HiI'm having a problem where my apps are failing Archive validation for the app store with the message "App sandbox not enabled. The folowing executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements propertly list". It seems to suggest that my app is not sandboxed correctly. However, I've made no changes to its sandboxing since the last release and as far as I understand it, it's correctly sandboxed. By which I mean:• I have an appropriate .entitlements file• The entitlements file contains "App Sandbox" set to YES• App Sandbox is turned on under the target's "Capabilities"I thought it might be certificate related so I followed the instructions here (including the first of the "known Issues") but still no luck.Does anyone have any suggestions? I'm out of ideas!Thanks in advanceRob

I've got an app that is sandboxed, and it requires a privileged helper. I've worked through the EBAS sample app with various updates to conform with current systems. After a lot of work, I've got to a point where I'm stumped. The Python script SMJobBlessUtil.py returns this error, and I don't know what to do to correct it: <path to helper tool>: tool __TEXT / __info_plist section dump malformed (2) I've gone over the various settings numerous times. It doesn't fail for the EBAS sample, but does for my app. Looking at the binary, the __info_plist sections look identical apart from identifiers. This is what mine looks like (identifiers deleted): <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CFBundleIdentifier</key> <string>***</string> <key>CFBundleInfoDictionaryVersion</key> <string>6.0</string> <key>CFBundleName</key> <string>***</string> <key>CFBundleVersion</key> <string>1.0</string> <key>SMAuthorizedClients</key> <array> <string>anchor apple generic and identifier "***" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "***")</string> </array> </dict> </plist> I must be missing something, but I've run out of ideas on where to find it. Anybody got a pointer?

General: DevForums tag: App Sandbox App Sandbox documentation App Sandbox Design Guide documentation — This is no longer available from Apple. There’s still some info in there that isn’t covered by the current docs but, with the latest updates, it’s pretty minimal (r. 110052019). Still, if you’re curious, you can consult an old copy [1]. App Sandbox Temporary Exception Entitlements archived documentation — To better understand the role of temporary exception entitlements, see this post. Embedding a Command-Line Tool in a Sandboxed App documentation Discovering and diagnosing App Sandbox violations (replaces the Viewing Sandbox Violation Reports DevForums post) Resolving App Sandbox Inheritance Problems DevForums post Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" [1] For example, this one archived by the Wayback Machine.

I am trying to develop an App in Swift Playgrounds that will use the SwiftMQTT package. SwiftMQTT needs to open an outgoing network connection to connect the app to an MQTT server. To integrate the package, I wrote a basic manager class as an observable object. When I try to make a connection with this manager, Swift Playgrounds appears to block the connection. Searching around, I found that this was likely due to sandboxing but couldn't figure out how to fix it in Swift Playgrounds. To test this idea, I moved my manager class over to XTools and created a test app to make the connection. Initially, I got the same error. However, XTools let me make the needed sandbox setting on the Signing & Capabilities page of the app. Click/checkmarking "Outgoing Connections (Client)" under Network solved my problem there. I would still like to do this in Playgrounds but can't for the life of me figure out how to open up the sandbox. Can anybody point me there (or wave me off if this is currently impossible).

Hi there, Introduction I have been working on a Finder Sync extension and I would now like to use it to access a file the user has selected. This has been causing me significant issues (and I believe that a lot of other developers have also experienced similar issues with the extension). Because I plan to release my app on the App Store, I need both the main app and the finder sync app to be sandboxed Some example code describing the issue When the user executes the custom finder action in the context menu, I use the following code to extract and access the selected files: guard let target = FIFinderSyncController.default().selectedItemURLs() else { NSLog("Failed to obtain targeted URLs: %@") return }       do { //Read content of the first selected file (example) let text = try String(contentsOf: target[0], encoding: .utf8) }catch {     print("Some error occurred: \(error)") } The problem Though these files should have a sandbox exception (because they are selected by the user), they do not and I get the following error because I seemingly do not have the permission (even though I should have): Error Domain=NSCocoaErrorDomain Code=257 "The file “myfile.txt” couldn’t be opened because you don’t have permission to view it." I know from my thorough research (refer to links) that a lot of other people working with Finder Sync extensions have had this problem in the past and that Apple has not provided an official way to fix this. So essentially I am asking if Apple is planning to fix this bug in the near future or, if not, whether there is a workaround for this problem (while still passing the App Store review) and while keeping the main functionality of a context-menu like Finder Sync Extension. Useful links My previous question concerning the transfer of URLs given in the Finder Sync Extension I already asked a similar question on how to share some file URLs between my Finder Sync Extension and the Main App, to which I received a presumably working answer, which would work if this problem didn't exist. The solution to passing this access between extension and main app is to create a security scoped bookmark. This is not possible as long as I can't even access the files in the context of the extension itself. Here is the link to this aforementioned question I posted last month: Accessing a file in a sandboxed main app, which was selected in a Finder Sync Extension Some people with the same issue (dating back as far as 2016 Someone on the Apple Developer Forum had a similar issue and the respondent suggested a multitude of hacky fixes: Swift file reading permission error on macOS sandbox Here is someone on StackOverflow from someone who had the exact same issue. Multiple people mentioned there that this was a bug in the operating system and have filed multiple bug reports, which were all unanswered by Apple: Read and Write access for FinderSync extension in a sandboxed environment FinderSync Extension runtime error: The file couldn’t be opened because you don’t have permission to view it

Hi there, The Setup/My Goal I have a very standard Finder Sync Extension, which extends the context menu of the finder. I also have a main application which uses the KeyboardShortcuts Package (Keyboard Shortcuts - Github) to record and save a user defined shortcut. This shortcut should execute the menu item of the Finder Sync Extension (therefore getting the selected files and processing them in some way) when used. Currently I am using inter-process communication to send an event to the extension when the shortcut is executed by the user. You can find the Swift Class responsible for the communication between Finder Sync Extension and the Main App as an Attachment here: ProcessCommunicator.swift (although the communication works and this is more an issue of the finder sync extension behaviour than one of inter-process communication). When the Finder Sync Extension receives the event, it executes the same function which is called when the user clicks the menu item like so (this event is registered in the initialisation function of the Finder Sync Extension): processCommunicator = ProcessCommunicatorReceiver(appGroupIdentifier: "group.some.bundle.id.port") processCommunicator?.on(id: 1, event: { _ in self.executeSomeAction(nil) return nil }) The same action is called when the user clicks the menu item: override func menu(for menuKind: FIMenuKind) -> NSMenu { let menu = NSMenu() if menuKind == FIMenuKind.contextualMenuForItems || menuKind == FIMenuKind.toolbarItemMenu { menu.addItem(withTitle: text, action: #selector(executeSomeAction), keyEquivalent: "T") } return menu } The function executeSomeAction would look something like this @IBAction func transfer(_ sender: AnyObject?) { guard let target = finderSyncController.selectedItemURLs() else { NSLog("Failed to obtain targeted URLs: %@") return } // Process the selected items (target) The Problem When the function executeSomeAction is called from the process-communicator-event (sent by the main app), the selectedItemURLs is nil and therefore the function returns without doing anything. If the function executeSomeAction is called by the menu item click event, the selectedItemURLs is an array of paths as expected. Is there some restriction which prevents access to the user selected, when it’s not strictly clicked by the user or am I missing something here? Other possible Solutions to my Issue This whole inter-process communication is only needed because I need the shortcut event to be sent to the extension. I have noticed that in the initialisier of the menu item there is a keyEquivalent (-> shortcut) menu.addItem(withTitle: text, action: #selector(executeSomeAction), /* HERE -->*/ keyEquivalent: "T") This shortcut seems to be ignored by the system, as it neither appears next to the menu item, nor is functional. I am assuming that this is intended but if there is any way to make this work with the inbuilt system shortcut, instead of the communication-hack I am using currently, I would prefer to use this solution. Summary As said before, the selectedItemURLs is only defined if it is called from the menu item event, which eliminates the ability to do some custom processing with the selected files (in my case called by an event sent by another process)

Is there any way to read/write preferences for a Mac app group using the defaults command? I'm talking about the stuff you would programmatically manipulate using [NSUserDefaults initWithSuiteName:], and that is stored on disk in ~/Library/Group Containers. If I just say defaults read <suite name>, it tells me the the domain does not exist.

I want to troubleshoot entitlements to icloud drive. An app downloaded on the macOS app store has no entitlements related to icloud. Its entitlements look like this (removing the irrelevant ones): [Key] com.apple.developer.maps [Value] [Bool] true [Key] com.apple.security.app-sandbox [Value] [Bool] true [Key] com.apple.security.files.user-selected.read-write [Value] [Bool] true [Key] com.apple.security.network.client [Value] [Bool] true [Key] com.apple.security.network.server [Value] [Bool] true [Key] com.apple.security.personal-information.addressbook [Value] [Bool] true [Key] com.apple.security.personal-information.calendars [Value] [Bool] true [Key] com.apple.security.personal-information.location [Value] [Bool] true I have not manually given it access to the icloud drive. This app does not appear in the list of app appearing in Settings / iCloud Drive / options. And yet, this app is able to create its directory inside iCloud drive. My understanding is that it should not have access to iCloud drive without a specific entitlement. Is my understanding off, or is this is security bug?

My goal is to implement a moving background in a virtual camera, implemented as a Camera Extension, on macOS 13 and later. The moving background is available to the extension as a H.264 file in its bundle. I thought i could create an AVAsset from the movie's URL, make an AVPlayerItem from the asset, attach an AVQueuePlayer to the item, then attach an AVPlayerLooper to the queue player. I make an AVPlayerVideoOutput and add it to each of the looper's items, and set a delegate on the video output. This works in a normal app, which I use as a convenient environment to debug my extension code. In my camera video rendering loop, I check self.videoOutput.hasNewPixelBuffer , it returns true at regular intervals, I can fetch video frames with the video output's copyPixelBuffer and composite those frames with the camera frames. However, it doesn't work in an extension - hasNewPixelBuffer is never true. The looping player returns 'failed', with an error which simply says "the operation could not be completed". I've tried simplifying things by removing the AVPlayerLooper and using an AVPlayer instead of an AVQueuePlayer, so the movie would only play once through. But still, I never get any frames in the extension. Could this be a sandbox thing, because an AVPlayer usually renders to a user interface, and camera extensions don't have UIs? My fallback solution is to use an AVAssetImageGenerator which I attempt to drive by firing off a Task for each frame each time I want to render one, I ask for another frame to keep the pipeline full. Unfortunately the Tasks don't finish in the same order they are started so I have to build frame-reordering logic into the frame buffer (something which a player would fix for me). I'm also not sure whether the AVAssetImageGenerator is taking advantage of any hardware acceleration, and it seems inefficient because each Task is for one frame only, and cannot maintain any state from previous frames. Perhaps there's a much simpler way to do this and I'm just missing it? Anyone?

My app has the App Sandbox enabled and the File Access to Downloads folder is set to Read / Write in XCode. Upon clicking on a button the app should open the Finder displaying the Downloads folder. The following code snippet is used to launch the Finder if let inspirationsDirectory = FileManager.default.urls(for: .downloadsDirectory, in: .userDomainMask).first{ NSWorkspace.shared.open(inspirationsDirectory) } On my MacOS it works well. After releasing the app to the AppStore and installing it on another Mac the following message is received upon clicking the button: The application does not have permission to open "Downloads" Which would be the solution to launch the Finder successfully ? Is it possible to launch the Finder showing the Downloads folder sorted by the Date Added column descending ?

When we try to run our code that uses the containerURLForSecurityApplicationGroupIdentifier function, the returned value is null if the program was run with root privileges. (when we run the code like a normal user, it is works as expected) The following code was run: NSFileManager* fileManager = [NSFileManager defaultManager]; if(!fileManager) { return “”; } NSURL* containerURL = [fileManager containerURLForSecurityApplicationGroupIdentifier:[NSString stringWithUTF8String:group_name]]; if(!containerURL) { return “”; } -> we will receive the right containerURL: /Users/{user}/Library/Group Containers/{group_name} If the same code will be run with root/admin privileges the containerURL will be NULL. With an older version of MacOS the output result was the following: normal user: /Users/{user}/Library/Group Containers/{group_name} root user : /private/var/root/Library/Group Containers/{group_name}

I have been having some issues saving URLs. I want to be able to save a list of URLs with their bookmark data so that the app can still access some folders after reboot. The folders are on the desktop. I have read and write access to the disk, as was set in the app sandbox settings (User Selected File). It works for as long as the app is open but as soon as I restart it the URLs seem to go invalid, or at least it says that I don't have permission to access the folder that is selected. I then have to clear the urls and re-select them. You can ignore the blacklist thing as I am not using it in the tests I am running. You can also ignore the sources_list and dest_list they are for the GUI. Here is how the user selects the file: func inputBrowseClicked(source_or_dest: String) { let inputPanel = NSOpenPanel() if source_or_dest == "blacklist" { inputPanel.canChooseFiles = true inputPanel.canChooseDirectories = false } else { inputPanel.canChooseFiles = false inputPanel.canChooseDirectories = true } let userChoice = inputPanel.runModal() switch userChoice{ case .OK : if let inputFileChosen = inputPanel.url { do { // Start accessing a security-scoped resource. _ = inputFileChosen.startAccessingSecurityScopedResource() let bookmarkData = try inputFileChosen.bookmarkData(options: .withSecurityScope, includingResourceValuesForKeys: nil, relativeTo: nil) if source_or_dest == "blacklist" { add_blacklist_file(file: inputFileChosen) } else { add_sources_or_dests_url(url_to_add: bookmarkData, sources_or_dests: source_or_dest) } inputFileChosen.stopAccessingSecurityScopedResource() sources_list = get_sources_or_dests_urls(sources_or_dests: "source") dest_list = get_sources_or_dests_urls(sources_or_dests: "dest") } catch (let error) { print(error) return } return } case .cancel : return default: return } return } Here is the function that adds one URL to the list: func add_sources_or_dests_url(url_to_add: Data, sources_or_dests: String) { // load currently stored list if var source_dest_urls = userDefaults.array(forKey: "saved_"+sources_or_dests) as? [Data] { // is the url already in the list if !(source_dest_urls.contains(url_to_add)){ source_dest_urls.append(url_to_add) userDefaults.set(source_dest_urls, forKey: "saved_"+sources_or_dests) userDefaults.set(source_dest_urls.count,forKey: sources_or_dests+"_index") } } else { userDefaults.set([url_to_add], forKey: "saved_"+sources_or_dests) userDefaults.set(0,forKey: sources_or_dests+"_index") } } Here is the function of reading the URLs which I use every time I want to access them which is why I don't understand how it can work until I restart the app. func get_sources_or_dests_urls(sources_or_dests: String) -> [URL] { // load currently stored list var source_dest_urls: [URL] = [] if let source_dest_urls_data = userDefaults.array(forKey: "saved_"+sources_or_dests) as? [Data] { for bookmarkData in source_dest_urls_data { do { var isStale = false let url = try URL(resolvingBookmarkData: bookmarkData, options: [.withSecurityScope], bookmarkDataIsStale: &isStale) guard !isStale else { print("Stale URL: "+sources_or_dests) return source_dest_urls } source_dest_urls.append(url) } catch (let error) { print(error) print(sources_or_dests) } } return source_dest_urls } else { return [] } } The funny thing is that when I call the (folder_url).startAccessingSecurityScopedResouce it returns True Here is an example of the error: file:///Users/georgeturner/Desktop/Sorted_test/DJI_0274.JPG 2023-06-25 15:20:15.198258+0100 Camera Import[74663:1326092] open on /Users/georgeturner/Desktop/16-07-2022/DJI_0274.JPG: Operation not permitted Error Domain=NSCocoaErrorDomain Code=513 "“DJI_0274.JPG” couldn’t be copied because you don’t have permission to access “Sorted_test”." UserInfo={NSSourceFilePathErrorKey=/Users/georgeturner/Desktop/16-07-2022/DJI_0274.JPG, NSUserStringVariant=( Copy ), NSDestinationFilePath=/Users/georgeturner/Desktop/Sorted_test/DJI_0274.JPG, NSFilePath=/Users/georgeturner/Desktop/16-07-2022/DJI_0274.JPG, NSUnderlyingError=0x600002641170 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}

I have a Flutter app that should be sandboxed for Appstore and this app should run a binary that I build with make. I sign that binary with Developer ID certificate: codesign -v -f --options=runtime --entitlements "./macos/Runner/binary_sandboxed.entitlements" --sign "Developer ID Application: ..." ./path/to/binary here is binary_sandboxed.entitlements: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.inherit</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>$(TEAM_ID).$(PRODUCT_BUNDLE_IDENTIFIER)</string> </array> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.network.server</key> <true/> <key>com.apple.security.network.client</key> <true/> </dict> </plist> and the main app runned with entitlements: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.inherit</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>Q7Q43CUMWT.$(PRODUCT_BUNDLE_IDENTIFIER)</string> </array> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.network.server</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>keychain-access-groups</key> <array> <string>$(AppIdentifierPrefix)$(PRODUCT_BUNDLE_IDENTIFIER)</string> </array> </dict> </plist> When I run app I get an error ProcessException: Operation not permitted In console log I see this message: denied since it was quarantined by Main app and created without user consent, qtn-flags was 0x00000086 if delete quarantine flag binary in Containers xattr -d com.apple.quarantine /Users/appuser/Library/Containers/com.bin/Data/Library/Application Support/com.bin/binary I got an error when run binary zsh: illegal hardware instruction failed: Unable to get bundle identifier because code signature information has no Info.Plist. What did I do wrong? And what should I do?

I have an application running in the sandbox which launches an application bundle using NSTask. The main app entitlements enable sandbox add the User Selected File Read/Write permission. <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> </dict> The child app entitlements enable sandbox and inherit. <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.inherit</key> <true/> </dict> When invoke NSSavePanel *savePanel = [NSSavePanel savePanel] in the child process, system will throw the error.The error message prompt that missing the User Selected File Read/Write permission. However, I have already added this permission in the main app, and I have set up the inherit in the child-process as well. The child process cannot add the User Selected File Read/Write permission again because it add sandbox and inherit in entitlements by the doc EnablingAppSandbox . It appears that the system is not inheriting this permission for the child process. panel[60195:2499353] [OpenSavePanels] Unable to display save panel: your app is missing the User Selected File Read/Write app sandbox entitlement. Please ensure that your app's target capabilities include the proper entitlements. And the error stack. [miscellany] CLIENT ERROR: remote view delegate NSSavePanel lacks method which can react to the details of Error Domain=com.apple.ViewBridge Code=14 "(null)" UserInfo={com.apple.ViewBridge.error.hint=-[NSViewServiceMarshal bootstrap:withReply:] caught NSInternalInconsistencyException '+[NSOpenAndSavePanelService loadViewToService:isOpenPanel:appCentric:] : failed entitlements check' with backtrace ( "0 CoreFoundation __exceptionPreprocess + 242", "1 libobjc.A.dylib objc_exception_throw + 48", "2 CoreFoundation -[NSException raise] + 9", "3 com.apple.appkit.xpc.openAndSavePan com.apple.appkit.xpc.openAndSavePan + 16852", "4 AppKit -[NSViewController _loadViewIfRequired] + 72", "5 AppKit __24-[NSViewController view]_block_invoke + 27", "6 AppKit NSPerformVisuallyAtomicChange + 132", "7 AppKit -[NSViewController view] + 123", "8 ViewBridge -[NSViewServiceMarshal _bootstrap:replyData:completion:] + 1826", "9 ViewBridge -[NSViewServiceMarshal bootstrap:withReply:] + 245", "10 CoreFoundation __invoking___ + 140", "11 CoreFoundation -[NSInvocation invoke] + 305", "12 CoreFoundation -[NSInvocation invokeWithTarget:] + 70", "13 ViewBridge -[NSVB_ViewServiceImplicitAnimationDecodingProxy forwardInvocation:] + 178", "14 CoreFoundation ___forwarding___ + 756", "15 CoreFoundation _CF_forwarding_prep_0 + 120", "16 CoreFoundation __invoking___ + 140", "17 CoreFoundation -[NSInvocation invoke] + 305", "18 CoreFoundation -[NSInvocation invokeWithTarget:] + 70", "19 ViewBridge -[NSVB_QueueingProxy forwardInvocation:] + 321", "20 CoreFoundation ___forwarding___ + 756", "21 CoreFoundation _CF_forwarding_prep_0 + 120", "22 CoreFoundation __invoking___ + 140", "23 CoreFoundation -[NSInvocation invoke] + 305", "24 CoreFoundation -[NSInvocation invokeWithTarget:] + 70", "25 CoreFoundation ___forwarding___ + 756", "26 CoreFoundation _CF_forwarding_prep_0 + 120", "27 CoreFoundation __invoking___ + 140", "28 CoreFoundation -[NSInvocation invoke] + 305", "29 ViewBridge __deferNSXPCInvocationOntoMainThread_block_invoke + 142", "30 ViewBridge __wrapBlockWithVoucher_block_invoke + 37", "31 ViewBridge kNotRunningOnAppKitCompatibleThread_block_invoke + 323", "32 CoreFoundation __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 12", "33 CoreFoundation __CFRunLoopDoBlocks + 398", "34 CoreFoundation __CFRunLoopRun + 2015", "35 CoreFoundation CFRunLoopRunSpecific + 560", "36 HIToolbox RunCurrentEventLoopInMode + 292", "37 HIToolbox ReceiveNextEventCommon + 657", "38 HIToolbox _BlockUntilNextEventMatchingListInModeWithFilter + 64", "39 AppKit _DPSNextEvent + 858", "40 AppKit -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1214", "41 ViewBridge __77-[NSViewServiceApplication vbNextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke + 111", "42 ViewBridge -[NSViewServiceApplication _withToxicEventMonitorPerform:] + 114", "43 ViewBridge -[NSViewServiceApplication vbNextEventMatchingMask:untilDate:inMode:dequeue:] + 151", "44 ViewBridge -[NSViewServiceApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 99", "45 AppKit -[NSApplication run] + 586", "46 AppKit NSApplicationMain + 817", "47 libxpc.dylib _xpc_objc_main + 867", "48 libxpc.dylib xpc_main + 96", "49 ViewBridge xpc_connection_handler + 0", "50 ViewBridge NSViewServiceMain + 1789", "51 com.apple.appkit.xpc.openAndSavePan main + 178", "52 dyld start + 1903" ), com.apple.ViewBridge.error.description=NSViewBridgeErrorServiceBootstrap}