Finder Sync Extension does not allow for sandboxed access

Hi there,

Introduction

I have been working on a Finder Sync extension and I would now like to use it to access a file the user has selected. This has been causing me significant issues (and I believe that a lot of other developers have also experienced similar issues with the extension).

Because I plan to release my app on the App Store, I need both the main app and the finder sync app to be sandboxed

Some example code describing the issue

When the user executes the custom finder action in the context menu, I use the following code to extract and access the selected files:

guard let target = FIFinderSyncController.default().selectedItemURLs() else {
    NSLog("Failed to obtain targeted URLs: %@")
    return
}
     
do {
    //Read content of the first selected file (example)
    let text = try String(contentsOf: target[0], encoding: .utf8)
}catch {
    print("Some error occurred: \(error)")
}

The problem

Though these files should have a sandbox exception (because they are selected by the user), they do not and I get the following error because I seemingly do not have the permission (even though I should have):

Error Domain=NSCocoaErrorDomain Code=257 "The file “myfile.txt” couldn’t be opened because you don’t have permission to view it."

I know from my thorough research (refer to links) that a lot of other people working with Finder Sync extensions have had this problem in the past and that Apple has not provided an official way to fix this.

So essentially I am asking if Apple is planning to fix this bug in the near future or, if not, whether there is a workaround for this problem (while still passing the App Store review) and while keeping the main functionality of a context-menu like Finder Sync Extension.

Useful links

My previous question concerning the transfer of URLs given in the Finder Sync Extension

I already asked a similar question on how to share some file URLs between my Finder Sync Extension and the Main App, to which I received a presumably working answer, which would work if this problem didn't exist. The solution to passing this access between extension and main app is to create a security scoped bookmark. This is not possible as long as I can't even access the files in the context of the extension itself.

Here is the link to this aforementioned question I posted last month: Accessing a file in a sandboxed main app, which was selected in a Finder Sync Extension

Some people with the same issue (dating back as far as 2016

Someone on the Apple Developer Forum had a similar issue and the respondent suggested a multitude of hacky fixes: Swift file reading permission error on macOS sandbox

Here is someone on StackOverflow from someone who had the exact same issue. Multiple people mentioned there that this was a bug in the operating system and have filed multiple bug reports, which were all unanswered by Apple:

Read and Write access for FinderSync extension in a sandboxed environment

FinderSync Extension runtime error: The file couldn’t be opened because you don’t have permission to view it

Post not yet marked as solved Up vote post of Elia314 Down vote post of Elia314
1.8k views
Posted by
Elia314
Reply
Add a Comment

Replies

So, just to be sure, selectedItemURLs() is returning a value, it’s just that you can’t read the file at that location. Right?

Honestly, I don’t know enough about Finder Sync extensions to tell you whether that should work, but if were to work that property would be returning you a security-scoped URL. To access the contents of such a URL, you’d need to do the {start,stop}AccessingSecurityScopedResource() dance. Have you tried that?

The solution to passing this access between extension and main app is to create a security scoped bookmark.

Not quite. A security-scoped bookmark is meant to allow your process to persist access to a URL. If you want to pass a security-scope URL between processes, just use a normal bookmark [1].

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] And, yes, this is incredibly badly documented right now (r. 11011168)-:

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • Hey, thanks for your answer. Yes, selectedItemURLs() is returning a value. The whole startAccessingSecurityScopedResource() workflow does not work, because the operating system thinks that the provided urls are not selected by the user selected (and therefore not available to the sandbox). I am pretty sure that this is an issue of the operating system not recognising that these files are indeed user selected and should therefore be accessible to the extension.

    Elia314
Add a Comment

Hey, thanks for your answer. Yes, selectedItemURLs() is returning a value. The whole startAccessingSecurityScopedResource() workflow does not work, because the operating system thinks that the provided urls are not selected by the user selected (and therefore not available to the sandbox). I am pretty sure that this is an issue of the operating system not recognising that these files are indeed user selected and should therefore be accessible to the extension. 

Posted by
Elia314
Up vote reply of Elia314 Down vote reply of Elia314
Add a Comment

The whole startAccessingSecurityScopedResource() workflow does not work

OK.

In that case my advice is that you open a DTS tech support incident and one of us can look at this in detail.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

@Elia314 Did you get this working? Feel free to shoot me an email at "sij" + "itsma" at gmail. I worked through all this and got it working.

Posted by
csytsma
Up vote reply of csytsma Down vote reply of csytsma
Add a Comment

Same problem here, any update?

Posted by
itengfei
Up vote reply of itengfei Down vote reply of itengfei
Add a Comment