We are working on an application to do color calibration of monitors. I have written a sample app that is hardened but not sandboxed that sets the profile in C++ code just fine. But it is not working when I run it in a sandboxed application. I get the following error when it is run from our Sandboxed app.
/var/folders/74/k56q83tx0457gjp1mtvq37x40000gn/T/Seboya.TruHu.MacApp/2022-05-20-15-37-27/SeboyaProfile.icc successfully created 2022-05-20 13:39:13.900926+0000 SebProf[1718:21690] [User Defaults] Couldn't write values for keys ( "com.apple.ColorSync.Devices" ) in CFPrefsPlistSource<0x60000261ed80> (Domain: kCFPreferencesAnyApplication, User: kCFPreferencesCurrentUser, ByHost: Yes, Container: (null), Contents Need Refresh: No): setting preferences outside an application's container requires user-preference-write or file-write-data sandbox access 2022-05-20 13:39:13.901033+0000 SebProf[1718:21690] [SebProf] ColorSyncDeviceRegistrySynchronize failed for kCFPreferencesCurrentUser, kCFPreferencesCurrentHost
We are trying to use the ColorSyncDeviceSetCustomProfiles API to set the Color Profile. Please let us know how we can go about setting a Color Profile in a sandboxed application.
Also I tried porting this C++ code to both Objective C and to Swift but it is not working in either case I would like to do it in Swift is this possible? Any example Swift code would be most helpful!
The second problem we are having is that we are trying to copy the icc Color Profile into the Users ~Username/Library/ColorSync/Profiles folder. It appears that it needs to be located in this folder to show up in the System Preferences Display Color Profile Menu and allow users to toggle between it and other color profiles. I am using the API SFAuthenticaton from the Security Framework to obtain administrative privileges in order to be able to write to this folder but it is still failing after entering and administrative password. I had to make this be a Hardened application without being Sandboxed for this API to work, the SFAuthorization documentation says that it does not work in Sandboxed apps.
"Important The authorization services API is not supported within an app sandbox because it allows privilege escalation.”
How can we write a file to this folder in a sandboxed application?