App Sandbox

RSS for tag

App Sandbox is a macOS access control technology designed to contain damage to the system and user data if an app becomes compromised.

Posts under App Sandbox tag

118 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

Persistent Security Bookmark Access in Sync Client Desktop App
Hello Fellow Developers, I'm reaching out for insights or solutions to a challenge we're encountering with our sync client application, particularly related to maintaining user folder access permissions across app sessions and system restarts. In our application, we leverage the openFileDialog to enable users to select a folder for file downloads and synchronization. To ensure smooth access on subsequent app launches, we save a security bookmark of the chosen folder. This is crucial for our app to function without repeatedly asking for user permissions, thereby enhancing the user experience. However, we've hit a snag where the security bookmark expires after a few days or upon a system restart, leading to a less than ideal scenario where users are prompted for reauthorization through a FileDialog. This repetitive process is not the seamless experience we aim to provide. To address permissions and security, we are currently using two entitlements: com.apple.security.files.bookmarks.document-scope com.apple.security.files.bookmarks.app-scope Despite these, we still face the bookmark expiration issue. We're seeking advice on whether there are other entitlements or methods we should consider to maintain persistent access to the selected folder without the security bookmark expiring. Our goal is to reduce or eliminate the need for users to repeatedly grant access, ensuring a seamless and efficient user experience. Has anyone faced a similar challenge or can offer guidance on additional entitlements or strategies to achieve persistent folder access? Any suggestions, alternative approaches, or insights would be greatly appreciated. We're keen on exploring all possible solutions to enhance our application's functionality and user satisfaction. Thank you for your time and assistance. I look forward to any advice or discussions this community can offer.
1
0
560
Mar ’24
FileDocument - open another file in the same directory as selected file
I'm working on a macOS app where my file format can include other files (think #include in C/C++). When opening a file with SwiftUI's document-based APIs (i.e., FileDocument), is there a way to get access to those other files? Alternatively, is there a way I could "open" the file's directory, similar to how Xcode opens the directory that a .xcodeproj is located? I don't mind falling back to older Cocoa APIs if this is too obscure for the shiny new stuff :)
3
0
766
Jul ’24
Understanding the Role of App Sandbox and Permissions in macOS Security
In macOS, the App Sandbox is designed to restrict applications' access to system resources and user data, mitigating damage from potential threats. However, I'm unclear on its relationship with permissions and how it effectively reduces such threats. For example, with com.apple.security.device.camera, it seems to me that NSCameraUsageDescription should suffice. If an application is granted permission via NSCameraUsageDescription, configuring com.apple.security.device.camera still doesn't guarantee protection against malicious access to user data, does it? Or, if I haven't configured both com.apple.security.device.camera and NSCameraUsageDescription, could a malicious app still somehow prompt the camera permission dialog or bypass permission checks and access the camera without the com.apple.security.device.camera configuration?
1
0
573
Mar ’24
CryptoTokenKit extension calling an external command
I've developed a crypto token kit extension using the Xcode template. I've successfully added the certificate and its corresponding private key to the keychain. However, when attempting to sign with this certificate, I need to call a command-line interface (CLI) that I've created. The CLI is located at ~/Applications/mycli/cli_executable. My issue arises because the extension is sandboxed, prohibiting direct communication with the CLI. I attempted to remove the sandbox, but that didn't resolve the problem (the extension wasn't being registered without the app sandboxed). Additionally, the CLI relies on a database, so simply copying the file to the app container folder isn't a feasible solution (unless it's a symlink – I'm unsure if this is possible). How can I effectively address this problem and enable communication between the sandboxed extension and my CLI (GoLang app)? Thank you.
2
0
697
Mar ’24
Unable to query chat.db
Is it possible to read messages from chat.db inside a MacOS app? I'm developing a MacOS app, I'm able to successfully connect to ~/Library/Messages/chat.db but when I try to run a query I get Error preparing select: authorization denied I know other apps like TablePlus are able to read chat.db but these apps are outside of iOS. Thanks in advance!
2
0
613
Mar ’24
launchctl fails with "Bootstrap failed: 5: Input/output error", if the app is signed with sandbox
I am implementing parental control app via python 3.9 for macOS. Therefore I want to use launch agent to keep my application always alive (app reopened automatically after reboot pc and protected against to be closed via activity monitor.) I want to give keep alive enabling and disabling option to parents that they can deactivate or activate it in the app GUI. I achieved to keep alive my app standalone signed app without sandboxing(or via Terminal command) but if I sign it with sandbox then I get following error for "launchctl load" and "launchctl bootstrap" commands which are executed in the application "Load failed: 5: Input/output error" My steps without Sandbox which works fine: 1- Create a com.test_gui.macos.plist file under /Library/LaunchAgents with following content: `<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>KeepAlive</key> <true/> <key>Label</key> <string>test_gui</string> <key>ProgramArguments</key> <array> <string>open</string> <string>-g</string> <string>-a</string> <string>/Applications/test_gui.app</string> </array> </dict> </plist>` 2- create a python file for launch agent activation (I know either launchctl load or bootstrap should be used but I used both of them to test both.): import subprocess cmd = "launchctl enable gui/501/test_gui" response = subprocess.call(cmd, shell=True) time.sleep(2) cmd = "launchctl load -w /Library/LaunchAgents/com.test_gui.macos.plist" response = subprocess.call(cmd, shell=True) time.sleep(2) cmd = "launchctl bootstrap system /Library/LaunchAgents/com.test_gui.macos.plist" response = subprocess.call(cmd, shell=True) time.sleep(50) 3- Create standalone app via nutika: python3.9 -m nuitka --run --standalone --macos-disable-console --macos-create-app-bundle \--macos-app-mode=ui-element --enable-plugin=pyside6 --macos-app-icon=/Users/emre/Documents/MrProtect/icons/app_icon.png \--include-data-dir=icons=icons test_gui.py 4-Create a .sh file to sign app without sandboxing: #!/bin/sh APP_PATH="/Users/emre/Documents/tests/Deployment/test_gui.app" SIGNING_IDENTITY_APP="Apple Development: Emre Guenay (***)" PASSWORD="***" codesign -s "$SIGNING_IDENTITY_APP" -f \ "$APP_PATH/Contents/MacOS/Python" codesign -s "$SIGNING_IDENTITY_APP" -f \ "$APP_PATH/Contents/MacOS/test_gui" exit 0 5-execute sh file and see following output: /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/Python: replacing existing signature /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/test_gui: replacing existing signature 6-copy paste signed standalone app(without sandbox) file under /Applications/ 7-execute app and try to close app via activity monitor and observe that the app is reopened automatically. so the launch agent works fine Failed Steps(Sign the same app with sandbox and observe that both launchctl load and bootstrap returns "Load failed: 5: Input/output error") 8- create an app.entitlements file with following content: \<?xml version="1.0" encoding="UTF-8"?\> \<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"\> \<plist version="1.0"\> \<dict\> \<key\>com.apple.security.app-sandbox\</key\> \<true/\> \</dict\> \</plist\> 9-Create a .sh file to sign app with sandboxing: #!/bin/sh # APP_PATH="/Users/emre/Documents/tests/Deployment/test_gui.app" SIGNING_IDENTITY_APP="Apple Development: Emre Guenay (***)" PASSWORD="***" codesign -s "$SIGNING_IDENTITY_APP" -f \ \--entitlements app.entitlements \ "$APP_PATH/Contents/MacOS/Python" codesign -s "$SIGNING_IDENTITY_APP" -f \ \--entitlements app.entitlements \ "$APP_PATH/Contents/MacOS/test_gui" exit 0 10-execute sh file and see following output: /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/Python: replacing existing signature /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/test_gui: replacing existing signature 11-execute app and try to close app via activity monitor and observe that the app is closed although app started the launch agent. 12-you can re-execute app under /Applications/test_gui.app/Contents/MacOS folder with "./test_gui" or even with sudo "sudo ./test_gui" commands you would see following error message for both launchctl load and bootstrap returns: "Load failed: 5: Input/output error". So if you close the app, it will not be re-opened Moreover console tool launchd.log output shows also (1: Operation not permitted) error for launchctl load and bootstrap commands My questions: 1-Is there any other method different than launch agent for keep alive? I researched it in internet but I could not find any other method unfortunately. Moreover launch agent is not user friendly anyway, with the reason that sandboxed apps cannot copy paste any files under LaunchAgents folder automatically. I am planning to provide my plist file to users that they can copy paste the file themself into launch agent folder out of sandbox. 2-How can i get rid of "Load failed: 5: Input/output error", thereby I can proceed at least with lanuchctl? What I have tried additionally: 1-I have also tried to use these linux commands, before executing my sandboxed standalone app file: sudo -S chown 600 /Library/LaunchAgents/com.test_gui.macos.plist sudo -S chown root:wheel /Library/LaunchAgents/com.test_gui.macos.plist 2-I have already given security fulldisk access to my test_gui app, but it also did not work My Requirements: Nuitka: 1.9rc5 Commercial: None Python: 3.9.12 (v3.9.12:b28265d7e6, Mar 23 2022, 18:22:40) Flavor: CPython Official Executable: /Library/Frameworks/Python.framework/Versions/3.9/bin/python3.9 OS: Darwin Arch: x86_64 Version C compiler: /usr/bin/clang (clang). macOS Sonoma: 14.2.1
1
0
2.5k
Mar ’24
Restricting child process sandbox
Hello, I have an application which is running sandboxed and it also launches a child processes via posix_spawn. I already learned that child processes are running in the same sandbox as the launching application. What I wonder is if there is a way to launch the child with different sandbox profile from the parent application while maintaining the parent-child relationship? My use case is that helper applications doesn't need access to bunch of stuff the parent needs and we want to limit blast radius in case of security problem. I know that's what XPCServices are for, but we have a multi-platform code which is relying on POSIX process model quite heavily. Thank you
2
0
731
Mar ’24
Running a script from within swift app (QLExtension)
I am trying to run a simple bash script from within swift. Eventually it should call a python script, but for now, I am just trying to get it to echo hello. The script is included in the bundle and also included in the targets. The script is called from the QLExtension. The script is correctly found, but I get an error: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" let scriptPath = Bundle.main.path(forResource: "run_local", ofType: "sh") if scriptPath == nil { print("script not found or other error") return nil } let process = Process() process.executableURL = URL(fileURLWithPath: "/bin/bash") process.arguments = [scriptPath!] do { try process.run() process.waitUntilExit() } catch { print("Failed to run the script: \(error)") } The script, run_local.sh is included in the bundle and is just #!/bin/bash echo "hi" > /dev/null Is this possible? Are there any particular entitlements that I need in order for this to work? Everything else works with this app; this is the only error. -- The reason I am building this: I use google drive to synchronize files locally. A number of those files do not have a local representation. Google "stores" those files locally using a text file with a document ID (one would open something like docs.google.com/docs/) I want to be able to preview the google drive files using quicklook One very simple way to do this is to fetch the google drive files (using google drive API) at preview time. I have a python script that can do this and wanted to hook it up to the QLExtension for preview Another option is to keep a separate service running (I would use python) that keeps a local copy of all the synchronized google files. (But then I'll probably need to connect to a local sql database or similar that tells the swift extension the local file math: i.e., effectively a mapping from ID => local_file_path. But perhaps access of this kind to a SQL database is allowed?)
2
0
767
Feb ’24
有用户出现本地沙盒所有数据丢失
有用户反馈有些APP引导弹窗多次弹出,经过埋点日志观察发现,这些用户保存在钥匙串中的openudid,沙盒数据,甚至网络请求的cookie都突然丢失了,然后后续几次重启后可能这些数据又都恢复了,感觉非常不可思议,代码上看不出有任何问题,有大神帮忙解答下吗?
1
0
524
Feb ’24
Electron app crashes under the App Store's App Sandbox
I've been trying to submit an application made with the Electron framework (electronjs.org) to the Mac Apple Store, but when launched an alert dialog appears with the text: "App Name Helper (Renderer)" differs from previously opened versions. Are you sure you want to open it? Opening "App Name Helper (Renderer)" will allow it to access data from previously used versions of "App Name Helper (Renderer)". ...this is preventing my Mac App Store submission. I've looked at troubleshooting information related to Gatekeeper and entitlements, etc. but I have not been able to determine which Apple subsystem (App Sandbox? Gatekeeper?) this particular alert comes from so I can possibly carve out an exception for it, or otherwise figure out how to fix it. "App Name Helper (Renderer)" is an agent process. Checking the App Store build results in: > spctl -a -t exec -vvv App\ Name.app/Contents/Frameworks/App\ Name\ Helper\ \(Renderer\).app App Name.app/Contents/Frameworks/App Name Helper (Renderer).app: rejected origin=Apple Distribution: Kevin Hughes (MYTEAMID) ...for App Store submission, is it expected that all agent processes should be signed with the Apple Distribution certificate? And is it OK that nothing is notarized before submission? If everything should be notarized, which certificate should be used? Does the App Store verification process check for this kind of thing regarding agent processes? Should it? Note that I can build, install, launch, and fully execute an Apple Developer ID-signed and notarized binary with a hardened runtime (and Apple Development profile) myself on my local machine as well as other macOS Sonoma 14.3.1 systems without any issues. The entitlements for my App Store build are: <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.assets.movies.read-only</key> <true/> <key>com.apple.security.assets.music.read-only</key> <true/> <key>com.apple.security.assets.pictures.read-only</key> <true/> <key>com.apple.security.automation.apple-events</key> <true/> <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.security.cs.debugger</key> <true/> <key>com.apple.security.cs.disable-executable-page-protection</key> <true/> <key>com.apple.security.cs.disable-library-validation</key> <true/> <key>com.apple.security.files.downloads.read-only</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.network.client</key> <true/>
2
0
1k
Feb ’24
Sandboxed App crashes at Startup in _libsecinit_appsandbox.cold
Hi, I've an OSX app packages up outside of XCode (because it's based on a legacy cross-platform build system). The layout looks like this: App App/Contents <- info.plist is here App/Contents/Frameworks <- Dylibs go here App/Contents/MacOS <- Main executable and bash startup script go here App/Contents/Resources <- Non-executable resources. There are no helper apps, etc that I know of. info.plist, the Frameworks, Main Executable and App are all signed. The Main Executable includes entitlements with the sandbox entitlements. On startup, we crash in the usual Sandbox place: 0 libsystem_secinit.dylib 0x7ff811fcc2a5 _libsecinit_appsandbox.cold.9 + 49 1 libsystem_secinit.dylib 0x7ff811fcb636 _libsecinit_appsandbox + 1749 2 libsystem_trace.dylib 0x7ff8044029e9 _os_activity_initiate_impl + 50 3 libsystem_secinit.dylib 0x7ff811fcaf20 _libsecinit_initializer + 67 4 libSystem.B.dylib 0x7ff811fe08a1 libSystem_initializer + 292 5 dyld 0x20905939f invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const::$_0::operator()() const + 185 (Even though I'm not signing the bash startup script, which invokes the main executable, it's still getting signed and has entitlements. And I'm not using --deep. I've tried setting com.apple.security.inherit - that didn't work. I've tried explicitly signing the bash startup script - that didn't work. It fails not matter how I start the app - by clicking on it, command line, just launching the main executable via the command line, and of course using LLDB. Any ideas? Crash report enclosed. ProgUhost-2024-02-17-171425.ips
2
0
1.2k
Feb ’24
Entitlement to write preference that includes a device specific identifier
Since the macOS 14.2 update, services installed with SMAppService are required to be sandboxed when the main app is sandboxed as well (113037504). I had developed a daemon to communicate with the pmset interface, as that requires root privileges to make changes. Since the macOS 14.2 this daemon executable has to be sandboxed as well if I want my main app to be sandboxed. When sandboxing the daemon, it requires a temporary exception entitlement as the pmset command writes to one of the following two preference located in /Library/Preferences/: com.apple.PowerManagement.plist com.apple.PowerManagement.{UUID}.plist The specific command I use writes to the latter, which includes some specific UUID, that is specific to that device. When I use the: com.apple.security.temporary-exception.shared-preference.read-write entitlement with com.apple.PowerManagement.0000 where 0000 is the exact UUID string as on my Mac, the daemon is able successfully use the pmset command. This results however in that on other user devices it would not work as the UUID in the preference name would be different. When I try setting it to a wildcard variation such as com.apple.PowerManagement.*, the command doesn't run anymore as this format for the exception entitlement seems to be unsupported. My question is now, is there any way to get an exception entitlement which accounts for the unique identifier or is that impossible and must I disable the sandbox altogether? (as I have to use a daemon, I am not developing for the Mac App Store and a sandbox isn't strictly necessary so it wouldn't break my app. Its more I would prefer to use sandboxing if possible) Thanks in advance! For reference, this is the error I get when the entitlement is set incorrectly or not set: rejecting write of key(s) AC Power in { com.apple.PowerManagement.0000, kCFPreferencesAnyUser, kCFPreferencesCurrentHost, /Library/Preferences/com.apple.PowerManagement.0000.plist, managed: 0 } from process 15694 (pmset) because setting preferences outside an application's container requires user-preference-write or file-write-data sandbox access
1
0
692
Feb ’24
Running Developer Tools from a Sandboxed App
I’ve talked about this a bunch of times here on DevForums but, reviewing those posts today, I realised that they’re quite fragmented. This post is my attempt to create a single post that collects together all the bits. If you have questions or comments, please put them in a new thread. Tag it with App Sandbox so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Running Developer Tools from a Sandboxed App If you attempt to run a developer tool, like otool, from a sandboxed app, it fails with an error like this: xcrun: error: cannot be used within an App Sandbox. In this case I was trying to run /usr/bin/otool directly, so how did xcrun come into it? Well, the developer tools that come pre-installed on macOS, like otool, are actually trampolines that use xcrun to bounce to the the real tools within Xcode. Specifically, xcrun defaults to the tools within the currently selected Xcode or Command Line Tools package. So, if you have Xcode installed in the usual place and are using it for your currently selected tools, the actual sequence is /usr/bin/otool, which runs xcrun, which runs /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/otool. The user can change the currently selected tools with xcode-select. You can get around this problem by running otool from within Xcode. This skips the first two steps, allowing the tool to run. However, there are some serious problems here. The first is that there’s no guarantee that the user has Xcode installed, or that they want to use that specific Xcode. They might have the Command Line Tools package installed. Or they might prefer to store Xcode somewhere outside of the Applications directory. You can get around this by running xcode-select with the --print-path argument: % xcode-select --print-path /Applications/Xcode.app/Contents/Developer However, that results in two more problems: xcode-select prints the root of the Developer directory. The location of, say, otool within that directory isn’t considered API. As a sandboxed app, you might not have access to the path returned. That second point deserves a deeper explanation. To understand this, you’ll need to understand the difference between your static and dynamic sandbox. I talk about this in On File System Permissions. Running otool from /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/otool works because /Applications is in the sandbox’s built-in allowlist. This is part of your static sandbox, so you can run executables from there. But what happens if the user’s selected Xcode is in a different directory? (Personally, I keep numerous copies of Xcode in ~/XcodeZone.) That might not be part of your static sandbox so, by default, you won’t be able to run tools from it. For normal files you can dynamically extend your sandbox to allow this, for example, by presenting a standard open panel. However, this doesn’t work for executable access. There is currently no way to get a dynamic sandbox extension that grants executable access. On File System Permissions has a link to a post that explains this in detail. Finally, there’s a big picture concern: Does the tool actually work when run in a sandbox? Remember, when a sandboxed app runs a command-line tool like this, the tool inherits the app’s sandbox. For more about the mechanics of that, see the documentation linked to by On File System Permissions. For a simple tool, like otool, you can reasonably assume that the tool will work in a sandbox. Well, you have to make sure that any path arguments you pass in point to locations that the sandbox allows access to, but that’ll usually do the trick. OTOH, a complex tool, like say the Swift compiler, might do things that don’t work in the sandbox. Moreover, it’s possible that this behaviour might change over time. The tool might work in a sandbox today but, sometime in the future, an updated tool might not. So what should you do? The only approach I’m prepared to actively recommend is to not sandbox your app. That avoids all of the issues discussed above. If you must sandbox your app then I see two paths forward. The first is to just live with the limitations discussed above. Specifically: You can only use a tool that’s within your static sandbox. For complex tools, you run the risk of the tool not working in the future. The alternative is to embed the tool within your app. This is only feasible if the tool is open source with a licence that’s compatible with your plans. That way you can build your own copy of the tool from the source. Of course this has its own drawbacks: It increases the size of your app. You can only run that version of the tool, which might not be the version that the user wants.
0
0
678
Feb ’24
Intents UI Extension
I have successfully created the Intents UI Extension file for the wallet, obtained the requisite certificate, and adhered to the MeaWallet guidelines. Additionally, I have generated a sandbox login ID and successfully logged into the simulator using the sandbox login ID. In an attempt to integrate the Intents UI Extension file into an existing project, I followed these steps: Debug -> Attach to Process by PID or Name. Subsequently, I conducted a search for the Intents UI Extension file name, selected the appropriate file, and clicked the attach button. However, Xcode is currently displaying 'waiting for attachment.' Despite these efforts, I encountered an issue where the wallet extension controller is unable to access the application when attempting to run it.
0
0
620
Feb ’24
Running commands for symbolication within the App Sandbox for Mac App Store
I'm trying to build a developer tools app that can run in the app sandbox and execute commands related to working with DSYM files. The app sandbox is a requirement for publishing it to the App Store. I come from the world of iOS so everything is a sandbox to me and this is new territory. To execute my commands I'm using the Process type to invoke command line. func execute() throws -> CommandResult { let task = Process() let standardOutput = Pipe() let standardError = Pipe() task.standardOutput = standardOutput task.standardError = standardError task.arguments = ["-c", command] task.executableURL = URL(fileURLWithPath: "/bin/zsh") task.standardInput = nil let outHandle = standardOutput.fileHandleForReading let errorHandle = standardError.fileHandleForReading try task.run() let out1 = outHandle.readDataToEndOfFile() let out2 = errorHandle.readDataToEndOfFile() // more code interpreting the pipes I'm trying to perform the following operations: mdfind to locate DSYMs https://developer.apple.com/documentation/xcode/adding-identifiable-symbol-names-to-a-crash-report#Locate-a-dSYM-using-Spotlight dwarfdump to verify UUIDs https://developer.apple.com/documentation/xcode/adding-identifiable-symbol-names-to-a-crash-report#Match-build-UUIDs atos to symbolicate with the found DYSM file https://developer.apple.com/documentation/xcode/adding-identifiable-symbol-names-to-a-crash-report#Symbolicate-the-crash-report-with-the-command-line This all works just fine when I run my Mac app without sandboxing, but as one would expect totally fails when App Sandbox is enabled--the sandbox is doing its thing. Responses like "xcrun cannot be used within an App Sandbox", or simply the output not finding anything because the scope of the process is limited to the sandbox, not where my app DSYM file is. In my readings on the documentation, where it states that I can create a command line helper tool that gets installed alongside the app sandbox app. "Add a command-line tool to a sandboxed app's Xcode project to the resulting app can run it as a helper tool." https://developer.apple.com/documentation/security/app_sandbox Is this the right path to take? Or is there a way to still achieve access to xcrun by asking the user to grant access to other parts of the system via dialogue prompts? I have followed this guide but don't know where to go from here: https://developer.apple.com/documentation/xcode/embedding-a-helper-tool-in-a-sandboxed-app It leaves off at print("Hello World") and no instructions on how to have your app communicate with the helper from what I could find ... :). I know, generally speaking, of XPC services and that I have the ability to make them on macOS, unlike iOS (wait maybe 17.4 allows it? https://developer.apple.com/documentation/xpc anyways). Would creating an XPC helper be allowed to execute commands against xcrun or have access to the ~/Library/Developer/Xcode path to find the debug symbols for the purposes of symbolicating a crash report? I really want to be able to ship my app on the App Store and enable developers to use the tool super easy, but I'm not sure if the App Sandbox will prevent me from achieving what I'm trying to do or not. Any tips, pointers, samples, guidance is much appreciated!
1
0
828
Feb ’24
Audio Server Plugin entitlements and communication
I am currently working on planning a multi-component software system that consists of an Audio Server Plugin and an application for user interaction. I have very little experience with IPC/XPC and its performance implications, so I hope I can find a little guidance here. The Audio Server plugin publishes a number of multi-channel output devices on which it should perform computations and pass the result on to a different Core Audio device. My concerns here are: Can the plugin directly access other CoreAudio devices for audio output or is this prohibited by the sandboxing? If it cannot, would relaying the audio data via XPC be a good idea in terms of low latency stability? Can I use metal compute from within the Audio Server plugin? I have not found any information about metal related sandboxing entitlements. I am also concerned about performance implications as above. Regarding the user interface application, I would like to know: If a process that has not been started by launchd can communicate with the Audio Server plugin using XPC. If not, would a user agent instead of an app be a better choice? Or are there other communication channels that would work with sandboxing? Thank you very much! Andreas
0
0
774
Feb ’24
Sandboxed app using external shell tool runs on dev machine, but not on others
Following the description from https://developer.apple.com/documentation/xcode/embedding-a-helper-tool-in-a-sandboxed-app* I successfully managed to run my app sandboxed on my development system. Nevertheless the copied application refuses to call the external tool unless it is compiled with NO for the App Sandbox entitlement. My app can be downloaded from: https://github.com/mac-curver/Postscript-Playground The last commit is using the App Sandbox entitlement but the commit before is not using it like compiled and zipped app in the Application folder on Github. The attached picture shows, running the sandboxed app on my development machine. Why the sandboxed does not run on other MACs? How could I test this? *P.S. I could not exactly execute all tasks as written in *, for example I require OS 13.0 and I am using a non commercial dev account (not paying for it).
2
0
565
Feb ’24