• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Sandbox - Security Scoped URLs (10.7.3)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sandbox - Security Scoped URLs (10.7.3)

  • Subject: Re: Sandbox - Security Scoped URLs (10.7.3)
  • From: Sean McBride <email@hidden>
  • Date: Thu, 16 Feb 2012 11:57:52 -0500
  • Organization: Rogue Research Inc.
On Wed, 15 Feb 2012 11:33:53 -0800, Seth Willits said:

>On Feb 15, 2012, at 5:49 AM, Kyle Sluder wrote:
>
>>> So 10.7.3 added URLs you can restore in a sandboxed process after
>relaunch (AKA, needed by tons of apps that will be sandboxed), but I
>can't get them to work.
>>>
>>> http://www.opensource.apple.com/source/CF/CF-635.19/CFURL.h
>>>
>>> Whenever I try to create bookmark data with CFURLCreateBookmarkData
>passing kCFURLBookmarkCreationWithSecurityScope, I get a NULL result and
>no error. Anyone managed to figure this out?

It looks like good progress, and is now documented here:

<https://developer.apple.com/library/mac/#documentation/Cocoa/Reference/Foundation/Classes/NSURL_Class/Reference/Reference.html>

But I still don't see how something like Xcode could be made to work. The Xcode file format stores relative paths, not bookmark data.  If one downloads an Xcode sample project from the web, what would Xcode need to do?  Show an NSOpenPanel to confirm that, yes, each source file may be accessed?  (No doubt, Xcode gets to be exempt, it's just an example.)

>Turns out, with an extra mach service entitlement
>(com.apple.security.temporary-exception.mach-lookup.global-name /
>com.apple.scopedbookmarksagent.xpc) you can get it work, but given that,
>the lack of errors otherwise, and the fact that some of the API seems to
>be incorrect, it seems to me the API really isn't finished. I don't see
>how this March sandboxing deadline can be met.

The App Store already forbids many kinds of apps, presumably the circle of forbidden things will just now include apps that need 'lots' of file system access.  No surprises here.  (And it's the risk you take leaving your product's distribution in the hands of a 3rd party, ie Apple).

--
____________________________________________________________
Sean McBride, B. Eng                 email@hidden
Rogue Research                        www.rogue-research.com
Mac Software Developer              Montréal, Québec, Canada



_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Sandbox - Security Scoped URLs (10.7.3)
      • From: Seth Willits <email@hidden>
References: 
 >Sandbox - Security Scoped URLs (10.7.3) (From: Seth Willits <email@hidden>)
 >Re: Sandbox - Security Scoped URLs (10.7.3) (From: Kyle Sluder <email@hidden>)
 >Re: Sandbox - Security Scoped URLs (10.7.3) (From: Seth Willits <email@hidden>)

  • Prev by Date: RE: receptionist pattern question: NSOperationQueue vs. GCD
  • Next by Date: Re: receptionist pattern question: NSOperationQueue vs. GCD
  • Previous by thread: Re: Sandbox - Security Scoped URLs (10.7.3)
  • Next by thread: Re: Sandbox - Security Scoped URLs (10.7.3)
  • Index(es):
    • Date
    • Thread