Re: How to sandbox an included framework
Re: How to sandbox an included framework
- Subject: Re: How to sandbox an included framework
- From: Antonio Nunes <email@hidden>
- Date: Thu, 16 Aug 2012 08:04:22 +0100
On 16 Aug 2012, at 07:34, Mike Abdullah <email@hidden> wrote:
Thanks for your thoughts Mike. I think they confirm my notion that this rejection was in error (either that, or I'm misunderstanding something):
> On 15 Aug 2012, at 18:48, Antonio Nunes <email@hidden> wrote:
>
>> After a number of successful submissions of my sandboxed app tot he App Store, today Apple decided to reject my app because one of the 3rd party frameworks it includes and links against is not sandboxed. I don't recall hearing about sandboxing frameworks separately. I know they need to be codesigned, and this one is.
>>
>> Searching through the docs and online doesn't turn up any info about framework sandboxing.
>>
>> Can anyone point me to documentation or a tutorial on how to sandbox my third party framework. (I do have access to its source code, if necessary, but I did not see any obvious option to sandbox the framework when I opened and examined the framework's project in Xcode.
>
> Are you sure this is really a framework? Frameworks load as part of your process and so live within your app's sandbox.
It's definitely a framework. It's open sourced: https://github.com/tcurdt/feedbackreporter
> Perhaps you're seeing one of the following:
> - the "framework" is, or includes, another executable which it launches to perform a task
As any framework I've seen, it contains an executable with the framework code. I don't think it launches any other executables. As you wrote, the framework loads as part of the main app's process, so it's lives within the app's sandbox.
> - the framework is trying to do something blocked by the sandbox.
It has been working just fine within the sandbox for several releases. The framework needs network and address book access and both are covered by the entitlements specified for the app. I've had previous updates initially rejected because the framework was 'malformed' when apparently Apple tightened it's guidelines on framework folder structures. I've had a rejection because the reviewers did not keep tab of the rationale I had delivered for needing AddressBook access, so now I submit that with every update, to pre-empt rejection-by-review-process-sloppiness. But anyway, the sandbox has the necessary entitlements.
The reviewer's complaint is that (and I quote) "PDF Nomad.app/Contents/Frameworks/FeedbackReporter.framework/Versions/A/FeedbackReporter is not sandboxed."
Well, that's the executable that gets loaded as part of the main app's process, no? Neither can I find any way to sandbox the executable. It's codesigned, as it should be, but how would I separately sandbox it?
-António
-----------------------------------------------------------
And you would accept the seasons of your
heart, even as you have always accepted
the seasons that pass over your field.
--Kahlil Gibran
-----------------------------------------------------------
-----------------------------------------------------------
And you would accept the seasons of your
heart, even as you have always accepted
the seasons that pass over your field.
--Kahlil Gibran
-----------------------------------------------------------
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden