Post

Replies

Boosts

Views

Activity

Running a third-party executable in the sandbox: App-embeded binary trys to do something not permitted in the sandbox..
Hi, I am now facing difficulties in sandboxing my app to distribute it at the App Store. My app contains a binary executable that is distributed by a third party. The executable was codesigned with a file for entitlements that contains exactly two App Sandbox entitlement keys: com.apple.security.app-sandbox, and com.apple.security.inherit, and associated values are 'YES.' The main app has four Keys: App Sandbox, com.apple.security.files.user-selected.read-write, com.apple.security.network.client, com.apple.security.network.server, and associated values are 'YES'. To prevent injection of 'com.apple.security.get-task-allow' entitlement, 'Code Signing inject Base Entitlements' in the Signing pane of the Build Settings tab was set to 'NO'. NSTask Launching of the binary with the NSHomeDirectory() as a current directory seems successful, but the binary returns a message to the standard error: 'Error: mdbenvopen: Operation not permitted' and the standard output says that files were not created. The addition of an entitlement key 'com.apple.security.temporary-exception.files.absolute-path.read-write' with an associated array containing a string '/' did not work, hinting that the error is not from writing or reading of files but possibly from executing something. Are those entitlement settings correct? Is it possible to find the offending action of the executable that is not permitted and to configure the sandbox to allow that action? I would appreciate any hints or comments.
4
0
1.1k
Nov ’20