I have an app on the Mac App Store (so sandboxed) that includes a QuickLook Preview Extension that targets Markdown files. It works just.
But I'm in the process of updating it so that it displays inline images as well as styled text. However, despite setting Downloads read-only access permission (and user-selected, though I know that shouldn't be required: no open/save dialogs here) in the extension's entitlements, Sandbox refuses too allow access to the test image: I always get a deny(1) file-read-data error in the log.
FWIW, the test file is referenced in the source Markdown as an absolute path.
I've tried different signings and no joy. I’ve tried placing the referenced image in various other locations. Also no joy.
Question is, is this just something QuickLook extensions cannot do from within the sandbox, or am I missing something? Is there anything extra I can do to debug this?