MacOS start child process and permissions

Question

Created Feb ’23

Replies 6

Boosts 0

Views 1.7k

Participants 2

I've built an app using Electron and a console app using .Net core that is shell'd by my Electron app. The Electron ".app" package installs and works fine, it can start my child process and communicate with it. However, the child process cannot open/create a log text file when it runs as a child process of my Electron parent app.

However, when I use terminal to navigate into the app package folder I can start my console app process directly in the terminal and see that in fact it can / does create a log file and writes to it successfully. The file is created inside the same folder where my child process is located. This is the behavior I want and expect.

So, where do I start looking in terms of permissions or ?? so that I can resolve this issue and start my sub process from my parent app and allow the sub process to open/create files in its local directory/folder for debugging / logging purposes?

Thanks

Boost

Answer 1

DTS Engineer OP

Apple

Feb ’23

Is your main app sandboxed?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

deep-mac OP

Mar ’23

Does this forum actually worked? I've posted 2 replies and both haven't been posted to this thread... If this one works, my question is how would I know if this Electron app is sandboxed? And, either way what would be the remedy if it is or isn't...?

0

Answer 3

DTS Engineer OP

Apple

Mar ’23

I've posted 2 replies and both haven't been posted to this thread.

Weird. I see no sign of these from my side [1] but I’ll check internally.

my question is how would I know if this Electron app is sandboxed?

In Electron, I’ve no idea. In a standard Xcode project you can check for the App Sandbox capability in the Signing & Capabilities tab. Alternatively, you can dump the entitlements of the built app:

% codesign -d --entitlements - /Applications/PCalc.app | grep -A 1 "com.apple.security.app-sandbox"
Executable=/Applications/PCalc.app/Contents/MacOS/PCalc
	[Key] com.apple.security.app-sandbox
	[Value]
% codesign -d --entitlements - /Applications/VMware\ Fusion.app | grep -A 1 "com.apple.security.app-sandbox" 
Executable=/Applications/VMware Fusion.app/Contents/MacOS/VMware Fusion
%

what would be the remedy if it is or isn't...?

In both case a program should locate the correct place for its log files using FileManager. For example:

let log = try FileManager.default.url(for: .libraryDirectory, in: .userDomainMask, appropriateFor: nil, create: true)
    .appending(path: "Logs", directoryHint: .isDirectory)
    .appending(path: "MyApp.log", directoryHint: .notDirectory)

If the app is not sandboxed, that’ll end up it ~/Library/Logs/MyApp.log. If the app is sandboxed, it’ll be at Library/Logs/MyApp.log relative to the root of the app’s container.

Having said that, logging to text files is not something I recommend. Rather, I encourage folks to log to the system log. See Your Friend the System Log for more on that.

The file is created inside the same folder where my child process is located.

That’s definitely not going to work. Your app’s bundle is effectively read-only [2] so, if this tool is embedded within your app, it won’t be able to create log files in the same directory as the tool.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Normally when the moderators get… *cough*… over enthusiastic I’m able to at least see the deleted posts.

[2] See the Separate read-only and read/write content section of Embedding nonstandard code structures in a bundle.

0

Answer 4

deep-mac OP

Mar ’23

Thanks Eskimo. Alright, let me see what I can do. Syslog can work. However, does this (to your last point - "Your app's bundle is effectively read-only...") rule out using things like embedded SQL (sql lite) db's for Mac apps?

I'll read the docs you referenced, 'preciate it

0

Answer 5

DTS Engineer OP

Apple

Mar ’23

However, … "Your app's bundle is effectively read-only..." … rule out using things like embedded SQL (sql lite) db's for Mac apps?

That depends on how you treat the database:

If the database is entirely read-only, SQLite will happily work with it. You just have to make sure you open it in read-only mode.
If you need read/write access, the simplest approach is to bundle an initial copy of the database inside your app and then copy it to a read/write location before working with it. FileManager has another directory selector, .applicationSupportDirectory, that returns a location suitable for this.
If the initial database is huge, such that copying it would have significant disk space impact on the user, things get more complex )-:

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 6

deep-mac OP

Mar ’23

Thanks, ok, noted. I'll do some homework... Actually, the only reason I built my 1.0 with Electron is bc I had built an entire (my first) MacOS app with Swift to host WkWebView and then some Xcode update happened and my entire Storyboard broke. I tried to figure out the issue and it was over my head and didn't want to re-do the entire month of work it took me to design that Storyboard UI... So, I punted and moved the app to Electron (which sucks in so many ways but it's stable and covered all the platforms I needed like Apple Silicon/Intel, Windoze, Linux, etc).

But, honestly, I know I have to go back and re-build my MacOS app and eventually ship using Swift for the Mac version of my app. I just didn't / don't have the time for that at the moment. I would not classify my "first app build" on MacOS with Swift and Xcode and Storyboards to be gentle or all that productive... But, I learned a lot. And in the end, I may just create C++ cross platform base to all my apps bc I'm more comfortable doing that anyway. Swift is eh.... Frankly fairly cryptic IMO...

Thanks for all the help. Launch soon, wish me luck

0