Hi,
I'm writing a sandboxed Daemon that I register from my sandboxed application via SMAppService.
The registration is successful, and the daemon is called based on logs.
However when I'm trying to save a keychain item into the keychain, I see entries like this in the logs:
(Security) SecItemAdd
[com.apple.securityd:atomicfile] create /Library/Keychains/System.keychain.sb-1c133873-RPL9wo: Operation not permitted
[com.apple.securityd:security_exception] UNIX error exception: 1
[com.apple.securityd:security_exception] CSSM Exception: 100001 UNIX[Operation not permitted]
[com.apple.securityd:security_exception] CSSM Exception: 100001 UNIX[Operation not permitted]
I'm attempting to create the item with the regular SecItemAdd function call:
var query: [String: Any] = [
kSecClass as String: kSecClassGenericPassword,
kSecAttrLabel as String: "[redacted string]",
kSecAttrAccount as String: "[redacted string]",
kSecAttrService as String: "[redacted string]",
kSecValueData as String: secretData
]
SecItemAdd(query as CFDictionary, nil)
I'm guessing this is because the System keychain is outside of the sandbox for the daemon.
Is there a way to create items for the System Keychain from a sandboxed daemon?
Post
Replies
Boosts
Views
Activity
Hi,
we have quite a headache around wanting to transfer one of our applications to a new Apple Developer Organization.
The macOS Application is sandboxed and is bundled with a Safari Extension. The two must be in an App Group in order to share data (as per official Apple documentation).
Now this also means, according to this documentation from Apple that this App cannot be transferred, because it has made use of App Groups. If I read correctly online, even if we were to remove this entitlement from the Application, we wouldn't be able to transfer it.
Is this all there is to know? I find it rather hard to believe there isn't a workaround for this.
Is there maybe a way to transfer the Application and the Safari Extension to the new organization at once, together? I don't mind moving the App Group as well.
Can a technical support incident be requested for this type of issue? I'm happy to talk this through with someone from Apple if there is a one-by-one basis (maybe a manual transfer with help from Apple) way to solve this.
Why this is a problem, you might ask. First and largest problem is the continuous service for our existing subscribers to the premium version of our application. If we can't move the app, we need to recreate it in the new organization with a new bundle id, new subscription items, everything.
I haven't found a straightforward way to move these subscriptions over to another app. I thought about creating an Introductory/Promotional offer, only shown to users with subscriptions in old app. But the length of their subscriptions vary, and offers have a fixed with.
Is there anything else I haven't looked at?
Thanks in advance!