• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: deny file-read-data after launch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: deny file-read-data after launch

  • Subject: Re: deny file-read-data after launch
  • From: Graham Cox <email@hidden>
  • Date: Fri, 09 Jan 2015 10:12:07 +1100
> On 9 Jan 2015, at 9:51 am, Steve Mills <email@hidden> wrote:
>
> I'm having a problem with my app on 10.9 that I'm not sure about. The user chooses a folder via NSPathControl, then I use that to do an NSMetadataQuery for all images inside that folder. I don't have code signing turned on for this app yet, but I do have the Sandbox capability turned on. (This is my first personal project since all this stuff has been introduced.)
>
> If I launch my app, choose a folder, I can run my search on it and everything is fine. That folder gets stored in user defaults via a binding on the path control. If I quit and launch again, the path looks correct, yet I get sandbox errors on that folder and everything inside it:
>
> sandboxd: ([372]) Image Snooper(372) deny file-read-data /Volumes/Lemmy/Users/sjmills/Pictures
>
> And then it immediately goes off with results from a completely different folder:
>
> kernel: Sandbox: Image Snooper(372) deny file-read-data /Volumes/Lemmy/Library/Application Support/iPhoto/Themes/blah blah blah
>
> Note that the Pictures folder in question is NOT in my current user folder, but in a user folder NOT on the boot volume.
>
> Any ideas?
>


For a sandboxed app, permission to read a folder outside the sandbox is granted when you use the NSOpenPanel, as you are doing on your first run. On your second run, that permission isn't there. To save a path in user defaults that works for a sandboxed app it has to be stored as a "security-scoped bookmark", which you then resolve on subsequent launches. That also grants permission.

--Graham



_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >deny file-read-data after launch (From: Steve Mills <email@hidden>)

  • Prev by Date: Re: Machine sleep & wake notifications in a daemon
  • Next by Date: Re: deny file-read-data after launch
  • Previous by thread: deny file-read-data after launch
  • Next by thread: Re: deny file-read-data after launch
  • Index(es):
    • Date
    • Thread