Hi,
I am now facing difficulties in sandboxing my app to distribute it at the App Store.
My app contains a binary executable that is distributed by a third party.
The executable was codesigned with a file for entitlements that contains exactly two App Sandbox entitlement keys:
The main app has four Keys:
To prevent injection of 'com.apple.security.get-task-allow' entitlement, 'Code Signing inject Base Entitlements' in the Signing pane of the Build Settings tab was set to 'NO'.
NSTask Launching of the binary with the NSHomeDirectory() as a current directory seems successful, but the binary returns a message to the standard error: 'Error: mdbenvopen: Operation not permitted' and the standard output says that files were not created.
The addition of an entitlement key 'com.apple.security.temporary-exception.files.absolute-path.read-write' with an associated array containing a string '/' did not work, hinting that the error is not from writing or reading of files but possibly from executing something.
Are those entitlement settings correct? Is it possible to find the offending action of the executable that is not permitted and to configure the sandbox to allow that action?
I would appreciate any hints or comments.
I am now facing difficulties in sandboxing my app to distribute it at the App Store.
My app contains a binary executable that is distributed by a third party.
The executable was codesigned with a file for entitlements that contains exactly two App Sandbox entitlement keys:
com.apple.security.app-sandbox, and
com.apple.security.inherit,
The main app has four Keys:
App Sandbox,
com.apple.security.files.user-selected.read-write,
com.apple.security.network.client,
com.apple.security.network.server,
To prevent injection of 'com.apple.security.get-task-allow' entitlement, 'Code Signing inject Base Entitlements' in the Signing pane of the Build Settings tab was set to 'NO'.
NSTask Launching of the binary with the NSHomeDirectory() as a current directory seems successful, but the binary returns a message to the standard error: 'Error: mdbenvopen: Operation not permitted' and the standard output says that files were not created.
The addition of an entitlement key 'com.apple.security.temporary-exception.files.absolute-path.read-write' with an associated array containing a string '/' did not work, hinting that the error is not from writing or reading of files but possibly from executing something.
Are those entitlement settings correct? Is it possible to find the offending action of the executable that is not permitted and to configure the sandbox to allow that action?
I would appreciate any hints or comments.
