Installer.app asks permission before writing App Sandbox Data Container since macOS 14 Sonoma

I found my pkg installer while writing to Data Container in App Sandbox since macOS 14 Sonoma. What is wrong with my installer?

My pkg will install file to App Sandbox Container. (Destination Path: "~/Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents/Dictionaries/SKK-JISYO.L")

But I found Installer always asks that

“Installer” would like to access data from other apps. Keeping app data separate makes it easier to manage your privacy and security.

Click "Don't Allow" button and Installer.app says "The installation failed".

This dialog is not shown macOS 13 Ventura. So it seems to relate App Sandbox changes in macOS 14: https://developer.apple.com/documentation/security/app_sandbox/accessing_files_from_the_macos_app_sandbox

Is there a way to write to App Sandbox Container from pkg?

For detail: https://github.com/mtgto/macSKK/issues/54

Also you can download installer from https://github.com/mtgto/macSKK/releases/tag/0.9.1 (pkg file is exists in macSKK-0.9.1.dmg)

macOS 14 add app data container protection. You can learn more about it in WWDC 2023 Session 10053 What’s new in privacy, starting at 17:46. I’m not sure how your installer is managing to trip this. Within the installer package, what’s actually writing to this file? The installed contents itself? Or some sort of script?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@eskimo Thanks for reply. I also watched the video "What's new in privacy". This video says "All apps signed with your Team ID can access data in your other app's containers by default", starting at 20:55.

My thoughts are as follows:

  • App is signed with "Developer ID Application".
  • Pkg is signed with "Developer ID Installer" with same Team ID.
  • So Installer can write to App Container because installer pkg and app has signed with same Team ID.

I’m not sure how your installer is managing to trip this. Within the installer package, what’s actually writing to this file? The installed contents itself? Or some sort of script?

No script. My installer bundles app pkg and data pkg using productbuild --distribution script/distribution.xml. After building bundled pkg, signs using productsign.

Data pkg contains a file Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents/Dictionaries/SKK-JISYO.L.

❯ pkgutil --files net.mtgto.inputmethod.macSKK.app
._Library
Library
Library/._Input Methods
Library/Input Methods
Library/Input Methods/._macSKK.app
Library/Input Methods/macSKK.app
Library/Input Methods/macSKK.app/._Contents
Library/Input Methods/macSKK.app/Contents
...

❯ pkgutil --files net.mtgto.inputmethod.macSKK.dict
._Library
Library
Library/._Containers
Library/Containers
Library/Containers/._net.mtgto.inputmethod.macSKK
Library/Containers/net.mtgto.inputmethod.macSKK
Library/Containers/net.mtgto.inputmethod.macSKK/._Data
Library/Containers/net.mtgto.inputmethod.macSKK/Data
Library/Containers/net.mtgto.inputmethod.macSKK/Data/._Documents
Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents
Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents/._Dictionaries
Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents/Dictionaries
Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents/Dictionaries/._SKK-JISYO.L
Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents/Dictionaries/SKK-JISYO.L

Addition: Signatures of app and installer package

app has signed with Team ID "W3A6B7FDC7"

❯ codesign -dvvv ~/Library/Input\ Methods/macSKK.app
Executable=/Users/user/Library/Input Methods/macSKK.app/Contents/MacOS/macSKK
Identifier=net.mtgto.inputmethod.macSKK
Format=app bundle with Mach-O universal (x86_64 arm64)
CodeDirectory v=20500 size=5128 flags=0x10000(runtime) hashes=149+7 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=4ebfa49edd8731cc6bcff49b0592877a769dbd8d
CandidateCDHashFull sha256=4ebfa49edd8731cc6bcff49b0592877a769dbd8dcdf6dfef04e58c8d318d6f99
Hash choices=sha256
CMSDigest=4ebfa49edd8731cc6bcff49b0592877a769dbd8dcdf6dfef04e58c8d318d6f99
CMSDigestType=2
CDHash=4ebfa49edd8731cc6bcff49b0592877a769dbd8d
Signature size=9046
Authority=Developer ID Application: Satoshi Gotou (W3A6B7FDC7)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Oct 8, 2023 at 10:11:39
Info.plist entries=34
TeamIdentifier=W3A6B7FDC7
Runtime Version=14.0.0
Sealed Resources version=2 rules=13 files=7
Internal requirements count=1 size=220

pkg has Team ID "W3A6B7FDC7"

❯ pkgutil --check-signature /Volumes/macSKK/macSKK-0.9.1.pkg
Package "macSKK-0.9.1.pkg":
   Status: signed by a developer certificate issued by Apple for distribution
   Notarization: trusted by the Apple notary service
   Signed with a trusted timestamp on: 2023-10-08 01:11:41 +0000
   Certificate Chain:
    1. Developer ID Installer: Satoshi Gotou (W3A6B7FDC7)
       Expires: 2027-02-01 22:12:15 +0000
       SHA256 Fingerprint:
           4B 04 F9 16 DA 30 68 EC 00 BC 5B B5 F6 E2 C4 88 FC 22 A3 F7 F3 1B
           A1 A5 06 B7 54 27 01 0B 37 12
       ------------------------------------------------------------------------
    2. Developer ID Certification Authority
       Expires: 2027-02-01 22:12:15 +0000
       SHA256 Fingerprint:
           7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03
           F2 9C 88 CF B0 B1 BA 63 58 7F
       ------------------------------------------------------------------------
    3. Apple Root CA
       Expires: 2035-02-09 21:40:36 +0000
       SHA256 Fingerprint:
           B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C
           68 C5 BE 91 B5 A1 10 01 F0 24

My thoughts are as follows:

I can sympathise with that line of thinking. Assuming that this reproduces on a ‘clean’ machine, I recommend that you file a bug about it.

Please post your bug number, just for the record.

As to how you work around this, the obvious option is to do nothing. Your users get a scary warning but assuming they click Allow everything will just work.

Beyond that, I’d need to get more big picture details. Does this only crop up when you upgrade your app using this installer? Or do you see it on first install of the app?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Does this only crop up when you upgrade your app using this installer? Or do you see it on first install of the app?

I test with clean install, and it does not show the dialog. Re-install also show no dialog after launch app & create a file in App Container.

Since it is no reproducing, my guess is that the problem was caused by launching an application sign with an adhoc signature ("Sign to Run Locally") so that the owner of the container is changed from the legitimate Team ID:

  1. Build adhoc signature app (choose "Sign to Run Locally" in Xcode) and launch
  2. The app shows a dialog “macSKK” is from an unidentified developer and differs from previously opened versions. Are you sure you want to open it? after accessing App Container (?)
  3. Choose "Open Anyway", it changes the owner of App Container (?)
  4. Open pkg via Installer.app, it shows the dialog “Installer” would like to access data from other apps..

I have found that by using certificates with same Team IDs in debug builds, such as when running unit tests, the problem does not reproduce itself in my environment.

I have found that by using certificates with same Team IDs in debug builds, such as when running unit tests, the problem does not reproduce itself in my environment.

Cool. This is one of many reasons why I recommend that folks using Apple Development signing for day-to-day development.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Installer.app asks permission before writing App Sandbox Data Container since macOS 14 Sonoma
 
 
Q