Re: Trying to understand a permissions failure when writing to ~/Desktop
Re: Trying to understand a permissions failure when writing to ~/Desktop
- Subject: Re: Trying to understand a permissions failure when writing to ~/Desktop
- From: "Clark S. Cox III" <email@hidden>
- Date: Thu, 28 Jan 2016 12:07:47 -0800
> On Jan 27, 2016, at 22:08, Graham Cox <email@hidden> wrote:
>
>
>> On 28 Jan 2016, at 4:36 PM, Graham Cox <email@hidden> wrote:
>>
>> Why would the OS think an app was sandboxed
>
>
> OK, I think I found the problem. In Build Settings->Code Signing, the “Code Signing Entitlements” was set to a .entitlements file which is actually nothing to do with this product. I don’t know where it got that setting from (I’ve never set it), but it’s wrong. I deleted it and now my app seems to be happy to write where it wants to and doesn’t create a container.
>
> I’m supposing that the actual sandboxing entitlements are baked into the code signature, not just read from a resource file, and that’s where the system gets its info.
Correct. If you want to see the entitlements a given app was signed with, you can use:
codesign -d --entitlements - <yourapp>.app
e.g.
% codesign -d --entitlements - /Applications/Preview.app
Executable=/Applications/Preview.app/Contents/MacOS/Preview
��qq�<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd";>
<plist version="1.0">
<dict>
<key>com.apple.application-identifier</key>
<string>com.apple.preview</string>
<key>com.apple.developer.maps</key>
<true/>
<key>com.apple.developer.ubiquity-container-identifiers</key>
<array>
<string>com.apple.Preview</string>
</array>
<key>com.apple.private.bookkit</key>
<true/>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>com.apple.PreviewLegacySignaturesConversion</string>
</array>
<key>com.apple.security.device.camera</key>
<true/>
<key>com.apple.security.files.downloads.read-write</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.print</key>
<true/>
<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
<array>
<string>com.apple.systemuiserver.screencapture</string>
</array>
<key>keychain-access-groups</key>
<array>
<string>com.apple.AnnotationKit</string>
</array>
</dict>
</plist>
> So Alex, you were right ;)
>
> —Graham
>
>
>
> _______________________________________________
>
> Cocoa-dev mailing list (email@hidden)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden