Re: App's r/w access to /Library/Preferences/OurAppPrefsFolder, using Xcode 3.2.6
Re: App's r/w access to /Library/Preferences/OurAppPrefsFolder, using Xcode 3.2.6
- Subject: Re: App's r/w access to /Library/Preferences/OurAppPrefsFolder, using Xcode 3.2.6
- From: Scott Ribe <email@hidden>
- Date: Tue, 02 Jul 2013 15:45:29 -0600
On Jul 2, 2013, at 12:08 PM, Jim Prouty wrote:
> [tl;dr version = unresolved: how can I get entitlements into our app using Xcode 3.2.6?]
>
> On Jul 1, 2013, at 8:24 PM, Scott Ribe wrote:
>
>> I'm not sure you can do that... The com.apple.security.temporary-exception.shared-preference.read-write key takes a path starting with / as the path into the user's prefs directory, in other words:
>>
>> <key>com.apple.security.temporary-exception.shared-preference.read-write</key>
>> <array>
>> <string>/Library/Preferences/OurAppPrefsFolder/com.whatever.plist</string>
>> </array>
>>
>> Will actually give your application access to /Users/<username>/Library/Preferences/OurAppPrefsFolder/com.whatever.plist, so there would appear to be no way to use that key to do what you want.
>>
>
> And yet Aperture (one of Apple's image-editing applications) has this entitlement as:
>
> $ codesign -d --entitlements - /Applications/Aperture.app|bbedit
> Executable=/Applications/Aperture.app/Contents/MacOS/Aperture
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd";>
> <plist version="1.0">
> <dict>
> <key>com.apple.application-identifier</key>
> ...
> <key>com.apple.security.app-sandbox</key>
> <true/>
> <key>com.apple.security.temporary-exception.shared-preference.read-write</key>
> <array>
> <string>com.apple.Aperture</string>
> <string>com.apple.iApps</string>
> <string>com.apple.iLifePhotoStream</string>
> <string>com.apple.iLifeAssetManagement.agent</string>
> <string>com.apple.iLifeAssetManagement.crash</string>
> <string>com.apple.iLifePhotoStream.importstatus</string>
> <string>MobileMeAccounts</string>
> <string>com.apple.ImageCapture2</string>
> <string>com.apple.mcxprinting</string>
> </array>
> </dict>
> </plist>
>
> (taken from http://mjtsai.com/blog/2012/09/23/aperture-3-4-sandboxing-and-flickrexport/ )
>
> Those aren't absolute paths; they're relative to /Library/Preferences/.
Maybe that works. I can tell you that Library/Preferences/com.whatever.plist does *NOT* work, and I think that /Library/Preferences/com.whatever.plist gives you access only to the users' directories, not the shared one--but my recollection could be wrong on that point. I never thought of trying just the file name... Of course the fact that the docs do not give one single damn clue as to how "the specified preference domain" should actually be specified is what turns this into a guessing game.
> So I'm trying (from my original post):
>
> <key>com.apple.security.temporary-exception.shared-preference.read-write</key>
> <array>
> <string>WaveMetrics/</string>
> </array>
>
> to get read/write permissions for
>
> /Library/Preferences/OurAppPrefsFolder/anyFileIWantAndThereAreSeveralAndTheyAreNotPlists
>
> I also tried:
>
> <key>com.apple.security.temporary-exception.shared-preference.read-write</key>
> <array>
> <string>WaveMetrics</string>
> </array>
>
> But in both cases, the access wasn't granted, not surprisingly because while our app is codesigned, it apparently lacks entitlements I thought I'd added:
>
> $ codesign -dvvvv --entitlements - /Source/Igor\ 6\ Xcode\ Folder/Igor\ Pro.app
> Executable=/Source/Igor 6 Xcode Folder/Igor Pro.app/Contents/MacOS/Igor Pro
> Identifier=com.wavemetrics.igorpromach
> Format=bundle with Mach-O thin (i386)
> CodeDirectory v=20100 size=166276 flags=0x0(none) hashes=8307+3 location=embedded
> CDHash=b666bb1735285aa8ade994b9baedba47a5169c9b
> Signature size=4228
> Authority=Developer ID Application: WaveMetrics, Inc.
> Authority=Developer ID Certification Authority
> Authority=Apple Root CA
> Signed Time=Jul 1, 2013 6:11:49 PM
> Info.plist entries=25
> Sealed Resources rules=4 files=19
> Internal requirements count=1 size=188
> Jims-Shiny-New-Mac-Pro:~ jim$
>
> which is why I'm asking on an Xcode list: how can I get these entitlements into our app using Xcode 3.2.6?
So how are you trying to sign??? The built-in stuff in Xcode 3.2.6 pre-dates Gatekeeper, so I'm using a script phase to codesign and productbuild after Xcode is done with everything else:
codesign -vv -f -s "3rd Party Mac Developer Application: ...." --entitlements ./sources/something.plist $CODESIGNING_FOLDER_PATH
--
Scott Ribe
email@hidden
http://www.elevated-dev.com/
(303) 722-0567 voice
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden