: Keyboard Maestro 5.0 with control flow, variables, calculations, macro library and more.
>
> Keyboard Maestro <http://www.keyboardmaestro.com/> Macros for your Mac
> <http://www.stairways.com/> <http://download.stairways.com/>
>
>
>
>
--
New release: Keyboard Maestro 5.0 with control flow, variables, calculations, macro library and more.
Keyboard Maestro <http://www.keyboardmaestro.com/> Macros for your Mac
<http://www.stairways.com/> <http://download.stairways.com/>
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden