• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: XPC Services & non-Sandboxed Applications
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: XPC Services & non-Sandboxed Applications

  • Subject: Re: XPC Services & non-Sandboxed Applications
  • From: Quincey Morris <email@hidden>
  • Date: Thu, 23 Jul 2015 16:42:10 +0000
On Jul 23, 2015, at 07:32 , SevenBits <email@hidden> wrote:
>
> What I meant was that apps which are not based on NSDocument do not, according to Apple, automatically get behavior which is compatible with the sandbox. Apple says that if we choose to go this route, you have to co-ordinate access to the file manually using the NSFileCoordinator API and its friends.

Yes, but it’s nothing to do with sandboxing. NSDocument uses file coordination whether the app is sandboxed or not, and if you’re using files that are shared between applications, you should use file coordination too.

> That's a bit counter to my expectations. Nevertheless, I'll try these suggestions.

Mine too. I think I assumed that there were “magic” NSURL objects that contained security permissions, so that you had to use *those* NSURL objects to access files outside your app container.

Instead, I’m guessing based on the information in that thread, there are special “umbrella" NSURL objects that throw an access “shadow", as long as they are present in your app’s environment, that allows access to files using *any* path or URL to the file. That includes access from your own XPC processes.

That would explain why the NSURL given to an XPC process has to be a plain one. You’re not handing off security control to the XPC process (and in fact you can’t), you’re just letting it access the file under your own security umbrella. I’d assume a consequence of this is that you could pass a path to the XPC process instead of a NSURL, and access would work just as well.

> Just to be sure: sandboxed apps still receive full access to files that the user opens, correct? So if a user drags a file onto my app or opens it from the Open dialog, my app is able to access it, correct?

Yes.



_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: XPC Services & non-Sandboxed Applications (From: Quincey Morris <email@hidden>)
 >Re: XPC Services & non-Sandboxed Applications (From: SevenBits <email@hidden>)

  • Prev by Date: Re: XPC Services & non-Sandboxed Applications
  • Next by Date: Re: OsX - HTTP resource load blocked
  • Previous by thread: Re: XPC Services & non-Sandboxed Applications
  • Next by thread: OsX - HTTP resource load blocked
  • Index(es):
    • Date
    • Thread