How to escape sandbox when performing integration testing?

Question

Created Mar ’22

Replies 5

Boosts 0

Views 1.9k

Participants 2

I am performing some tests that involves the app extension and an external app connected through XPC I get the following when I try to connect to an external app from the safari app extension with sandbox enabled

connection to service named "com.test.sample"was invalidated: failed at lookup with error 159 - Sandbox restriction." UserInfo={NSDebugDescription=The connection to service named com.test.sample was invalidated: failed at lookup with error 159 - Sandbox restriction.

I have tried:

Disabling the sandbox for the app extension target
Adding the entitlements file path in the test target

Both of which still give me the same result. How can I proceed with this?

Does the entitlement for the sandbox only work when Safari is running the appex?

Boost

Answer 1

DTS Engineer OP

Apple

Mar ’22

Just to be clear, this is a Mac app, right?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

sabz19 OP

Mar ’22

No the unit tests are for the app extension piece that is bundled with the mac app.

0

Answer 3

DTS Engineer OP

Apple

Mar ’22

The host app for the Unit tests is the mac app

Right. Just trying to ensure that you’re not working on iOS [1].

Lemme see if I’ve got this straight:

You have a container app [2].
It contains a Safari app extension.
You have a unit test bundle.
The unit test bundle is loaded into your container app.

Is that right?

So, with regards this quote from your original post:

I am performing some tests that involves the app extension and an external app

What is this “external app”? And how does it register its XPC service?

Also, are you using the XPC C API? Or NSXPCConnection?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] XPC is very uncommon on iOS but there are situations where it’s actually supported.

[2] Just as a reminder, in app extension parlance:

The container app is the app in which the appex physically resides.
The host app is the app that uses the appex.

0

Answer 4

sabz19 OP

Mar ’22

@eskimo The external app outside the sandbox is run as a daemon process. The appex connects with this daemon process via xpc by machService name lookup

0

Answer 5

DTS Engineer OP

Apple

Mar ’22

The external app outside the sandbox is run as a daemon process. The appex connects with this daemon process via xpc by machService name lookup

Given that, the droid you’re looking for is com.apple.security.temporary-exception.mach-lookup.global-name, per App Sandbox Temporary Exception Entitlements. Add this to your XPC Service’s entitlements.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1