Re: Suggestions for handling old document files with file paths in a sandbox environment
Re: Suggestions for handling old document files with file paths in a sandbox environment
- Subject: Re: Suggestions for handling old document files with file paths in a sandbox environment
- From: Mike Abdullah <email@hidden>
- Date: Thu, 04 Oct 2012 18:03:40 +0100
On 3 Oct 2012, at 19:48, Sean McBride <email@hidden> wrote:
> On Wed, 3 Oct 2012 11:38:10 -0700, Quincey Morris said:
>
>> If an item is in your sandbox, you don't need the bookmark at all (for
>> security reasons, anyway). If the item is *not* in your sandbox, then
>> you're going to have to ask the user for access -- possibly thousands of
>> times.
>
> Which is of course ridiculous. Can you imagine Final Cut Pro or Xcode doing such a thing when opening their old documents? Notice Apple hasn't sandboxed those applications?
>
> My solution for now is:
>
> <!-- Allows full access to filesystem, due to numerous difficulties with App Sandbox. <rdar://11616142> -->
> <key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
> <array>
> <string>/</string>
> <string>/Volumes/</string>
> </array>
>
> You still get some benefit from the sandbox (protection against network, USB, camera being compromised), but have full file system access.
>
> If you care about App Store (I don't), they may not allow this.
They almost certainly won't allow it. A combo of pleading, explaining, and being well-established might help you out though.
Ideally your entitlement would be read-only for most apps. Sadly though due to a bug you need write access to a file in order to generate a read-only security-scoped bookmark to it at present.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden