I have an app that needs to read a file the user selects from an Open dialog. Right now it works fine on my machine (of course), but doesn't let my app access the file on other systems. I code signed it using my Apple Developer ID. I have notarized it. I have checked it all with the notaryTool and it shows NO ERRORS and as far as I can tell, no warnings either. Here's the entitlements: com.apple.security.cs.disable-library-validation com.apple.security.cs.disable-executable-page-protection com.apple.security.app-sandbox com.apple.security.files.user-selected.read-write What could I be doing wrong? Thank you, -Chilton

Hi, I have a developer tool that often needs access to files outside of the file the user has selected. For example, they can easily select a file that contains a reference to an include file NOT in the current folder or a descendent. But I still need access to that file. How do I handle this, on the latest version of MacOS? Right now it just fails to give me access to the file, making it look like our Mac version is WAY BEHIND the Windows version. Oh and this needs to be in the App Store eventually, but right now I need it to be available outside of it, so I have to use my Developer ID and notarized. I think I've got all of that nailed down, but I'm still having file permission issues. My entitlements currently (which doesn't work): com.apple.security.cs.disable-library-validation com.apple.security.cs.disable-executable-page-protection com.apple.security.app-sandbox com.apple.security.files.user-selected.read-write Thank you, -Chilton

I found my pkg installer while writing to Data Container in App Sandbox since macOS 14 Sonoma. What is wrong with my installer? My pkg will install file to App Sandbox Container. (Destination Path: "~/Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents/Dictionaries/SKK-JISYO.L") But I found Installer always asks that “Installer” would like to access data from other apps. Keeping app data separate makes it easier to manage your privacy and security. Click "Don't Allow" button and Installer.app says "The installation failed". This dialog is not shown macOS 13 Ventura. So it seems to relate App Sandbox changes in macOS 14: https://developer.apple.com/documentation/security/app_sandbox/accessing_files_from_the_macos_app_sandbox Is there a way to write to App Sandbox Container from pkg? For detail: https://github.com/mtgto/macSKK/issues/54 Also you can download installer from https://github.com/mtgto/macSKK/releases/tag/0.9.1 (pkg file is exists in macSKK-0.9.1.dmg)

Hello, I have read com.apple.security.app-sandbox entitlement is required for macOS applications distributed through appstore. If so, how can it be possible for an application like Microsoft Word to read/write files in Documents folder ? It should be forbidden, due to sandbox ? Thanks

Hi, is it possible for a user to remove the implicit permission he or she gave to an app after opening a folder using a standard dialog? I'm asking this because a discussion took place with actual users reasonably arguing that the action may have been a mistake, not intentional at all, so at least we should give them a way to revert what was wrongly interpreted as intent. I believe that they are right and there should be a simple user-level way of doing that. So I looked for a way to remove the bookmark from the command line but to no avail. Thanks, Carlos.

I am developing a tool for myself using Swift and SwiftUI where I can retrieve student projects using git and then running Maven tests for the projects. The app is not sandboxed, since it is just for my personal use. I use Process to launch git clone or git pull, and then get the commit log and parse the commit data to the app database. All this works just fine, I can see the app database table populated with repository commit data. But when I do the same to execute Maven tests, and call try process.run() process.waitUntilExit() The process never returns, unlike running git the same way. The only difference is the command executed and the arguments given to Process. In the process view, I can see that there is a java child process running in my app, but it never (like in tens of minutes I have waited) completes. Running the same mvn test command...: /opt/apache-maven-3.6.3/bin/mvn -Dstyle.color=never -Dtest=ReverseArrayRangeTests test ...from command line finishes in a couple of seconds. While running the Maven command below executes just fine from Process: /opt/apache-maven-3.6.3/bin/mvn -DskipTests -Dstyle.color=never package In this case, I can see the output from the process while it builds the .jar package from the project. Is there something special in running mvn test command, running Java in the child process, that it just does not work? Takes too much resources or something? macOS limiting what the child process can do, even though the app is not sandboxed? I have also tried to Archive the app and run it outside of Xcode debugging, but that doesn't change anything. My previous solution was to run the tests separately in Terminal using a shell script, saving the test results to a log file the app then read and parsed. But I'd like to do everything within the same GUI app, if possible. Any ideas?

Hi I'm using library in my project which create, modify and read file in iConf. How to get access for the app to read from that file. Tnx, Filip

Hi, I'm working on an Xcode Source Editor Extension. Currently, I have App Sandbox enabled and everything works as expected. I have some features I'd like to add that would require me to disable the App Sandbox and release the extension and containing app outside of the App Store. However, whenever I remove the App Sandbox capability from my project and re-run the extension, I can no longer see my extension appear in the Editor menu - it's just gone. My question is - are Xcode Source Editor Extensions only limited to sandboxed environments or can they operate out of the sandbox? If so, how come I don't see it in Xcode 15?

Hello, I’m trying to allow my MacOS app written in swift to run a kill command. it works when I test it manually in my terminal but when I run it in the app I get an not permitted error. j was reading about work space authorization and put in a request but i got a response saying I didn’t need that type of authorization for what I’m doing. Any help pointing me in the right direction? https://developer.apple.com/documentation/appkit/nsworkspaceauthorizationtype Thanks!

I have a sandboxed/hardened app that is distributed outside of the MacAppStore. I want to allow the app to auto-update itself. I currently have the ability in the app to figure out if there is a newer version which then informs the user and gives them an option to download the app (currently it downloads to ~/Downloads in the app container). The app comes as a simple zip file that only includes the app itself. Once downloaded, then NSWorkspace.shared.open(URLtoDownloadedUpdate) will expand the zip and place the app in ~/Downloads. What I want is it to replace the current version of the app w/ this newly downloaded version. Is this possible? First, how do I find out where the old app is stored? And then how do I replace it with the new version when the old app is still running? I realize many people use Sparkle to do this instead of rolling their own. I simply do not want to depend on a third party.

Hello! I'm curious about how com.apple.developer.hid.virtual.device entitlement works with apps. So the documentation hints that it should only be used within a driver. However, on macOS 13 I can successfully compile an app and create a virtual HID device. On earlier versions, such as macOS 12, the app crashes on launch and there's a message in the console: ASI found [libsystem_secinit.dylib] (sensitive) 'failed to compile sandbox profile /System/Library/Sandbox/Profiles/application.sb:1010:15: unbound variable: iokit-user-client-class-name ' Everything seems to be working with the sandbox turned off. Is there a way to use the aforementioned entitlement in a sandboxed app or should I fall back to DriverKit?

Hello, I have sandboxed mac app which is launching a helper app. The main app has sandbox enabled and has get-task-allow entitlement. From main app I launch[1] a helper which is an application bundle located in Contents/Helpers of the main bundle. The helper has sandbox enabled and com.apple.security.inherit entitlement. Currently I have a problem attaching debugger to helper process or getting access to location services from it (but that's probably different issue). I checked the responsible process and it seems to set up to correct PID of the main application. The Xcode is reporting "Not allowed to attach to process" error and I see the same in the log: macOSTaskPolicy: (com.apple.debugserver) may not get the task control port of (com.****) (pid: 31628): (com.****) is hardened, (com.****) doesn't have get-task-allow, (com.apple.debugserver) is a declared debugger(com.apple.debugserver) is not a declared read-only debugger To add a more of the context what I'm trying to achieve is that we run certain parts of our app in separate child processes so we can restart then if anything goes wrong [2]. So I have few questions: Do I need to launch the helper (child) process a particular way to be able to attach debugger to it? Is there a tool to inspect sandboxes (rules applied and the inheritance)? Do I really need to explicitly enable sandboxing and inheritance on the helper app, doesn't it run in the parent' s sandbox anyway? Thank you. [1] We use boost::child_process for launching the helper, which is using popen behind the scene, but I have the same experience with NSTask. [2] I know that's what XPCServices are for but don't ask :-)

An iOS app running in simulator has complete access to the Mac's file system: // Files in protected directory like Desktop, Documents, Calendar, etc will need additional permissions. let filesInSystem = FileManager.default.enumerator(at: .currentDirectory(), includingPropertiesForKeys: nil)?.allObjects This isn't the case when running in device as the app is sandboxed. Is the same possible when running in simulator? More specifically, is there a way to restrict access to the Mac's file system when running an app in the Simulator? This is particularly useful when trying out binaries/frameworks that are not open sourced.

Hello, I have an app in the App Store that is your typical cleaner app. The app searches for files from deleted apps and can remove them. Under macOS Sonoma the app does no longer work. When deleting files, the following message appears in the Console: System Policy: App(1636) deny(1) file-write-unlink The app has scoped bookmarks for the folder and additionally I added Full Disk Access for my app - it still does not work? Is there another layer on top of that? The app works perfectly fine on Big Sur, Monterey and Ventura. Regards, Sascha

I'm the developer of a small utility for Mac called "MusicDeviceHost". https://apps.apple.com/us/app/musicdevicehost/id1261046263?mt=12 As the name suggests, it is a host application for audio units (music device components). See also "Using Sound Canvas VA with QMidi": https://youtu.be/F9C4BiBR A problem occurs while trying to authorize the "Sound Canvas VA" component, Roland Cloud Manager (v3.0.3) returns the following error: “Authorization Error - RM Service not connected Error Connecting to Roland Cloud Manager Service” I guess the error is caused by some permission denied to the sandboxed application version. The NOT sandboxed version of MDH actually works flawlessly. I am using the following entitlements: com.apple.security.app-sandbox com.apple.security.network.client So connecting to the service should work, because "com.apple.security.network.client" is enabled. At Roland, they say: "Cloud Manager isn't supported in a sandboxed environment." But as far as I can see, MainStage and other sandboxed apps works fine... So what is the right answer? Is there someone out there with the same issue? Thanks for helping :)

I have an application running in the sandbox which launches an application bundle using NSTask. The main app entitlements enable sandbox add the User Selected File Read/Write permission. <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> </dict> The child app entitlements enable sandbox and inherit. <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.inherit</key> <true/> </dict> When invoke NSSavePanel *savePanel = [NSSavePanel savePanel] in the child process, system will throw the error.The error message prompt that missing the User Selected File Read/Write permission. However, I have already added this permission in the main app, and I have set up the inherit in the child-process as well. The child process cannot add the User Selected File Read/Write permission again because it add sandbox and inherit in entitlements by the doc EnablingAppSandbox . It appears that the system is not inheriting this permission for the child process. panel[60195:2499353] [OpenSavePanels] Unable to display save panel: your app is missing the User Selected File Read/Write app sandbox entitlement. Please ensure that your app's target capabilities include the proper entitlements. And the error stack. [miscellany] CLIENT ERROR: remote view delegate NSSavePanel lacks method which can react to the details of Error Domain=com.apple.ViewBridge Code=14 "(null)" UserInfo={com.apple.ViewBridge.error.hint=-[NSViewServiceMarshal bootstrap:withReply:] caught NSInternalInconsistencyException '+[NSOpenAndSavePanelService loadViewToService:isOpenPanel:appCentric:] : failed entitlements check' with backtrace ( "0 CoreFoundation __exceptionPreprocess + 242", "1 libobjc.A.dylib objc_exception_throw + 48", "2 CoreFoundation -[NSException raise] + 9", "3 com.apple.appkit.xpc.openAndSavePan com.apple.appkit.xpc.openAndSavePan + 16852", "4 AppKit -[NSViewController _loadViewIfRequired] + 72", "5 AppKit __24-[NSViewController view]_block_invoke + 27", "6 AppKit NSPerformVisuallyAtomicChange + 132", "7 AppKit -[NSViewController view] + 123", "8 ViewBridge -[NSViewServiceMarshal _bootstrap:replyData:completion:] + 1826", "9 ViewBridge -[NSViewServiceMarshal bootstrap:withReply:] + 245", "10 CoreFoundation __invoking___ + 140", "11 CoreFoundation -[NSInvocation invoke] + 305", "12 CoreFoundation -[NSInvocation invokeWithTarget:] + 70", "13 ViewBridge -[NSVB_ViewServiceImplicitAnimationDecodingProxy forwardInvocation:] + 178", "14 CoreFoundation ___forwarding___ + 756", "15 CoreFoundation _CF_forwarding_prep_0 + 120", "16 CoreFoundation __invoking___ + 140", "17 CoreFoundation -[NSInvocation invoke] + 305", "18 CoreFoundation -[NSInvocation invokeWithTarget:] + 70", "19 ViewBridge -[NSVB_QueueingProxy forwardInvocation:] + 321", "20 CoreFoundation ___forwarding___ + 756", "21 CoreFoundation _CF_forwarding_prep_0 + 120", "22 CoreFoundation __invoking___ + 140", "23 CoreFoundation -[NSInvocation invoke] + 305", "24 CoreFoundation -[NSInvocation invokeWithTarget:] + 70", "25 CoreFoundation ___forwarding___ + 756", "26 CoreFoundation _CF_forwarding_prep_0 + 120", "27 CoreFoundation __invoking___ + 140", "28 CoreFoundation -[NSInvocation invoke] + 305", "29 ViewBridge __deferNSXPCInvocationOntoMainThread_block_invoke + 142", "30 ViewBridge __wrapBlockWithVoucher_block_invoke + 37", "31 ViewBridge kNotRunningOnAppKitCompatibleThread_block_invoke + 323", "32 CoreFoundation __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 12", "33 CoreFoundation __CFRunLoopDoBlocks + 398", "34 CoreFoundation __CFRunLoopRun + 2015", "35 CoreFoundation CFRunLoopRunSpecific + 560", "36 HIToolbox RunCurrentEventLoopInMode + 292", "37 HIToolbox ReceiveNextEventCommon + 657", "38 HIToolbox _BlockUntilNextEventMatchingListInModeWithFilter + 64", "39 AppKit _DPSNextEvent + 858", "40 AppKit -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1214", "41 ViewBridge __77-[NSViewServiceApplication vbNextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke + 111", "42 ViewBridge -[NSViewServiceApplication _withToxicEventMonitorPerform:] + 114", "43 ViewBridge -[NSViewServiceApplication vbNextEventMatchingMask:untilDate:inMode:dequeue:] + 151", "44 ViewBridge -[NSViewServiceApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 99", "45 AppKit -[NSApplication run] + 586", "46 AppKit NSApplicationMain + 817", "47 libxpc.dylib _xpc_objc_main + 867", "48 libxpc.dylib xpc_main + 96", "49 ViewBridge xpc_connection_handler + 0", "50 ViewBridge NSViewServiceMain + 1789", "51 com.apple.appkit.xpc.openAndSavePan main + 178", "52 dyld start + 1903" ), com.apple.ViewBridge.error.description=NSViewBridgeErrorServiceBootstrap}

I have a Flutter app that should be sandboxed for Appstore and this app should run a binary that I build with make. I sign that binary with Developer ID certificate: codesign -v -f --options=runtime --entitlements "./macos/Runner/binary_sandboxed.entitlements" --sign "Developer ID Application: ..." ./path/to/binary here is binary_sandboxed.entitlements: &lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt; &lt;plist version="1.0"&gt; &lt;dict&gt; &lt;key&gt;com.apple.security.app-sandbox&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.inherit&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.application-groups&lt;/key&gt; &lt;array&gt; &lt;string&gt;$(TEAM_ID).$(PRODUCT_BUNDLE_IDENTIFIER)&lt;/string&gt; &lt;/array&gt; &lt;key&gt;com.apple.security.cs.allow-jit&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.network.server&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.network.client&lt;/key&gt; &lt;true/&gt; &lt;/dict&gt; &lt;/plist&gt; and the main app runned with entitlements: &lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt; &lt;plist version="1.0"&gt; &lt;dict&gt; &lt;key&gt;com.apple.security.app-sandbox&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.inherit&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.application-groups&lt;/key&gt; &lt;array&gt; &lt;string&gt;Q7Q43CUMWT.$(PRODUCT_BUNDLE_IDENTIFIER)&lt;/string&gt; &lt;/array&gt; &lt;key&gt;com.apple.security.cs.allow-jit&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.network.server&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.network.client&lt;/key&gt; &lt;true/&gt; &lt;key&gt;keychain-access-groups&lt;/key&gt; &lt;array&gt; &lt;string&gt;$(AppIdentifierPrefix)$(PRODUCT_BUNDLE_IDENTIFIER)&lt;/string&gt; &lt;/array&gt; &lt;/dict&gt; &lt;/plist&gt; When I run app I get an error ProcessException: Operation not permitted In console log I see this message: denied since it was quarantined by Main app and created without user consent, qtn-flags was 0x00000086 if delete quarantine flag binary in Containers xattr -d com.apple.quarantine /Users/appuser/Library/Containers/com.bin/Data/Library/Application Support/com.bin/binary I got an error when run binary zsh: illegal hardware instruction failed: Unable to get bundle identifier because code signature information has no Info.Plist. What did I do wrong? And what should I do?

I'm building an app for deployment on iPhone, iPad and Mac Catalyst. I am using Automatic Code Signing. Project build without a single warning of any kind... Debugging and running the app on both iPhone and iPad is working fine both in the simulators as well as on various test devices. I have now turned to debugging on my Mac (M1Pro-MBP). I have run Clean many times....When I set the run destination to My Mac Catalyst and run I immediately see a dialog stating: "The LaunchServices launcher has returned an error. Please check the system logs for the underlying cause of the error." There is button to reveal details. Those details are shown below. At the moment I am under the impression that this must be a relatively straightforward configuration issue which I have overlooked.... The app does contain an action and if I build and run only the action with Mac Catalyst as the destination it runs fine.. I only hit the error when I try to run the container app with embedded action with my Mac as the run destination.... Can anyone shed any light on this matter? All thoughts appreciated! Steve Domain: IDELaunchErrorDomain Code: 20 Recovery Suggestion: The LaunchServices launcher has returned an error. Please check the system logs for the underlying cause of the error. User Info: { DVTErrorCreationDateKey = "2023-07-19 14:36:14 +0000"; DVTRadarComponentKey = 968756; IDERunOperationFailingWorker = IDELaunchServicesLauncher; } -- The operation couldn’t be completed. Launch failed. Domain: RBSRequestErrorDomain Code: 5 Failure Reason: Launch failed. -- Launchd job spawn failed Domain: NSPOSIXErrorDomain Code: 153 -- Analytics Event: com.apple.dt.IDERunOperationWorkerFinished : { "device_model" = "MacBookPro18,3"; "device_osBuild" = "13.4.1 (22F82)"; "device_platform" = "com.apple.platform.macosx"; "launchSession_schemeCommand" = Run; "launchSession_state" = 1; "launchSession_targetArch" = arm64; "operation_duration_ms" = 172; "operation_errorCode" = 20; "operation_errorDomain" = IDELaunchErrorDomain; "operation_errorWorker" = IDELaunchServicesLauncher; "operation_name" = IDERunOperationWorkerGroup; "param_consoleMode" = 0; "param_debugger_attachToExtensions" = 0; "param_debugger_attachToXPC" = 1; "param_debugger_type" = 3; "param_destination_isProxy" = 0; "param_destination_platform" = "com.apple.platform.macosx"; "param_diag_MainThreadChecker_stopOnIssue" = 0; "param_diag_MallocStackLogging_enableDuringAttach" = 0; "param_diag_MallocStackLogging_enableForXPC" = 1; "param_diag_allowLocationSimulation" = 1; "param_diag_checker_tpc_enable" = 1; "param_diag_gpu_frameCapture_enable" = 0; "param_diag_gpu_shaderValidation_enable" = 0; "param_diag_gpu_validation_enable" = 0; "param_diag_memoryGraphOnResourceException" = 0; "param_diag_queueDebugging_enable" = 1; "param_diag_runtimeProfile_generate" = 0; "param_diag_sanitizer_asan_enable" = 0; "param_diag_sanitizer_tsan_enable" = 0; "param_diag_sanitizer_tsan_stopOnIssue" = 0; "param_diag_sanitizer_ubsan_stopOnIssue" = 0; "param_diag_showNonLocalizedStrings" = 0; "param_diag_viewDebugging_enabled" = 1; "param_diag_viewDebugging_insertDylibOnLaunch" = 1; "param_install_style" = 0; "param_launcher_UID" = 2; "param_launcher_allowDeviceSensorReplayData" = 0; "param_launcher_kind" = 0; "param_launcher_style" = 99; "param_launcher_substyle" = 8192; "param_runnable_appExtensionHostRunMode" = 0; "param_runnable_productType" = "com.apple.product-type.application"; "param_testing_launchedForTesting" = 0; "param_testing_suppressSimulatorApp" = 0; "param_testing_usingCLI" = 0; "sdk_canonicalName" = "macosx13.3"; "sdk_osVersion" = "13.3"; "sdk_variant" = iosmac; } -- System Information macOS Version 13.4.1 (c) (Build 22F770820d) Xcode 14.3.1 (21815) (Build 14E300c) Timestamp: 2023-07-19T08:36:14-06:00

When we try to run our code that uses the containerURLForSecurityApplicationGroupIdentifier function, the returned value is null if the program was run with root privileges. (when we run the code like a normal user, it is works as expected) The following code was run: NSFileManager* fileManager = [NSFileManager defaultManager]; if(!fileManager) { return “”; } NSURL* containerURL = [fileManager containerURLForSecurityApplicationGroupIdentifier:[NSString stringWithUTF8String:group_name]]; if(!containerURL) { return “”; } -&gt; we will receive the right containerURL: /Users/{user}/Library/Group Containers/{group_name} If the same code will be run with root/admin privileges the containerURL will be NULL. With an older version of MacOS the output result was the following: normal user: /Users/{user}/Library/Group Containers/{group_name} root user : /private/var/root/Library/Group Containers/{group_name}

My app has the App Sandbox enabled and the File Access to Downloads folder is set to Read / Write in XCode. Upon clicking on a button the app should open the Finder displaying the Downloads folder. The following code snippet is used to launch the Finder if let inspirationsDirectory = FileManager.default.urls(for: .downloadsDirectory, in: .userDomainMask).first{ NSWorkspace.shared.open(inspirationsDirectory) } On my MacOS it works well. After releasing the app to the AppStore and installing it on another Mac the following message is received upon clicking the button: The application does not have permission to open "Downloads" Which would be the solution to launch the Finder successfully ? Is it possible to launch the Finder showing the Downloads folder sorted by the Date Added column descending ?