Post

Replies

Boosts

Views

Activity

sandbox-exec file-write behaves unexpectedly
hiI have a rules file like this(version 1) (deny default) ... (allow file-write* (regex "/Users/thomas/Desktop"))When I use it on app A, it works fine (the app can write to the desktop) but when use it on app B, it doesn't work (the app cannot save a file to the desktop). So I made a test app (app C), a simple cocoa app that just writes a dummy string to a file, and it still doesn't work. If I replace (allow file-write* (regex "/Users/thomas/Desktop")) with (allow file-write*) it works on app B and C too, so I know that's the only thing that's wrong.So I really don't understand what's going on. How can it work for app A but not for B or C? Especially given that:allowing all file-writes works (so I know the regex is the culprit, even though it works for app A (I tested that the app A can save to Desktop but not to other locations)app C is minimal and is not a "blackbox"I tried tons of different variations: literal instead of regex, "^/Users/thomas/Desktop", "^/Users/thomas/Desktop/" , "^/Users/thomas/Desktop/*", ...apps A, B and C are not sandboxed apps if I run them normally (I can check this in the activity monitor)Thanks in advance for your help!
5
0
2.2k
Oct ’19