App Sandbox

RSS for tag

App Sandbox is a macOS access control technology designed to contain damage to the system and user data if an app becomes compromised.

App Sandbox Documentation

Pinned Posts

Posts under App Sandbox tag

89 Posts
Sort by:
Post not yet marked as solved
0 Replies
9 Views
Hello, I'm create an app using QT on MacOs with Generate to Xcode, when submitting it to the App Store the upload process was successful but I got email feedback with the message containing the following: ITMS-90238: Invalid Signature - The main app bundle Tren at path Tren.app has following signing error(s): a sealed resource is missing or invalid . Refer to the Code Signing and Application Sandboxing Guide at http://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html and Technical Note 2206 at https://developer.apple .com/library/mac/technotes/tn2206/_index.html for more information. ITMS-90296: App sandbox not enabled - The following executables must include the 'com.apple.security.app-sandbox' entitlement with a Boolean value of true in the entitlements property list: [[Tren.app/Contents/MacOS/Tren ]] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app. I've done the methods available in the community, but it still doesn't work. I hope someone will provide a solution, thank you
Posted
by usmanar.
Last updated
.
Post not yet marked as solved
5 Replies
103 Views
Am I calling this right? host_priv_t hostPriv = 0; int err = host_get_host_priv_port(mach_host_self(), &hostPriv); err = host_processors(hostPriv, &processorList, &processorCount); host_get_host_priv_port above returns 4 "(os/kern) invalid argument". Tried with App Sandbox enabled and disabled.
Posted Last updated
.
Post not yet marked as solved
1 Replies
81 Views
Hello Fellow Developers, I'm reaching out for insights or solutions to a challenge we're encountering with our sync client application, particularly related to maintaining user folder access permissions across app sessions and system restarts. In our application, we leverage the openFileDialog to enable users to select a folder for file downloads and synchronization. To ensure smooth access on subsequent app launches, we save a security bookmark of the chosen folder. This is crucial for our app to function without repeatedly asking for user permissions, thereby enhancing the user experience. However, we've hit a snag where the security bookmark expires after a few days or upon a system restart, leading to a less than ideal scenario where users are prompted for reauthorization through a FileDialog. This repetitive process is not the seamless experience we aim to provide. To address permissions and security, we are currently using two entitlements: com.apple.security.files.bookmarks.document-scope com.apple.security.files.bookmarks.app-scope Despite these, we still face the bookmark expiration issue. We're seeking advice on whether there are other entitlements or methods we should consider to maintain persistent access to the selected folder without the security bookmark expiring. Our goal is to reduce or eliminate the need for users to repeatedly grant access, ensuring a seamless and efficient user experience. Has anyone faced a similar challenge or can offer guidance on additional entitlements or strategies to achieve persistent folder access? Any suggestions, alternative approaches, or insights would be greatly appreciated. We're keen on exploring all possible solutions to enhance our application's functionality and user satisfaction. Thank you for your time and assistance. I look forward to any advice or discussions this community can offer.
Posted Last updated
.
Post marked as solved
1 Replies
75 Views
In macOS, the App Sandbox is designed to restrict applications' access to system resources and user data, mitigating damage from potential threats. However, I'm unclear on its relationship with permissions and how it effectively reduces such threats. For example, with com.apple.security.device.camera, it seems to me that NSCameraUsageDescription should suffice. If an application is granted permission via NSCameraUsageDescription, configuring com.apple.security.device.camera still doesn't guarantee protection against malicious access to user data, does it? Or, if I haven't configured both com.apple.security.device.camera and NSCameraUsageDescription, could a malicious app still somehow prompt the camera permission dialog or bypass permission checks and access the camera without the com.apple.security.device.camera configuration?
Posted Last updated
.
Post not yet marked as solved
2 Replies
141 Views
I've developed a crypto token kit extension using the Xcode template. I've successfully added the certificate and its corresponding private key to the keychain. However, when attempting to sign with this certificate, I need to call a command-line interface (CLI) that I've created. The CLI is located at ~/Applications/mycli/cli_executable. My issue arises because the extension is sandboxed, prohibiting direct communication with the CLI. I attempted to remove the sandbox, but that didn't resolve the problem (the extension wasn't being registered without the app sandboxed). Additionally, the CLI relies on a database, so simply copying the file to the app container folder isn't a feasible solution (unless it's a symlink – I'm unsure if this is possible). How can I effectively address this problem and enable communication between the sandboxed extension and my CLI (GoLang app)? Thank you.
Posted Last updated
.
Post not yet marked as solved
2 Replies
131 Views
Is it possible to read messages from chat.db inside a MacOS app? I'm developing a MacOS app, I'm able to successfully connect to ~/Library/Messages/chat.db but when I try to run a query I get Error preparing select: authorization denied I know other apps like TablePlus are able to read chat.db but these apps are outside of iOS. Thanks in advance!
Posted Last updated
.
Post not yet marked as solved
1 Replies
232 Views
I am implementing parental control app via python 3.9 for macOS. Therefore I want to use launch agent to keep my application always alive (app reopened automatically after reboot pc and protected against to be closed via activity monitor.) I want to give keep alive enabling and disabling option to parents that they can deactivate or activate it in the app GUI. I achieved to keep alive my app standalone signed app without sandboxing(or via Terminal command) but if I sign it with sandbox then I get following error for "launchctl load" and "launchctl bootstrap" commands which are executed in the application "Load failed: 5: Input/output error" My steps without Sandbox which works fine: 1- Create a com.test_gui.macos.plist file under /Library/LaunchAgents with following content: `<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>KeepAlive</key> <true/> <key>Label</key> <string>test_gui</string> <key>ProgramArguments</key> <array> <string>open</string> <string>-g</string> <string>-a</string> <string>/Applications/test_gui.app</string> </array> </dict> </plist>` 2- create a python file for launch agent activation (I know either launchctl load or bootstrap should be used but I used both of them to test both.): import subprocess cmd = "launchctl enable gui/501/test_gui" response = subprocess.call(cmd, shell=True) time.sleep(2) cmd = "launchctl load -w /Library/LaunchAgents/com.test_gui.macos.plist" response = subprocess.call(cmd, shell=True) time.sleep(2) cmd = "launchctl bootstrap system /Library/LaunchAgents/com.test_gui.macos.plist" response = subprocess.call(cmd, shell=True) time.sleep(50) 3- Create standalone app via nutika: python3.9 -m nuitka --run --standalone --macos-disable-console --macos-create-app-bundle \--macos-app-mode=ui-element --enable-plugin=pyside6 --macos-app-icon=/Users/emre/Documents/MrProtect/icons/app_icon.png \--include-data-dir=icons=icons test_gui.py 4-Create a .sh file to sign app without sandboxing: #!/bin/sh APP_PATH="/Users/emre/Documents/tests/Deployment/test_gui.app" SIGNING_IDENTITY_APP="Apple Development: Emre Guenay (***)" PASSWORD="***" codesign -s "$SIGNING_IDENTITY_APP" -f \ "$APP_PATH/Contents/MacOS/Python" codesign -s "$SIGNING_IDENTITY_APP" -f \ "$APP_PATH/Contents/MacOS/test_gui" exit 0 5-execute sh file and see following output: /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/Python: replacing existing signature /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/test_gui: replacing existing signature 6-copy paste signed standalone app(without sandbox) file under /Applications/ 7-execute app and try to close app via activity monitor and observe that the app is reopened automatically. so the launch agent works fine Failed Steps(Sign the same app with sandbox and observe that both launchctl load and bootstrap returns "Load failed: 5: Input/output error") 8- create an app.entitlements file with following content: \<?xml version="1.0" encoding="UTF-8"?\> \<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"\> \<plist version="1.0"\> \<dict\> \<key\>com.apple.security.app-sandbox\</key\> \<true/\> \</dict\> \</plist\> 9-Create a .sh file to sign app with sandboxing: #!/bin/sh # APP_PATH="/Users/emre/Documents/tests/Deployment/test_gui.app" SIGNING_IDENTITY_APP="Apple Development: Emre Guenay (***)" PASSWORD="***" codesign -s "$SIGNING_IDENTITY_APP" -f \ \--entitlements app.entitlements \ "$APP_PATH/Contents/MacOS/Python" codesign -s "$SIGNING_IDENTITY_APP" -f \ \--entitlements app.entitlements \ "$APP_PATH/Contents/MacOS/test_gui" exit 0 10-execute sh file and see following output: /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/Python: replacing existing signature /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/test_gui: replacing existing signature 11-execute app and try to close app via activity monitor and observe that the app is closed although app started the launch agent. 12-you can re-execute app under /Applications/test_gui.app/Contents/MacOS folder with "./test_gui" or even with sudo "sudo ./test_gui" commands you would see following error message for both launchctl load and bootstrap returns: "Load failed: 5: Input/output error". So if you close the app, it will not be re-opened Moreover console tool launchd.log output shows also (1: Operation not permitted) error for launchctl load and bootstrap commands My questions: 1-Is there any other method different than launch agent for keep alive? I researched it in internet but I could not find any other method unfortunately. Moreover launch agent is not user friendly anyway, with the reason that sandboxed apps cannot copy paste any files under LaunchAgents folder automatically. I am planning to provide my plist file to users that they can copy paste the file themself into launch agent folder out of sandbox. 2-How can i get rid of "Load failed: 5: Input/output error", thereby I can proceed at least with lanuchctl? What I have tried additionally: 1-I have also tried to use these linux commands, before executing my sandboxed standalone app file: sudo -S chown 600 /Library/LaunchAgents/com.test_gui.macos.plist sudo -S chown root:wheel /Library/LaunchAgents/com.test_gui.macos.plist 2-I have already given security fulldisk access to my test_gui app, but it also did not work My Requirements: Nuitka: 1.9rc5 Commercial: None Python: 3.9.12 (v3.9.12:b28265d7e6, Mar 23 2022, 18:22:40) Flavor: CPython Official Executable: /Library/Frameworks/Python.framework/Versions/3.9/bin/python3.9 OS: Darwin Arch: x86_64 Version C compiler: /usr/bin/clang (clang). macOS Sonoma: 14.2.1
Posted
by EmreGun.
Last updated
.
Post marked as solved
1 Replies
151 Views
Hello, I have an application which is running sandboxed and it also launches a child processes via posix_spawn. I already learned that child processes are running in the same sandbox as the launching application. What I wonder is if there is a way to launch the child with different sandbox profile from the parent application while maintaining the parent-child relationship? My use case is that helper applications doesn't need access to bunch of stuff the parent needs and we want to limit blast radius in case of security problem. I know that's what XPCServices are for, but we have a multi-platform code which is relying on POSIX process model quite heavily. Thank you
Posted Last updated
.
Post not yet marked as solved
2 Replies
242 Views
I am trying to run a simple bash script from within swift. Eventually it should call a python script, but for now, I am just trying to get it to echo hello. The script is included in the bundle and also included in the targets. The script is called from the QLExtension. The script is correctly found, but I get an error: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" let scriptPath = Bundle.main.path(forResource: "run_local", ofType: "sh") if scriptPath == nil { print("script not found or other error") return nil } let process = Process() process.executableURL = URL(fileURLWithPath: "/bin/bash") process.arguments = [scriptPath!] do { try process.run() process.waitUntilExit() } catch { print("Failed to run the script: \(error)") } The script, run_local.sh is included in the bundle and is just #!/bin/bash echo "hi" > /dev/null Is this possible? Are there any particular entitlements that I need in order for this to work? Everything else works with this app; this is the only error. -- The reason I am building this: I use google drive to synchronize files locally. A number of those files do not have a local representation. Google "stores" those files locally using a text file with a document ID (one would open something like docs.google.com/docs/) I want to be able to preview the google drive files using quicklook One very simple way to do this is to fetch the google drive files (using google drive API) at preview time. I have a python script that can do this and wanted to hook it up to the QLExtension for preview Another option is to keep a separate service running (I would use python) that keeps a local copy of all the synchronized google files. (But then I'll probably need to connect to a local sql database or similar that tells the swift extension the local file math: i.e., effectively a mapping from ID => local_file_path. But perhaps access of this kind to a SQL database is allowed?)
Posted Last updated
.
Post not yet marked as solved
1 Replies
148 Views
有用户反馈有些APP引导弹窗多次弹出,经过埋点日志观察发现,这些用户保存在钥匙串中的openudid,沙盒数据,甚至网络请求的cookie都突然丢失了,然后后续几次重启后可能这些数据又都恢复了,感觉非常不可思议,代码上看不出有任何问题,有大神帮忙解答下吗?
Posted
by bobo9456.
Last updated
.
Post not yet marked as solved
2 Replies
349 Views
Hi, I would love to disable app sandbox completely, because my music application requires extended filesystem permissions. Like reading configuration files from $HOME and enabling services through sockets. The UI toolkit I am using endorses IPC mechanism. cheers, Joël
Posted
by joel2001k.
Last updated
.
Post not yet marked as solved
1 Replies
198 Views
I have a sandboxed app in /Applications. I'm attempting to shoot a problem with LLDB, so I cd to /Applications/app-name/Contents/MacOS and do lldb programname. However, once I fire it off with "r" it dies instantly with: error: process exited with status -1 (lost connection) Should this work? Should I try signing the lldb executable? Thanks!
Posted Last updated
.
Post not yet marked as solved
2 Replies
270 Views
I've been trying to submit an application made with the Electron framework (electronjs.org) to the Mac Apple Store, but when launched an alert dialog appears with the text: "App Name Helper (Renderer)" differs from previously opened versions. Are you sure you want to open it? Opening "App Name Helper (Renderer)" will allow it to access data from previously used versions of "App Name Helper (Renderer)". ...this is preventing my Mac App Store submission. I've looked at troubleshooting information related to Gatekeeper and entitlements, etc. but I have not been able to determine which Apple subsystem (App Sandbox? Gatekeeper?) this particular alert comes from so I can possibly carve out an exception for it, or otherwise figure out how to fix it. "App Name Helper (Renderer)" is an agent process. Checking the App Store build results in: > spctl -a -t exec -vvv App\ Name.app/Contents/Frameworks/App\ Name\ Helper\ \(Renderer\).app App Name.app/Contents/Frameworks/App Name Helper (Renderer).app: rejected origin=Apple Distribution: Kevin Hughes (MYTEAMID) ...for App Store submission, is it expected that all agent processes should be signed with the Apple Distribution certificate? And is it OK that nothing is notarized before submission? If everything should be notarized, which certificate should be used? Does the App Store verification process check for this kind of thing regarding agent processes? Should it? Note that I can build, install, launch, and fully execute an Apple Developer ID-signed and notarized binary with a hardened runtime (and Apple Development profile) myself on my local machine as well as other macOS Sonoma 14.3.1 systems without any issues. The entitlements for my App Store build are: <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.assets.movies.read-only</key> <true/> <key>com.apple.security.assets.music.read-only</key> <true/> <key>com.apple.security.assets.pictures.read-only</key> <true/> <key>com.apple.security.automation.apple-events</key> <true/> <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.security.cs.debugger</key> <true/> <key>com.apple.security.cs.disable-executable-page-protection</key> <true/> <key>com.apple.security.cs.disable-library-validation</key> <true/> <key>com.apple.security.files.downloads.read-only</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.network.client</key> <true/>
Posted
by Kevcom.
Last updated
.
Post marked as solved
2 Replies
306 Views
Hi, I've an OSX app packages up outside of XCode (because it's based on a legacy cross-platform build system). The layout looks like this: App App/Contents <- info.plist is here App/Contents/Frameworks <- Dylibs go here App/Contents/MacOS <- Main executable and bash startup script go here App/Contents/Resources <- Non-executable resources. There are no helper apps, etc that I know of. info.plist, the Frameworks, Main Executable and App are all signed. The Main Executable includes entitlements with the sandbox entitlements. On startup, we crash in the usual Sandbox place: 0 libsystem_secinit.dylib 0x7ff811fcc2a5 _libsecinit_appsandbox.cold.9 + 49 1 libsystem_secinit.dylib 0x7ff811fcb636 _libsecinit_appsandbox + 1749 2 libsystem_trace.dylib 0x7ff8044029e9 _os_activity_initiate_impl + 50 3 libsystem_secinit.dylib 0x7ff811fcaf20 _libsecinit_initializer + 67 4 libSystem.B.dylib 0x7ff811fe08a1 libSystem_initializer + 292 5 dyld 0x20905939f invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const::$_0::operator()() const + 185 (Even though I'm not signing the bash startup script, which invokes the main executable, it's still getting signed and has entitlements. And I'm not using --deep. I've tried setting com.apple.security.inherit - that didn't work. I've tried explicitly signing the bash startup script - that didn't work. It fails not matter how I start the app - by clicking on it, command line, just launching the main executable via the command line, and of course using LLDB. Any ideas? Crash report enclosed. ProgUhost-2024-02-17-171425.ips
Posted Last updated
.
Post marked as solved
1 Replies
240 Views
Since the macOS 14.2 update, services installed with SMAppService are required to be sandboxed when the main app is sandboxed as well (113037504). I had developed a daemon to communicate with the pmset interface, as that requires root privileges to make changes. Since the macOS 14.2 this daemon executable has to be sandboxed as well if I want my main app to be sandboxed. When sandboxing the daemon, it requires a temporary exception entitlement as the pmset command writes to one of the following two preference located in /Library/Preferences/: com.apple.PowerManagement.plist com.apple.PowerManagement.{UUID}.plist The specific command I use writes to the latter, which includes some specific UUID, that is specific to that device. When I use the: com.apple.security.temporary-exception.shared-preference.read-write entitlement with com.apple.PowerManagement.0000 where 0000 is the exact UUID string as on my Mac, the daemon is able successfully use the pmset command. This results however in that on other user devices it would not work as the UUID in the preference name would be different. When I try setting it to a wildcard variation such as com.apple.PowerManagement.*, the command doesn't run anymore as this format for the exception entitlement seems to be unsupported. My question is now, is there any way to get an exception entitlement which accounts for the unique identifier or is that impossible and must I disable the sandbox altogether? (as I have to use a daemon, I am not developing for the Mac App Store and a sandbox isn't strictly necessary so it wouldn't break my app. Its more I would prefer to use sandboxing if possible) Thanks in advance! For reference, this is the error I get when the entitlement is set incorrectly or not set: rejecting write of key(s) AC Power in { com.apple.PowerManagement.0000, kCFPreferencesAnyUser, kCFPreferencesCurrentHost, /Library/Preferences/com.apple.PowerManagement.0000.plist, managed: 0 } from process 15694 (pmset) because setting preferences outside an application's container requires user-preference-write or file-write-data sandbox access
Posted
by sake_s.
Last updated
.
Post not yet marked as solved
1 Replies
301 Views
I'm trying to build a developer tools app that can run in the app sandbox and execute commands related to working with DSYM files. The app sandbox is a requirement for publishing it to the App Store. I come from the world of iOS so everything is a sandbox to me and this is new territory. To execute my commands I'm using the Process type to invoke command line. func execute() throws -> CommandResult { let task = Process() let standardOutput = Pipe() let standardError = Pipe() task.standardOutput = standardOutput task.standardError = standardError task.arguments = ["-c", command] task.executableURL = URL(fileURLWithPath: "/bin/zsh") task.standardInput = nil let outHandle = standardOutput.fileHandleForReading let errorHandle = standardError.fileHandleForReading try task.run() let out1 = outHandle.readDataToEndOfFile() let out2 = errorHandle.readDataToEndOfFile() // more code interpreting the pipes I'm trying to perform the following operations: mdfind to locate DSYMs https://developer.apple.com/documentation/xcode/adding-identifiable-symbol-names-to-a-crash-report#Locate-a-dSYM-using-Spotlight dwarfdump to verify UUIDs https://developer.apple.com/documentation/xcode/adding-identifiable-symbol-names-to-a-crash-report#Match-build-UUIDs atos to symbolicate with the found DYSM file https://developer.apple.com/documentation/xcode/adding-identifiable-symbol-names-to-a-crash-report#Symbolicate-the-crash-report-with-the-command-line This all works just fine when I run my Mac app without sandboxing, but as one would expect totally fails when App Sandbox is enabled--the sandbox is doing its thing. Responses like "xcrun cannot be used within an App Sandbox", or simply the output not finding anything because the scope of the process is limited to the sandbox, not where my app DSYM file is. In my readings on the documentation, where it states that I can create a command line helper tool that gets installed alongside the app sandbox app. "Add a command-line tool to a sandboxed app's Xcode project to the resulting app can run it as a helper tool." https://developer.apple.com/documentation/security/app_sandbox Is this the right path to take? Or is there a way to still achieve access to xcrun by asking the user to grant access to other parts of the system via dialogue prompts? I have followed this guide but don't know where to go from here: https://developer.apple.com/documentation/xcode/embedding-a-helper-tool-in-a-sandboxed-app It leaves off at print("Hello World") and no instructions on how to have your app communicate with the helper from what I could find ... :). I know, generally speaking, of XPC services and that I have the ability to make them on macOS, unlike iOS (wait maybe 17.4 allows it? https://developer.apple.com/documentation/xpc anyways). Would creating an XPC helper be allowed to execute commands against xcrun or have access to the ~/Library/Developer/Xcode path to find the debug symbols for the purposes of symbolicating a crash report? I really want to be able to ship my app on the App Store and enable developers to use the tool super easy, but I'm not sure if the App Sandbox will prevent me from achieving what I'm trying to do or not. Any tips, pointers, samples, guidance is much appreciated!
Posted
by edorphy.
Last updated
.
Post not yet marked as solved
0 Replies
159 Views
I’ve talked about this a bunch of times here on DevForums but, reviewing those posts today, I realised that they’re quite fragmented. This post is my attempt to create a single post that collects together all the bits. If you have questions or comments, please put them in a new thread. Tag it with App Sandbox so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Running Developer Tools from a Sandboxed App If you attempt to run a developer tool, like otool, from a sandboxed app, it fails with an error like this: xcrun: error: cannot be used within an App Sandbox. In this case I was trying to run /usr/bin/otool directly, so how did xcrun come into it? Well, the developer tools that come pre-installed on macOS, like otool, are actually trampolines that use xcrun to bounce to the the real tools within Xcode. Specifically, xcrun defaults to the tools within the currently selected Xcode or Command Line Tools package. So, if you have Xcode installed in the usual place and are using it for your currently selected tools, the actual sequence is /usr/bin/otool, which runs xcrun, which runs /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/otool. The user can change the currently selected tools with xcode-select. You can get around this problem by running otool from within Xcode. This skips the first two steps, allowing the tool to run. However, there are some serious problems here. The first is that there’s no guarantee that the user has Xcode installed, or that they want to use that specific Xcode. They might have the Command Line Tools package installed. Or they might prefer to store Xcode somewhere outside of the Applications directory. You can get around this by running xcode-select with the --print-path argument: % xcode-select --print-path /Applications/Xcode.app/Contents/Developer However, that results in two more problems: xcode-select prints the root of the Developer directory. The location of, say, otool within that directory isn’t considered API. As a sandboxed app, you might not have access to the path returned. That second point deserves a deeper explanation. To understand this, you’ll need to understand the difference between your static and dynamic sandbox. I talk about this in On File System Permissions. Running otool from /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/otool works because /Applications is in the sandbox’s built-in allowlist. This is part of your static sandbox, so you can run executables from there. But what happens if the user’s selected Xcode is in a different directory? (Personally, I keep numerous copies of Xcode in ~/XcodeZone.) That might not be part of your static sandbox so, by default, you won’t be able to run tools from it. For normal files you can dynamically extend your sandbox to allow this, for example, by presenting a standard open panel. However, this doesn’t work for executable access. There is currently no way to get a dynamic sandbox extension that grants executable access. On File System Permissions has a link to a post that explains this in detail. Finally, there’s a big picture concern: Does the tool actually work when run in a sandbox? Remember, when a sandboxed app runs a command-line tool like this, the tool inherits the app’s sandbox. For more about the mechanics of that, see the documentation linked to by On File System Permissions. For a simple tool, like otool, you can reasonably assume that the tool will work in a sandbox. Well, you have to make sure that any path arguments you pass in point to locations that the sandbox allows access to, but that’ll usually do the trick. OTOH, a complex tool, like say the Swift compiler, might do things that don’t work in the sandbox. Moreover, it’s possible that this behaviour might change over time. The tool might work in a sandbox today but, sometime in the future, an updated tool might not. So what should you do? The only approach I’m prepared to actively recommend is to not sandbox your app. That avoids all of the issues discussed above. If you must sandbox your app then I see two paths forward. The first is to just live with the limitations discussed above. Specifically: You can only use a tool that’s within your static sandbox. For complex tools, you run the risk of the tool not working in the future. The alternative is to embed the tool within your app. This is only feasible if the tool is open source with a licence that’s compatible with your plans. That way you can build your own copy of the tool from the source. Of course this has its own drawbacks: It increases the size of your app. You can only run that version of the tool, which might not be the version that the user wants.
Posted
by eskimo.
Last updated
.
Post not yet marked as solved
0 Replies
239 Views
I have successfully created the Intents UI Extension file for the wallet, obtained the requisite certificate, and adhered to the MeaWallet guidelines. Additionally, I have generated a sandbox login ID and successfully logged into the simulator using the sandbox login ID. In an attempt to integrate the Intents UI Extension file into an existing project, I followed these steps: Debug -> Attach to Process by PID or Name. Subsequently, I conducted a search for the Intents UI Extension file name, selected the appropriate file, and clicked the attach button. However, Xcode is currently displaying 'waiting for attachment.' Despite these efforts, I encountered an issue where the wallet extension controller is unable to access the application when attempting to run it.
Posted
by Theju.
Last updated
.
Post not yet marked as solved
6 Replies
508 Views
According to https://developer.apple.com/documentation/security/app_sandbox/discovering_and_diagnosing_app_sandbox_violations it is possible to view detailed violation reports for non-system services. Is it possible to do something similar for system services? I have encountered an issue where several (all?) of my Macbooks get into a sandbox violation situation (I assume). Below is in excerpt from logs focusing just on the sandbox violation. The errors are surrounded by XPC failures and errors. error 23:23:21.382263+0100 kernel Sandbox: Family(1316) deny(1) mach-lookup com.apple.contactsd.persistence error 23:23:24.385962+0100 kernel Sandbox: Family(1316) deny(1) mach-lookup com.apple.contactsd.persistence error 23:23:27.389910+0100 kernel Sandbox: Family(1316) deny(1) mach-lookup com.apple.contactsd.persistence error 23:23:36.408940+0100 kernel Sandbox: Family(1316) deny(1) mach-lookup com.apple.contactsd.persistence error 23:23:45.419593+0100 kernel Sandbox: Family(1316) deny(1) mach-lookup com.apple.contactsd.persistence error 23:23:54.432109+0100 kernel Sandbox: Family(1316) deny(1) mach-lookup com.apple.contactsd.persistence The above is just an except, and it seems that Family, imagent and searchpartyuseragent are trying to access com.apple.contactsd.persistance once per second or so and failing (there are also some attempts to reach com.apple.timed.xpc, but an insignificant amount in comparison to com.apple.contactsd.persistance). This in turn causes Diagnostics Reporter to start, and then end hastily almost every ten seconds. fault 23:23:05.903908+0100 Diagnostics Reporter Invalid launch. fault 23:23:16.038017+0100 Diagnostics Reporter Invalid launch. fault 23:23:26.136348+0100 Diagnostics Reporter Invalid launch. fault 23:23:36.274543+0100 Diagnostics Reporter Invalid launch. fault 23:23:46.414546+0100 Diagnostics Reporter Invalid launch. I have no idea how I did this, but I seemed to have messed up sandbox access rights to contacts for some system services?
Posted Last updated
.