My app is sandboxed (for submission in the Mac App Store).
In one of the app's functions I need to execute a small bash script.
I tried to use NSTask passing the bash script in one of the arguments. The task launches but unfortunately the script doesn't produce desired results due to sandboxing.
I noticed that if I use NSUserUnixTask and launch the script from a SH file on disk, then the task launches and the script DOES produce the desired result.
Unfortunately, NSUserUnixTask doesn't work if the script file is located inside the app bundle. The file must reside in ~/Library/Application Scripts/<bundle id>/ directory. My app already has read-write access to that folder (the user has granted it), so I thought that I could temporarily copy the bash script file there and launch it with NSUserUnixTask.
However I wonder what are implications of such approach. Obviously, the script can be modified by other software and then my app would execute potentially malicious code. Even if I install the script only for a fraction of a second and remove it immediately after completion, the small theoretical probability that the code could be modified is not entirely excluded.
On the other hand, NSUserUnixTask is SUPPOSED to launch scripts installed from the Application Scripts directory, isn't it? So perhaps it's supposed to be an OK solution?
I wonder how the App Store review team would respond to the above solution. Is it prohibited or may be OK, should I even try?