Copying a .plist file to LaunchAgents folder in the User Library with app sandbox enabled

After an extensive research, I haven’t found a canonical answer to what seems a fairly common task — placing a launch agent to the LaunchAgents folder.

I would like to copy a propriety list file to ~/Library/LaunchAgents/com.mycompany.MyAgent.plist from my sandboxed app.

  • Can this be achieved with app sandbox enabled?
  • Which entitlement should I use (if any)?
  • Will it pass the Mac App Store app review if I enable it?
  • Is there a best practice that I’m missing?

I know we’re not supposed to access a path outside of the app sandbox without the user’s consent, but I have a justified and legitimate case to copy a file with a particular com.mycompany.MyAgent.plist name to a very specific folder.

———

Note: I don’t need to manually start the launch agent. macOS will see my .plist file and load it automatically the next time it restarts. (Launch agents are regular user processes so none of this requires any special privileges.)

Of course, if I try to copy the .plist file, it’s placed in a folder relative to my app’s container rather than the user’s real home folder. If I disable the sandbox, I get the desired result.

Any help is greatly appreciated and good ideas are welcome. Thank you.

Answered by DTS Engineer in 695573022

Presumably your app is sandboxed because you want to deploy via the Mac App Store. If so, installing a launchd agent in this way is not going to fly. Rather, you must use a Service Management login item, installed via SMLoginItemSetEnabled. This is the standard way for App Store apps to maintain a persistent presence.

Oh, and if you’re doing to do this, make sure to read clause 2.4.5(iii) of the App Store Review Guidelines.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Accepted Answer

Presumably your app is sandboxed because you want to deploy via the Mac App Store. If so, installing a launchd agent in this way is not going to fly. Rather, you must use a Service Management login item, installed via SMLoginItemSetEnabled. This is the standard way for App Store apps to maintain a persistent presence.

Oh, and if you’re doing to do this, make sure to read clause 2.4.5(iii) of the App Store Review Guidelines.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Copying a .plist file to LaunchAgents folder in the User Library with app sandbox enabled
 
 
Q