Problems with Roland Cloud Manager

I'm the developer of a small utility for Mac called "MusicDeviceHost". https://apps.apple.com/us/app/musicdevicehost/id1261046263?mt=12

As the name suggests, it is a host application for audio units (music device components). See also "Using Sound Canvas VA with QMidi": https://youtu.be/F9C4BiBR

A problem occurs while trying to authorize the "Sound Canvas VA" component, Roland Cloud Manager (v3.0.3) returns the following error:

“Authorization Error - RM Service not connected Error Connecting to Roland Cloud Manager Service”

I guess the error is caused by some permission denied to the sandboxed application version. The NOT sandboxed version of MDH actually works flawlessly.

I am using the following entitlements: <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.network.client</key> <true/>

So connecting to the service should work, because "com.apple.security.network.client" is enabled.

At Roland, they say: "Cloud Manager isn't supported in a sandboxed environment." But as far as I can see, MainStage and other sandboxed apps works fine...

So what is the right answer? Is there someone out there with the same issue? Thanks for helping :)

Up vote post of mixage Down vote post of mixage
1.3k views
Posted by
mixage
Reply
Add a Comment

Replies

First things first, try adding com.apple.security.network.server as well as com.apple.security.network.client. Audio stuff often uses UDP, and UDP requires the server entitlements (as we note here).

If that’s not it, the next step is to check for sandbox violation report. See Discovering and diagnosing App Sandbox violations.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thank you Quinn!

I've added the server entitlement but but that wasn't enough, Roland plugins need read access to the "~/Library/Application Support/Roland Cloud" directory to check their authorization status :(

<key>com.apple.security.temporary-exception.files.home-relative-path.read-only</key> <string>/Library/Application Support/Roland Cloud/</string>

Now I hope this exception will be accepted by the review team.

Bruno

Posted by
mixage
Up vote reply of mixage Down vote reply of mixage
Add a Comment

Now I hope this exception will be accepted by the review team.

Best of luck with that.

Audio units are one area of App Sandbox that I’m not super familiar with. I do, however, want to make sure you’ve seen TN2312 Audio Unit Host Sandboxing Guide. It wasn’t written by me, hence my unfamiliarity with this topic, but it’s chock-full of interesting tidbits.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

I actually said something stupid. Enabling com.apple.security.network.server works. It involved reinstalling some things. A thousand thanks!

Posted by
mixage
Post not yet marked as solved Up vote reply of mixage Down vote reply of mixage
Add a Comment

UPDATE:

Finally, I confirm that Roland Cloud plugins NEED read access to the "~/Library/Application Support/Roland Cloud/shared" directory to check their permission status!

The fact is that the beta version contained these (XCode injected?) additional entitlements:

<key>com.apple.security.temporary-exception.files.absolute-path.read-only</key><array><string>/</string></array> <key>com.apple.security.temporary-exception.mach-lookup.global-name</key><array><string>com.apple.testmanagerd</string><string>com.apple.dt.testmanagerd.runner</string><string>com.apple.coresymbolicationd</string></array>

That is :(

Posted by
mixage
Up vote reply of mixage Down vote reply of mixage
Add a Comment