This macOS app needs to access a file which is located in a custom dot folder (~/.folder/file)
but it is not clear how this should be done. Below are a few options I have considered.
Request Permission
Have the app request permission from the user with the path predefined. Then I expect I would need a security-scoped bookmark to retain access across app launches. Is it possible to predefine the path or does the user have to use a Finder window to select the file?
Agent
An agent could read the file and use XPC to communicate with the app. Perhaps this may have different access than a full a macOS app though there are not examples which I could follow for this use case.
Command Line Tool
The app installer could include a tool which the macOS app runs via shell and it would have the access that is needed. It would output JSON to stdout which can be read in with Swift/Codable. Using a shell to run a command may not allow access though. It would likely have the same restrictions as the app itself.
Access to a single file is all I need for now. I would like the option to access all contents of a folder for other use cases, so any API which allow that to work would be appreciated as well.
What is the best way to do this?
Related:
I can use the entitlement below despite that it is named a temporary exception. This has been in place for years and appears to be allowed all this time.
I want to clarify the meaning of the word temporary here. These temporary exception entitlements were named from the context of the Mac App Store. That is, App Review allowed folks to use them while we built out critical App Sandbox infrastructure. For example, the Mac App Store shipped before we had security-scoped bookmarks, and thus it made sense for App Review to allow folks to use these entitlements temporarily.
So, you must look at this from two different angles:
-
From the perspective of the App Store, these temporary exception entitlements should no be longer necessary and any use of them is carefully examined by App Review. And, while I don’t work for App Review, and thus can’t make definitive statements about their policy, my experience is that they typically reject folks using temporary exception entitlements.
-
From a purely technical perspective, temporary exception entitlements are public API and we don’t expect them to go away. If you’re sandboxing an app that you don’t plan to ship via the Mac App Store, it’s absolutely fine to use them.
I’ve filed a bug to get this clarification into the official documentation (r. 90755718).
With regards your specific situation, it’s sounds like you’re not planning to distribute via the Mac App Store and thus it’s reasonable for you to use a temporary exception entitlement. My only concern is that ~/.ssh
is pretty-darned security sensitive and thus it might make sense to move the code that access this to an XPC Service. That helps to reduce your attack surface. For example, you might code your XPC Service so that it can only read and return one specific key, which means that code running in your main app only has that capability, not the capability to read all files in that directory.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"