App Sandbox

RSS for tag

App Sandbox is a macOS access control technology designed to contain damage to the system and user data if an app becomes compromised.

Posts under App Sandbox tag

118 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

How to use CFMessagePort in a Sandbox App when App Group naming convention is not possible?
I am working on an App and I am in the process of adding Syphon support. Syphon uses CFMessagePort for IPC and passing of FrameBuffer data (MTLTexture) between apps - and is widely used in the professional video app and video production space. What I have noticed is that when the App is built as a Sandbox app, during the Syphon initialization, I see the following error message in the log: *** CFMessagePort: bootstrap_register(): failed 1100 (0x44c) 'Permission denied', port = 0x8703, name = 'info.v002.Syphon.D2499DBD-93AE-4CEA-B21F-FF356DCC069D' See /usr/include/servers/bootstrap_defs.h for the error codes. Syphon uses the "info.v002.Syphon.UUID" naming convention to identify IPC Syphon servers, so I don't think I can use the App Groups naming convention for Sandbox support. I have a very simple example app on github that publishes SpriteKit frames as a Syphon Server. To see the issue, simply enable App Sandbox for the build, and run the app. You should see the error message in the log and no data appears in any Syphon Client (I use Syphon Recorder for testing - available at syphon.github . io I am looking for other options to enable CFMessagePorts on a Sandbox App.
6
0
877
May ’24
After adding a sandbox application, some features, like partitioning, may stop working.
We've developed a macOS application that helps users manage other applications. This includes features like resizing applications through our application. However, this functionality works fine before integrating the sandbox, but stops working afterward. In essence, our application is unable to resize other applications after being sandboxed. Any guidance on how to achieve this functionality within the sandbox restrictions would be greatly appreciated. Thank you in advance for your assistance.
2
0
368
May ’24
Can't disable App Sandbox
My Xcode workspace contains build settings for a macOS, iOS, and tvOS application. My Sandbox macOS app builds just fine and works great - and is on the App Store. I am in the process of creating a new build / branch of this app that is not Sandboxed so that I can add IPC (Syphon support) - as I don't think I can use App Groups to enable CFMessage support (which Syphon requires) because Syphon (third party framework) - uses its own naming convention for the ports. Anyway, sandbox support for a Syphon app is a topic for another day (it's actually quite disappointing that I can't release a Syphon version on the App Store). The trouble I am having, is that even afer deleting the App Sandbox entitlement from my project, my App still seems to be running in the App Sandbox, and I can't figure out how to remove the App Sandbox entitlement completely. What I am seeing, is that even after deleting the App Sandbox entitlement (using the project settings and deleting it in the "Signing and Capabilities" tab (and also checking the entitlements file manually to doubly make sure it is gone) - I am still seeing the following error message: *** CFMessagePort: bootstrap_register(): failed 1100 (0x44c) 'Permission denied', port = 0x8703, name = 'info.v002.Syphon.332143F7-0916-428A-A88A-59B752F95304' See /usr/include/servers/bootstrap_defs.h for the error codes. It is also saving my Application Support data in the ~/Library/Containers folder, and not in ~/Library/ApplicationSupport What step am I missing?
7
0
1.2k
May ’24
App sandbox extension revoked on Ventura
Hi everyone, first-time caller, long-ti... wait, no, I just got here. :) I am relatively new to all things Apple, so apologies in advance if it takes me a few goes to properly explain things. We have a framework, which includes an API, an XPC service, etc, and we have a device driver. We also have some sample apps that use the framework, and if they have the app sandbox capability, then we expect them to use the XPC Service instead of accessing our driver directly. This works fine on Monterey and presumably has worked fine on all previous versions of MacOS. Something seems to have changed on Ventura, and we don't understand what. When we build the same app on Ventura, it appears to be in the sandbox (according to the Sandbox column in Activity Monitor), but in the Console there is this line (twice): default <time> <OurAppName> Revoking sandbox extension; key = 0 Which we suspect is linked to the fact that the app then does not use the XPC Service, and instead accesses the driver directly, much to our surprise. Software built on developer's machines is "Automatically managed" and "Signed to Run Locally" in case that matters. Do we need to change our code to support Ventura and onward? Or is it a bizarre bug? Oh, I should say that I'm running the latest version of Ventura (13.6.7 as of writing) but not the latest Xcode (14.2 (14C18)) and CLI tools... can't remember how to find that version... Apple clang version 14.0.0 (clang-1400.0.29.202). Any help would be appreciated, thanks. Jeremy
6
0
702
May ’24
Programmatically passing files to Final Cut via Apple Events
We have trying to programmatically send data to Final Cut Pro by using Apple Event as decribed in Sending Data Programmatically to Final Cut Pro : tell application "Final Cut Pro" activate open POSIX file "/Users/JohnDoe/Documents/UberMAM/MyEvents.fcpxml" end tell This works fine in Script Editor but we run into problems when trying to do the same in our macOS app. We found interesting information in Workflow Extensions SDK 1.0.2 Release Notes.pdf. A) Hardened runtime has "Apple Events Enabled" checked. B) Info.plist contains NSAppleEventsUsageDescription: <key>NSAppleEventsUsageDescription</key> <string>Test string</string> C) We added following entitlements: <key>com.apple.security.scripting-targets</key> <dict> <key>com.apple.FinalCut</key> <array> <string>com.apple.FinalCut.library.inspection</string> </array> <key>com.apple.FinalCutTrial</key> <array> <string>com.apple.FinalCut.library.inspection</string> </array> </dict> <key>com.apple.security.automation.apple-events</key> <true/> With this configuration in place, our app is able to call AppleScript to activate Final Cut Pro application but it is unable to open the file. Following error is returned: Error executing AppleScript: { NSAppleScriptErrorAppName = "Final Cut Pro Trial"; NSAppleScriptErrorBriefMessage = "A privilege violation occurred."; NSAppleScriptErrorMessage = "Final Cut Pro Trial got an error: A privilege violation occurred."; NSAppleScriptErrorNumber = "-10004"; NSAppleScriptErrorRange = "NSRange: {56, 64}"; } Also there is no prompt asking user to allow Automation from our app to Final Cut. I am not sure whether the prompt is to be expected when developing an application in Xcode. Our current workaround is to add (or even replace com.apple.security.scripting-targets with): com.apple.security.temporary-exception.apple-events entitlement like this <key>com.apple.security.temporary-exception.apple-events</key> <array> <key>com.apple.FinalCutTrial</key> </array> However while this approach might work in development we know this would probably prevent us from publishing the app to Mac App Store. I think we are missing something obvious. Could you help? :-)
10
0
1.1k
Jun ’24
User Data is getting randomly deleted
this is an email I have sent to Apple with no luck: Dear Apple Developer Support Team, I am writing to seek urgent assistance with a persistent issue I have been encountering with Xcode. For several months now, every time I connect my iPhone to Xcode for development purposes, it automatically overwrites the user data of my apps with an old, seemingly random container. This issue is severely impacting my ability to continue development, as I cannot test new changes effectively. This occurs since a few months in every iOS and Xcode/macOS Version. I tried it with different Apps and Devices. Sometimes the entire Container (Documents) gets read only access so no new data can be created or changed by the user. I frequently used the replace container feature on Xcode so maybe this has something to do with it. This problem persists despite numerous attempts to resolve it on my end. I am at a critical point in my development timeline, and it is crucial for me to resolve this as soon as possible. Could you please advise on the next steps I should take to address this issue? If there are any logs or further information you require, I am more than willing to provide them. Thank you for your attention to this matter. I look forward to your prompt response and hope for a resolution soon. Best regards, Victor Lobe
7
0
1k
Jun ’24
Launching Java from a bundled JRE in macOS app
Hi there! I am trying to build a macOS app using Electron. There is a feature on the app that depends on a http server to run locally. This Server was built using Java. Both the compiled server and the Java Runtime Environment were bundled in the build. To start the server I use NodeJS's child_process.spawn, pointing the bundled JRE's executable and the server implementation. The issue I am facing is that the Java Virtual Machine is not starting. It returns the following error message: Error: Port Library failed to initialize: -1 Error: Could not create the Java Virtual Machine. Error: A fatal exception has occurred. Program will exit. Both the JRE and the server are located in Contents directory, in a subdirectory I have created for them. Here are the app's entitlements: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.application-groups</key> <string>REDACTED</string> <key>com.apple.application-identifier</key> <string>REDACTED</string> <key>com.apple.developer.team-identifier</key> <string>REDACTED</string> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> <key>com.apple.security.cs.disable-executable-page-protection</key> <true/> <key>com.apple.security.cs.disable-library-validation</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> <key>com.apple.security.device.microphone</key> <true/> <key>com.apple.security.device.audio-input</key> <true/> <key>com.apple.security.device.camera</key> <true/> <key>com.apple.security.print</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.temporary-exception.files.absolute-path.read-write</key> <true/> </dict> </plist> Here the entitlements inherit: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.inherit</key> <true/> </dict> </plist> Is there any missing step to allow the spawning of this process?
1
0
514
May ’24
Does an app need Full Disk Access if System Integrity Protection is disabled?
I am going through the list of ways to check if my app is given Full Disk Access (FDA) or not. Out of which only one method is supported by apple. @note The only supported way to check if an application is properly TCC authorized for Full Disk Access * is to call es_new_client and handling ES_NEW_CLIENT_RESULT_ERR_NOT_PERMITTED in a way appropriate * to your application. I have implemented this method using EndpointSecurity and calling it from a root process as required. But when I disable System Integrity Protection (SIP) and call it, it succeeds without FDA. No error is thrown. Then I tested, in our app both EndpointSecurity and protected folder access (like Documents folder) functionalities are working fine even without FDA when SIP is disabled. Now my questions are When SIP disabled, does every app has FDA access by default?. Is there any use case that still needs FDA access when SIP is off?. Is there any way to check for FDA permission given or not whenever SIP is off, since above method won't work in that case?.
1
0
425
May ’24
Not able to perform read and write operations in iCloud in .Net MAUI Mac
I have set up the app identifier in Apple developer with the document URL set up for iCloud and also updated the info.plist file and entitlements according to this. info.plist <dict> <key>iCloud.com.abc.MyApp</key> <dict> <key>NSUbiquitousContainerIsDocumentScopePublic</key> <true/> <key>NSUbiquitousContainerName</key> <string>MyApp</string> <key>NSUbiquitousContainerSupportedFolderLevels</key> <string>Any</string> </dict> </dict> <key>UIFileSharingEnabled</key> <true/> <key>LSSupportsOpeningDocumentsInPlace</key> <true/> <key>UIBackgroundModes</key> <array> <string>fetch</string> <string>remote-notification</string> </array> <key>NSUbiquitousContainersUsageDescription</key> <string>This app uses iCloud containers to store and sync documents.</string> Entitlement.plist <array> <string>iCloud.com.abc.MyApp</string> </array> <key>com.apple.developer.icloud-services</key> <array> <string>CloudDocuments</string> </array> <key>com.apple.developer.ubiquity-container-identifiers</key> <array> <string>iCloud.com.abc.MyApp</string> </array> // Then I am using iCloud for CRUD operation in the app // Code snippet { try { var iCloudDocumentsURL = NSFileManager.DefaultManager.GetUrlForUbiquityContainer(null); if (iCloudDocumentsURL != null) { var path = iCloudDocumentsURL.ToString().Replace("%C3%97", "x"); var filepath = path.Replace("file://", string.Empty).Replace("%20", " "); var destinationdirectoryPath = Path.combine(filePath,"MyAppDocuments"); if (Directory.Exists(destinationdirectoryPath)) { Directory.Delete(destinationdirectoryPath, recursive: true); } } }catch(Exception ex) { LogHandler.LogError(ex); } } But in Delete operation gives Exception -> System.IO.IOException: Access to the path '/Users/USERABC/Library/Mobile Documents/iCloudcomabc~MyApp/MyAppDocuments' is denied.
0
0
503
May ’24
Crash using OpenMP library in a sandboxed app
I'm trying to add a feature to my app which requires OpenMP as third party library. The first time an openMP API gets called makes the app crash. The Xcode terminal reports this: OMP: Error #179: Function Can't open TEMP failed: OMP: System error #1: Operation not permitted Assertion failure at kmp_runtime.cpp(6918): temp_reg_status_file_name. OMP: Error #13: Assertion failure at kmp_runtime.cpp(6918). Console app reports this: Sandbox: deny(1) ipc-posix-shm-write-create /__KMP_REGISTERED_LIB_31975 I cannot substitute or get rid of the OpenMP library as it is used by other third party libs needed by the feature I’m developeng. Hope there is a workaround to the sandbox security restrictions that allows to use the lib. Thanks, Andrea
1
0
593
May ’24
Embedding a command-line tool in a sandboxed app for NativeMessaging
When following this guide https://developer.apple.com/documentation/xcode/embedding-a-helper-tool-in-a-sandboxed-app I cannot run the embedded binary. I'm getting this error: "zsh: trace trap" I would like to be able to use the embedded binary for NativeMessaging with for example Chrome but I can't figure out how to allow it to be executable even with sandboxing enabled. How are Strongbox able to do this with their afproxy executable?
1
0
483
May ’24
FileProvider Testing Setup
TL:DR Can anyone provide guidance as to how to get the FileProvider testing API to work? It closes with no error and I have not been able to determine the issue despite careful attention to the documentation and signing. The Console logs seem to imply it is a Sandbox issue. Hi, Writing this as per suggested in the technical support section. I am trying to create some tests that involve controlling the calls from MacOS to the corresponding "event" functions in the FileProvider (e.g. fetchContents()) using the FileProviderExtension test API provided by Apple. I have thoroughly read the documentation (both online and within the API code) in order to get this to work. I have: Added the com.apple.developer.fileprovider.testing-mode entitlement to both my Main App as well as my FileProviderExtension Ensured my I have the correct account permissions, and provisioning profiles for my Main App as well as FileProviderExtension Added the line domain.testingModes = [.alwaysEnabled, .interactive] The issue: I found that setting the .interactive option in my domain.testingModes will result in my domain in Finder appearing to be stuck loading the root folder, and that my FileProviderExtension instance is being invalidated and closing in ~5s. It is reproducible. Is this a bug? Some things I have noticed: Attaching the debugger to the FileProviderExtension process results in no error. Additionally there is no error received when calling add(:domain). I noticed through testing that the Main App appears to be required to have the com.apple.developer.fileprovider.testing-mode entitlement in order to run a FileProviderExtension with that same entitlement. Otherwise I would receive the error: Error Domain=NSCocoaErrorDomain Code=257 "The file couldn’t be opened because you don’t have permission to view it" When trying to sign manually using a group Developer ID Application certificate as opposed to automatically with my Apple Development certificate Xcode presents the error "Main app provisioning profile" doesn't support the FileProvider Testing Mode capability." Despite this I can clearly see that is an enabled capability though the online Apple Developer portal under the Profiles section. Note that the only capabilities enabled when viewing the bundle identifiers of the Main App and FileProviderExtension are "FileProvider Testing Mode", "App Groups", and the (seemingly required) "In-App Purchases". I later realized that this was likely due to using the wrong type of provisioning profile so I generated and switched to MacOS Developer Profiles (as opposed to Distribution) and this error in XCode went away. However the above issue (FileProviderExtension instance being invalidated) persisted. If I look at the Console I see various errors from when the extension is launched till it closes: Sandbox: mdbulkimport(922) deny(1) mach-lookup com.apple.FileProvider Sandbox: hiveDiskProvider(37981) deny(1) mach-lookup com.apple.mobile.keybagd.UserManager.xpc [ERROR] Cannot query for providers. Error: NSError: Cocoa 4099 "<private>" Error from beginMonitoringProviderDomainChangesWithHandler: Error Domain=NSCocoaErrorDomain Code=4099 UserInfo={NSDebugDescription=<private>} Synchronizer coordinateReadingItemAtURL error: Error Domain=NSCocoaErrorDomain Code=3072 With the Development Provisioning Profiles I see a couple new errors: From secinitd(App Sandbox) Failed to set LS data container personality info: <private> A new error repeated a number of times from cfprefsd after trying to access some .plist files that don't appear to be on my system: Error: Couldn't open parent path due to [2: No such file or directory] Paths are: ~/Library/Containers/<extensionBundleID>/Data/Library/Preferences/ByHost/<extensionBundleID>.<ID>.plist /Library/Managed Preferences/<username>/<extensionBundleID>.plist Any help would be greatly appreciated :)
3
0
707
May ’24
couldn't issue sandbox extension com.apple.app-sandbox.read-write
[7268:372225] Failed to create an FPSandboxingURLWrapper for file:///Users/####/Downloads/mod##06-9-19.pdf. Error: Error Domain=NSPOSIXErrorDomain Code=1 "couldn't issue sandbox extension com.apple.app-sandbox.read-write for 'file:///Users/####/Downloads/mod##06-9-19.pdf' PS- Used ### to hide info I am facing an error with apple sandbox in my dot NET MAUI project here is the entitlements file I don't know Why I'm getting the in my understanding with user-selected.read-write it should work
2
0
920
Apr ’24
UIPasteboard in Quick Look Preview Extension blocked by Sandbox?
Though I cannot find any documentation, it seems that UIPasteboard cannot be used from a Quick Look Preview app extension. I have such an extension, which contains a view that supports copying text as follows: - (IBAction)copy:(nullable id)sender { UIPasteboard * pboard = UIPasteboard.generalPasteboard; pboard.string = _rep.text; } This is invoked from a context menu (edit menu) item. This works fine In the simulator, but on device the pasteboard remains empty and errors like the following are emitted: -[PBServerConnection pasteboardWithName:createIfNeeded:authenticationBlock:dataOwnerBlock:error:] failed with error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.pasteboard.pasted was invalidated: failed at lookup with error 159 - Sandbox restriction." UserInfo={NSDebugDescription=The connection to service named com.apple.pasteboard.pasted was invalidated: failed at lookup with error 159 - Sandbox restriction.} It's unclear to me why such functionality would be problematic and necessary to block. It would be nice if this were documented clearly, as I wasted a lot of time trying to figure out why this was not working. (And no, I have not filed a feedback report or TSI yet, as I'm presently very short on time, and I don't have a sample project prepared to demonstrate the issue.)
0
0
675
Apr ’24
SQlite issue because of entitlements?
Hello, I am having some trouble with an application accessing and running SQlite database queries. The error I am getting is (5642) SQLITE_IOERR_SEEK when trying to sqlite_step_stement in the database. See https://www.sqlite.org/rescode.html#ioerr_seek A bit of background, it is an application in Unreal Engine, and everything was working fine in Unreal Engine 4. The application uses a SQlite database on disk to store and fetch data. This database is saved to the documents folder. (I also tried other folders to see if that would make a difference) But since switching to a new version of the engine, Unreal Engine 5, in a build I am getting errors when trying to read/write to the database. This only happens in a build .app file. The only big difference I can find is that in the new engine when making a build the codesigning is already done in the engine. I don't see why those settings would break anything though. It also has an entitlements file, but I also edited it and made sure it has the same entitlements settings as my own scripts that are run afterwards. I am overwriting the codesigning with our own CI/CD scripts afterwards. The .app file is codesigned, notarized and stapled by that script. Also I use an entitlements file to set certain values. It doesn't seem to be a code related issue, as everything is working fine when running the application "in editor". But only when creating a final .app build. It doesn't matter if this build is in Debug or Shipping. My first thought was to try more entitlements settings. But I tried the following and I am still getting the same errors: &lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt; &lt;plist version="1.0"&gt; &lt;dict&gt; &lt;key&gt;com.apple.security.cs.debugger&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.cs.disable-executable-page-protection&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.cs.disable-library-validation&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.automation.apple-events&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.app-sandbox&lt;/key&gt; &lt;false/&gt; &lt;key&gt;com.apple.security.cs.allow-dyld-environment-variables&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.cs.allow-jit&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.cs.allow-unsigned-executable-memory&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.files.downloads.read-write&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.network.client&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.network.server&lt;/key&gt; &lt;true/&gt; &lt;/dict&gt; &lt;/plist&gt; I also am thinking that it might be a different issue as the application is able to create a database file in the documents folder, just not able to do the read write inside the database. These values are just set to try if any of these settings "fix" the issue, but thus far no luck. As there is nothing I can find in Unreal Engine related forums, and I also do not have a lot of experience with all the options when making Mac builds. I was hoping someone on this forum could think of a reason why a .app file would have problems with reading and writing to a SQlite database.
3
0
717
Apr ’24
Error 159 - Sandbox restriction when connecting to XPC service
Hello Apple Developer Community, I'm encountering an issue with my macOS application where I'm receiving the following error message: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.FxPlugTestXPC was invalidated: failed at lookup with error 159 - Sandbox restriction." UserInfo={NSDebugDescription=The connection to service named com.FxPlugTestXPC was invalidated: failed at lookup with error 159 - Sandbox restriction.} This error occurs when my application tries to establish a connection to an XPC service named com.FxPlugTestXPC. It appears to be related to a sandbox restriction, but I'm unsure how to resolve it. I've checked the sandboxing entitlements and ensured that the necessary permissions are in place. However, the issue persists. Has anyone encountered a similar error before? If so, could you please provide guidance on how to troubleshoot and resolve this issue? Any help or insights would be greatly appreciated. Thank you. this is some photos about my entitlements :
16
0
2.7k
Apr ’24
Access Desktop folder from appstore macOS application (sandboxed)
Hello, I am writing a Desktop application for macOS with XCode. This application will be available on app store. So, i have to put sandbox entitlement. So, this application won't be able to access Desktop folder. It will be jailed into a specific directory to store datas. I have installed a macOS application from appstore. When I launched this application, I got a TCC prompt, asking me to allow this application to access Desktop (or Downloads I don't remember). How can this be possible ? I have tried to write a sandboxed application which tries to access to Desktop folder. I didn't get any TCC prompt: My access was rejected. How can I ask to access Desktop folder from I sandboxed application ? Thanks a lot
2
0
880
Apr ’24
Accessibility API permissions on sandboxed app
Hello 👋, I am quite new in the Apple development world, so please forgive me if I am saying something wrong. I am working on a macOs application which aims to act mainly as an assistive window switcher. In order to do so it leverages on AXUIElementCopyAttributeValues and AXUIElementCopyAttributeValue, especially the former to retrieve other application's window titles and the latter to set and focus a target main window. I read online, according to Apple Store guidelines, that app to be accepted in App Store must be sandboxed. And as I read in several forums there may not be a way to use accessibility features within sandbox. So, first question, based on this I would like to know if there is a way to achieve the same without accessibility features? Currently the only thing which does not work is the permission prompt, but an user may also enable Accessibility permissions under Privacy & Security for a certain app. May the app pass the review process, supposing no prompt will be requested to the user, but a "Getting started" will inform and guide the user to set the permissions? Thanks in advance 🙏
1
0
773
Apr ’24
SwiftUI fileImporter vs dropDestination logic
If I drag something into my SwiftUI Mac app the .dropDestination gets an array of URLs that I can do with what I want. If I use .fileImporter to get an identical array of URLs I should wrap start/stop securityScopedResource() calls around each URL before I do anything with it. Can anyone explain the logic behind that? Is there some reason I'm not seeing? It is especially annoying in that the requirement for security scoping also doesn't exist if I use an NSOpenPanel instead of .fileImporter.
5
0
901
2w