Re: App's r/w access to /Library/Preferences/OurAppPrefsFolder, using Xcode 3.2.6
Re: App's r/w access to /Library/Preferences/OurAppPrefsFolder, using Xcode 3.2.6
- Subject: Re: App's r/w access to /Library/Preferences/OurAppPrefsFolder, using Xcode 3.2.6
- From: Jim Prouty <email@hidden>
- Date: Tue, 02 Jul 2013 11:08:36 -0700
[tl;dr version = unresolved: how can I get entitlements into our app using Xcode 3.2.6?]
On Jul 1, 2013, at 8:24 PM, Scott Ribe wrote:
> I'm not sure you can do that... The com.apple.security.temporary-exception.shared-preference.read-write key takes a path starting with / as the path into the user's prefs directory, in other words:
>
> <key>com.apple.security.temporary-exception.shared-preference.read-write</key>
> <array>
> <string>/Library/Preferences/OurAppPrefsFolder/com.whatever.plist</string>
> </array>
>
> Will actually give your application access to /Users/<username>/Library/Preferences/OurAppPrefsFolder/com.whatever.plist, so there would appear to be no way to use that key to do what you want.
>
And yet Aperture (one of Apple's image-editing applications) has this entitlement as:
$ codesign -d --entitlements - /Applications/Aperture.app|bbedit
Executable=/Applications/Aperture.app/Contents/MacOS/Aperture
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd";>
<plist version="1.0">
<dict>
<key>com.apple.application-identifier</key>
...
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.temporary-exception.shared-preference.read-write</key>
<array>
<string>com.apple.Aperture</string>
<string>com.apple.iApps</string>
<string>com.apple.iLifePhotoStream</string>
<string>com.apple.iLifeAssetManagement.agent</string>
<string>com.apple.iLifeAssetManagement.crash</string>
<string>com.apple.iLifePhotoStream.importstatus</string>
<string>MobileMeAccounts</string>
<string>com.apple.ImageCapture2</string>
<string>com.apple.mcxprinting</string>
</array>
</dict>
</plist>
(taken from http://mjtsai.com/blog/2012/09/23/aperture-3-4-sandboxing-and-flickrexport/ )
Those aren't absolute paths; they're relative to /Library/Preferences/.
So I'm trying (from my original post):
<key>com.apple.security.temporary-exception.shared-preference.read-write</key>
<array>
<string>WaveMetrics/</string>
</array>
to get read/write permissions for
/Library/Preferences/OurAppPrefsFolder/anyFileIWantAndThereAreSeveralAndTheyAreNotPlists
I also tried:
<key>com.apple.security.temporary-exception.shared-preference.read-write</key>
<array>
<string>WaveMetrics</string>
</array>
But in both cases, the access wasn't granted, not surprisingly because while our app is codesigned, it apparently lacks entitlements I thought I'd added:
$ codesign -dvvvv --entitlements - /Source/Igor\ 6\ Xcode\ Folder/Igor\ Pro.app
Executable=/Source/Igor 6 Xcode Folder/Igor Pro.app/Contents/MacOS/Igor Pro
Identifier=com.wavemetrics.igorpromach
Format=bundle with Mach-O thin (i386)
CodeDirectory v=20100 size=166276 flags=0x0(none) hashes=8307+3 location=embedded
CDHash=b666bb1735285aa8ade994b9baedba47a5169c9b
Signature size=4228
Authority=Developer ID Application: WaveMetrics, Inc.
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=Jul 1, 2013 6:11:49 PM
Info.plist entries=25
Sealed Resources rules=4 files=19
Internal requirements count=1 size=188
Jims-Shiny-New-Mac-Pro:~ jim$
which is why I'm asking on an Xcode list: how can I get these entitlements into our app using Xcode 3.2.6?
> *However*, the other key for read-write access to a file, I don't remember it off the top of my head, I think treats an absolute path the way you need. I'm just not sure if your app would actually be accepted if you use that key to access a preferences file, since supposedly you should not use that to access preferences (according to the docs, but maybe that's only for prefs in the users' folders--sure would be nice if the documentation were more than about 1/3 complete).
>
Aperture apparently doesn't play by the same rules we expect Apple to enforce on us developers:
<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
<string>/</string>
Yep: full read/write to the root directory (and thus all files everywhere).
--Jim
========================================================================
Jim "How does it work?" Prouty
Voice: (503) 620-3001, FAX: (503) 620-6754
Makers of IGOR Pro, scientific data analysis and graphing for Mac and PC
http://www.wavemetrics.com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden