Post not yet marked as solved
I recently reset my machine to factory settings to start the year fresh and installed Xcode 15.1 on my Macbook Air M1.
I was trying to run, build, archive a project and ran into a recommended settings pop-up that I unfortunately dismissed.
Now I am not sure how to locate it or trigger it back so I can update it appropriately.
Can someone advise? Thanks in advance!
Post not yet marked as solved
Electron app builded successfully with electron forge and @electron/osx-sign. But it crash when startup and get crash log below:
Time Awake Since Boot: 320000 seconds
Time Since Wake: 9200 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000002, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Trace/BPT trap: 5
Termination Reason: Namespace SIGNAL, Code 0x5
Terminating Process: exc handler [95916]
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
if I use custom entitlements, it shows:
Time Awake Since Boot: 310000 seconds
Time Since Wake: 8600 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes: 0x0000000000000001, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Illegal instruction: 4
Termination Reason: Namespace SIGNAL, Code 0x4
Terminating Process: exc handler [93221]
Application Specific Information:
dyld: launch, running initializers
/usr/lib/libSystem.B.dylib
Could not set sandbox profile data: Operation not permitted (1)
Application Specific Signatures:
SYSCALL_SET_PROFILE
here is entitlement:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
</dict>
</plist>
inherit entitlement:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
</dict>
</plist>
what can I do to resolve it?
Is setting "Enable App Sandbox : Yes" required for distributing an app to the App Store?
I'm building my first app, a game, and can only test on my physical device with the Sandbox set to No. I can run it on the emulators with Sandboxing enabled.
I'm still using the free developer account and will be enrolling in the paid account once 2024 arrives.
Post not yet marked as solved
I'm distributing my app in zip format. But stuck in app update? My app self-detects for the latest version. If yes, then launch other non-appsandbox app that download the latest version, and then replace the old app (in the /Applications directory) with the new one. It works correctly. But once I made the Updater app a Sandbox app, it did not allow me to replace the app. Error: You don’t have permission to save the file “ESPlus” in the folder "Applications.”
Post not yet marked as solved
I’m trying to implement XPC Rendezvous like Quinn described in many awesome posts on here but I’m now at a stuck point were I just have no idea.
I want to communicate with a Safari extension via XPC and also a helper application which led me to XPC Rendezvous (https://developer.apple.com/forums/thread/715338) because a XPC Service in the Extension is scoped to the container. I then made a Command Line Target and added it like its described here (https://developer.apple.com/documentation/xcode/embedding-a-helper-tool-in-a-sandboxed-app
) and also took the xpc test code and inspiration to set up my launch agent from here (https://developer.apple.com/documentation/servicemanagement/updating_your_app_package_installer_to_use_the_new_service_management_api). This command line tool should do the management for the XPC connections because it’s not in the sandboxed container.
The tool sets up the xpc connection like in the sample code directly and not in a XPC Service added via a Target template. It exposes the Mach Service.
And that looks like its building fine after some fighting but the service just wont start - I saw it trying in console and after running it in Xcode and finally finding the crash report - it brought me there (https://developer.apple.com/forums/thread/706390)
I have Process is not in an inherited sandbox. - and thinking about it, it makes sense because I first thought its just because it ran through Xcode, but its crashing this way also as a LaunchAgent.
I mean it does make sense - there is nothing to inherit because it’s spawned by launchd - and that’s what I want isn’t it - to make the Rendezvous?
Okay I thought now removing com.apple.security.inherit brings it in its own Sandbox (its needs sandboxing) but this also crashes the process because of the sandbox. Also after adding it to the App Group. What am I missing here or what do I want to accomplish? Do I want to inherit the sandbox? I guess not the helper should have its own.
The only difference I see in comparison to SMAppServiceSampleCode is it moves the product in Copy Bundle Resources, and I have a Copy Files Phase with Destination: Executables (Like the other sample code said - and that’s looks “more correct” - and well SMAppServiceSampleCode isn’t sandboxed.
I then tried making a new Command Line Target and just added App Sandbox Capability and tried to run this fresh one - and that also crashes. This makes me think I’m just ****** somewhere but I have read now everything I could find.
I’m happy to provide any Code or crash logs but I dont know what part is really relevant here, It looks like the LaunchAgent gets installed correctly and wants to run but the sandbox is preventing me. The Bundle Identifier and XPC device name of the helper starts with my teamID
(I got that from here https://developer.apple.com/forums/thread/703702)
What could I be doing wrong?
Thanks a lot!
Benjamin
Post not yet marked as solved
I am creating a MacOS app embedding the QuickLook extension in it.
The other day, I uploaded it to App Store Connect and had it reviewed.
But it was rejected due to the following reason.
Your app incorrectly implements sandboxing, or it contains one or more entitlements with invalid values. Please review the included entitlements and sandboxing documentation and resolve this issue before resubmitting a new binary.
com.apple.security.temporary-exception.files.absolute-path.read-only /
This entitlement is also included in my app's meta data on my account page of App Sore Connect. Including it, I can find the following two entitlements related to "temporary-exception" in the meta data.
com.apple.security.temporary-exception.files.absolute-path.read-only: ( "/" )
com.apple.security.temporary-exception.mach-lookup.global-name: ( "com.apple.testmanagerd", "com.apple.dt.testmanagerd.runner", "com.apple.coresymbolicationd" )
To tell the truth, about Sandbox entitlements for QuickLook extension, what I intentionally set on the Xcode project are the next two items only. And actually I have not ever recognized that the entitlements related to "temporary-exception" above are included in my app's bundle.
com.apple.security.app-sandbox: true
com.apple.security.files.user-selected.read-only: true
I think these "temporary-expection" entitlements are essential ones for the QuickLook extension and it looks like that Xcode automatically attached them in the process of creating app's build. If they are forced to be attached by getting the QuickLook extension sandboxed, I don't know what I should do.
Although I explained my thought to the reviewer, but I could not change the situation. Is there no way to get solution besides removing the QuickLook extension from my app ?
Hi there! I am trying to publish a macOS app on App Store, thus the app must be sandboxed. The app is built with Electron and electron-builder. A tool of the app needs to run a local web server, to do so a java runtime and a .jar file are downloaded during runtime and the server is started using spawn.
In the MAS version of the app, running from TestFlight, I get EPERM error when spawn is called.
Both java's runtime and .jar are downloaded to app's container. I have tried also downloading them to outside the container (by saving them in the directories that are symlinked to outside of it) by I get the same error.
How could I solve that issue?
Post not yet marked as solved
We're doing some disaster recovery management / risk management and a point-of-failure for our app is if we lose access to our bundle id.
From my understanding, secure keychain items are scoped to your bundle ID as well as iCloud files stored under the app with 'hidden' scope.
Losing our bundle ID is a scenario we want to eliminate completely from our threat/disaster modelling.
Is this a realistic concern we should have?
Post not yet marked as solved
Context
I'm using the NSFileCoordinator & NSFilePresenter in a sandboxed application to access SQLite database files and their secondary files (e.g. WAL or journal files) as per https://developer.apple.com/documentation/foundation/nsfilepresenter/1415415-primarypresenteditemurl
E.g. something similar to this:
var presenters: [NSFilePresenter] = ["wal", "journal", "shm"].map { ext in
let presenter = SQLiteTempFilePresenter(databaseId: databaseContext.id, sqliteMainFile: url, newExt: ext)
// addFilePresenter needs to be balanced with a `removeFilePresenter`. See SQLiteTempFilePresenter#deinit
NSFileCoordinator.addFilePresenter(presenter)
return presenter
}
That way there will be a NSFilePresenter for each possible secondary SQLite file (e.g. with the main file being foo/bar/database.sqlite there will be presenter for each of the secondary files foo/bar/database.sqlite-shm and foo/bar/database.sqlite-wal)
Using NSFilePresenter to work with SQLite files within the Sandbox environment works as expected.
Desired change
I'd like to expand the usage of NSFileCoordinator to react to changes to the SQLite files that happen outside of the application.
To achieve that I added an additional NSFilePresenter for the main file (e.g. foo/bar/database.sqlite) that has a func presentedItemDidChange() method. That method does get called when I change the corresponding SQLite file (e.g. by using the sqlite3 command line tool).
So far so good. But in WAL mode (https://www.sqlite.org/wal.html), changes to the SQLite file don't immediately change the file itself but get written to the write-ahead-log first (e.g. foo/bar/database.sqlite-wal in this example). Only when the outside connection is closed, will the changes be committed to the main SQLite file itself. At which point the NSFilePresenter#presentedItemDidChange() method will be called. So I also like to be notified when the secondary files change.
Adding a presentedItemDidChange() callback method to the SQLiteTempFilePresenter instances for the secondary files does not seem to work, the method never gets called even though the corresponding secondary files change.
Questions
If I add another instance of the NSFilePresenter for each of the secondary files, the callback presentedItemDidChange() gets called for the secondary files as well. Having two different instance of the NSFilePresenter for a single URL (one for sandboxing purposes, the other for being notified of file changes) seems a bit fishy though. Is that the intended (or at least an acceptable) way of using NSFilePresenter?
The documentation for NSFilePresenter states that "If another process uses a file coordinator for the same file or directory, your presenter objects are similarly notified whenever the other process makes its changes." I do get notified though when using the sqlite3 command line tool which does not use a NSFileCoordinator. Is there any documentation that explains that behaviour? I mean it's great that it seems to work but I'd like to understand why.
Post not yet marked as solved
I've encountered an issue while working on a macOS project involving Camera extension, specifically related to NSPasteboard. I want to use NSPasteboard for sending string type data from app to Camera Extension. Strangely, the exact same code that works flawlessly with NSPasteboard in a DAL plugin doesn't seem to work when implemented in a camera extension.
To clarify, I can access the exact same pasteboard using the identical code in the DAL plugin and in an App, but when attempting the same in the camera extension, it doesn't behave as expected. Below is the code snippet I'm using in the camera extension:
let pasteboardExtension = NSPasteboard(name: NSPasteboard.Name(rawValue: "com.example.myextension"))
if let items = pasteboardExtension.readObjects(forClasses: [NSString.self], options: nil) as? [String] {
NSLog("Received items in extension: \(items)")
} else {
NSLog("No items received in extension")
}
I've thoroughly reviewed the documentation without finding a resolution. Has anyone else faced a similar discrepancy between NSPasteboard behavior in DAL plugins and camera extensions? I'm reaching out for advice, insights, or potential workarounds from the community.
If you have successfully addressed a similar issue or have any information that might shed light on this situation, your input would be greatly appreciated.
Does Camera Extension support NSPasteBoard?
Post not yet marked as solved
Hello,
I am trying to create a dmg file by launching hdiutil through my swift program.
This swift program is sandboxed.
Here is what i've done:
let hdd_file:String = NSHomeDirectory() + "hdd.dmg.sparseimage"
let process = Process()
process.launchPath = "/usr/bin/hdiutil"
process.arguments = ["create", "-size", "30g", "-fs", "'APFS'", "-volname", "myvolume", "-type", "SPARSE", hdd_file]
let pipe = Pipe()
process.standardOutput = pipe
process.launch()
let data = try pipe.fileHandleForReading.readToEnd()
print(data)
I get this error:
hdiutil: create failed - Device not configured
I don't understand why i get this error because the dmg file is created in application's sandbox home directory.
Or maybe hdiutil is forbidden but i am just creating a dmg file. I am not trying to mount a device.
Do you have any idea of how i can create a dmg file from my sandboxed application ?
Thanks
Post not yet marked as solved
Context
I have an app that uses the container for two things: store a realm database, and store a log.txt file with some debugging logs for myself.
The realm database path is set via Realm.Configuration.defaultConfiguration
The log.txt file path is set with FileManager.default.urls(for: .documentDirectory, in: .userDomainMask)[0].appendingPathComponent("log.txt")
I already have released and distributed the version 1 to a few users. Given the complexity around signing an app in Xcode, the app was released and distributed unsigned. And now I'm trying to release the version 2 signed, but here's when I'm getting this weird issue.
All unsigned apps (version 1, and the unsigned version 2) are using as container the path ~/Library/Containers/com.dgrcode.{appName}/Data. The signed version 2, however, is using ~/ as the container. So for example
log.txt is located at:
unsinged apps: ~/Library/Containers/com.dgrcode.{appName}/Data/Documents/log.txt.
signed app: ~/Documents/log.txt
Realm's default.realm file is located at:
unsigned apps: ~/Library/Containers/com.dgrcode.{appName}/Data/Library/Application Support/default.realm
signed app: I haven't found it yet 😓
The obvious problem is that any user from version 1 that installs version 2 signed, will start using a new database instead of continuing using the existing database. And obviously having my app's data spread through their ~/ directory is far from ideal.
Here's what I get when I run codesign -v -d on the first version (everything between {} has been redacted for clarity:
Executable={/path/to/app}
Identifier=com.dgrcode.{appName}
Format=app bundle with Mach-O universal (x86_64 arm64)
CodeDirectory v=20500 size=56564 flags=0x10002(adhoc,runtime) hashes=1757+7 location=embedded
Signature=adhoc
Info.plist entries=29
TeamIdentifier=not set
Runtime Version=13.3.0
Sealed Resources version=2 rules=13 files=2
Internal requirements count=0 size=12
Where I think the most relevant part is the Signature=adhoc and TeamIdentifier=not set.
Now I archive a version 2 of the app. I make a copy and I sign only one of them using codesign -v --sign. I package them inside a .dmg (not sure if this affects anything, but just in case), and check the .app inside each of the .dmg after mounting them.
Here's the result of codesign -v -d for each one:
unsigned:
Executable={path/to/app}
Identifier=com.dgrcode.{appName}
Format=app bundle with Mach-O universal (x86_64 arm64)
CodeDirectory v=20400 size=57452 flags=0x2(adhoc) hashes=1785+7 location=embedded
Signature=adhoc
Info.plist entries=31
TeamIdentifier=not set
Sealed Resources version=2 rules=13 files=4
Internal requirements count=0 size=12
signed
Executable={path/to/app}
Identifier=com.dgrcode.{appName}
Format=app bundle with Mach-O universal (x86_64 arm64)
CodeDirectory v=20400 size=57335 flags=0x0(none) hashes=1785+3 location=embedded
Signature size=4798
Signed Time=13 Nov 2023 at 12:17:24
Info.plist entries=31
TeamIdentifier=2W564BCY7Z
Sealed Resources version=2 rules=13 files=4
Internal requirements count=1 size=188
The unsigned app works as expected. When I open the unsigned app, it continues using the realm database in the previous location ~/Library/Containers/com.dgrcode.{appName}/Data, and I can see the log.txt update its content.
The signed app, however, doesn't use the same database, and is no longer writing to the log.txt file at ~/Library/Containers/com.dgrcode.{appName}/Data, but it's writing at ~/Documents/log.txt instead. It does use a database, but I have no clue where it is.
Questions
How can I make the signed app use the path ~/Library/Containers/com.dgrcode.{appName}/Data/ as its container lcoation?
How can something like this happen just by signing the .app?
I'm using Flutter for creating app and I need to run a file with arguments from dart code (This file is in the app's container) on MacOS. How can I do it in a sandbox? I don't want to disable sandbox because then i can't publish app in App Store.
I tried this code ProcessResult result = await Process.run(path, [-pa], includeParentEnvironment: true);
but I'm getting error: ProcessException: Operation not permitted.
Also, I saw thing called "Embedding a command-line tool in a sandboxed app", but I don't know how to do it in my case.
Post not yet marked as solved
My app has the App Sandbox enabled and the File Access to Downloads folder is set to Read / Write in XCode.
Upon clicking on a button the app should open the Finder displaying the Downloads folder.
The following code snippet is used to launch the Finder
if let inspirationsDirectory = FileManager.default.urls(for: .downloadsDirectory, in: .userDomainMask).first{
NSWorkspace.shared.open(inspirationsDirectory)
}
On my MacOS it works well.
After releasing the app to the AppStore and installing it on another Mac the following message is received upon clicking the button:
The application does not have permission to open "Downloads"
Which would be the solution to launch the Finder successfully ?
Is it possible to launch the Finder showing the Downloads folder sorted by the Date Added column descending ?
Post not yet marked as solved
I'm encountering an intermittent issue while trying to run safaridriver on macOS Sonoma. Here are the details of the problem:
I ran sudo /usr/bin/safaridriver -p0 --enable in the beginning.
After that when I run this multiple times /usr/bin/safaridriver -p0, I sometimes receive an "Operation not permitted" error, but not consistently. This issue seems to occur intermittently.
I've checked the sudo logs, and I see the following error message:
kernel: (Sandbox) Sandbox: com.apple.WebDriver.HTTPService(2049) deny(1) user-preference-write com.apple.WebDriver.HTTPService
cfprefsd: (CoreFoundation) [com.apple.defaults:cfprefsd] rejecting write of key(s) MobileDeviceRemoteXPCEnabled in { com.apple.WebDriver.HTTPService, nimish, kCFPreferencesAnyHost,
/Users/nimish/Library/Preferences/com.apple.WebDriver.HTTPService.plist, managed: 0 } from process 2049 (com.apple.WebDriver.HTTPService) because setting these preferences requires user-preference-write or file-write-data sandbox access
cfprefsd: (CoreFoundation) [com.apple.defaults:cfprefsd] Couldn't open parent path due to [2: No such file or directory
kernel: (Sandbox) Sandbox: com.apple.WebDriver.HTTPService(2049) deny(1) network-bind local:*:7055
com.apple.WebDriver.HTTPService: (WebDriver) [com.apple.WebDriver:WebService] Error starting HTTP server listening on localhost:0: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" UserInfo={NSLocalizedDescription=Operation not permitted, NSLocalizedFailureReason=Error in bind() function}
com.apple.WebDriver.HTTPService: (WebDriver) [com.apple.WebDriver:XPCService] Client connection invalidated for some reason
I am getting this on Mac Os Sonoma Can anybody please help on this?
Post not yet marked as solved
Hi everyone, I've been trying for a few days and still getting the same errors..so any help would be appreciated!!
I've got the app to pass the Validation in XCode Organizer, but after I uploaded to Apple Store Connect through the Organizer, I'd get an email with errors, ITMS-90238: Invalid Signature, mentioning a long list of plugins, and then ITMS-90296: App sandbox not enabled.
I'm not sure how to investigate these problems, so I've been just blindly trying everything.
I've added the Sandbox capability in Xcode and have the entry in the entitlement file. The app even shows Sandbox Yes in Activity Monitor.
This is an Qt app. I generated an Xcode project using qmake, then use Xcode to sign and upload.
I tried both manually selecting the profile and letting Xcode manage signing automatically. I've tried both Distribution profiles and Development profiles.
It was giving build errors in signing unless I used the --deep flag in Other Code Signing Flags. Then I read online that it's not recommended. So I've tried using the -codesign option in the Qt's mac deployment tool, macdeployqt. It passed the validations but still gives the same error. I suspect it's doing a codesign --deep internally. This is how I'm using macdeployqt
macdeployqt myapp.app -qmldir="$SOURCE_DIR"/qml -always-overwrite -appstore-compliant -codesign="$SIGNING_CERT"
Any advice would be much appreciated!!
I'm on macOS Sonoma 14.0, Apple M2, Qt 6.5.3
Post not yet marked as solved
The old one is "x-apple.systempreferences:com.apple.preference.security?Privacy_ScreenCapture"
I've recently updated my development laptop, and my continuous integration build nodes (a pair of Mac minis) to macOS Sonoma. Prior to this update, my CI workflows passed without issue.
Since updating, every time I attempt to run my app's unit tests, an impassible alert is shown stating:
“MyApp” differs from previously opened versions. Are you sure you want to open it?
Opening “MyApp” will allow it to access data from previously used versions of “MyApp”.
My tests go no further, and my CI workflows fail.
I found that if I switched from using Ad-Hoc code signing for my tests, that this dialog is no longer shown on my local development laptop, however it is still shown on my CI nodes.
Is there some way to tell Xcode to bypass this warning? If there's not, Sonoma doesn't seem to be usable for doing testing.
Post not yet marked as solved
Hello, I currently am designing a data backup solution, and have an unsandboxed launch agent written in DotNet 6 that needs read access to files in order to back them up. It is configured together with its own App Group (with the sandboxed GUI). However, this Launch Agent cannot access files or enumerate directories in ~/Library/Group Containers/com.apple.notes whatsoever (even after enabling full disk access for the calling app, the files are not restricted either). I am trying to access the NoteStore.sqlite and similar files so that the Launch Agent can read the file and upload it to S3. Is there some entitlement I need to add, or access prompt? It seems like there is additional security layers for Sandboxed folders for apps that I'm trying to bypass. What is the recommended solution for my use case?
(For Ventura and Sonoma users)
Post not yet marked as solved
I`m trying create simple http sever, when I do it in main target of my macOS app then it works, but when I do it in uitests target it fails (result == -1 (Operation not permitted)). Interestingly when I run it in iOS uiTests target then it works.
let sockfd = socket(AF_INET, SOCK_STREAM, 0)
var serverAddress = sockaddr_in(sin_len: __uint8_t(MemoryLayout<sockaddr_in>.size),
sin_family: sa_family_t(AF_INET),
sin_port: CFSwapInt16HostToBig(8080),
sin_addr: in_addr(s_addr: inet_addr("127.0.0.1")),
sin_zero: (0, 0, 0, 0, 0, 0, 0, 0))
let result = withUnsafePointer(to: &serverAddress) {
$0.withMemoryRebound(to: sockaddr.self, capacity: 1) {
Darwin.bind(sockfd, $0, socklen_t(MemoryLayout<sockaddr_in>.size))
}
}
I've got set in my main target entitlements:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
</dict>
</plist>
What can be reason that it fails? how can I fix it?