How can I run scripts with Sandbox enabled for AppStore distribution ?

Hey! Im new here and currently learning iOS/macOs development (SwiftUI), so...take me easy :) I want to create a simple macOS app to let user set time until computer power off. I found an example with AppleScript and use it on my app, but I found that App won't run with Sandbox enabled, and to deploy app on AppStore it show me that Sandbox must be enabled.

The script I want to use:

 'tell application "System Events" to shut down'

I found some examples that add script onAbsolute path, but after I do that, it won't let me to distribute the app, only export to run local. It is any way to make script running (no matter, if app ask for user permission/admin pass) ?

Answered by DTS Engineer in 776826022

AppleScript runs fine in a sandbox app. The issue here is that this specific script works by sending Apple events to the System Events app. By default the App Sandbox blocks you from sending those Apple events.

There are ways to change that default, known as temporary exception entitlements. See App Sandbox Temporary Exception Entitlements. However, this won’t work for you because you’re targeting the Mac App Store. While I don’t work for App Review, and can’t make definitive statements on their behalf, my experience is that they take a dim view of folks trying to use temporary exception entitlements for this sort of thing.

This speaks to a wider App Store philosophy. In general, App Store apps are not allowed to make changes that affect other apps, or the system, and shutting down the system is such a change.

One potential way around this is to support script attachability. Imagine you recast your app from ‘shut down at this time’ to ‘run a script at this time’. That sort of thing is supported in App Store apps via NSUserScriptTask and its various subclasses. If the user then chooses to configure your app to run a script that shuts down the system, that’s their prerogative.

Alternatively, you could choose to distribute your app directly, using Developer ID signing. Such an app doesn’t need to be sandboxed and, even if it is sandboxed, can freely use temporary exception entitlements to punch minimal holes in the sandbox.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Accepted Answer

AppleScript runs fine in a sandbox app. The issue here is that this specific script works by sending Apple events to the System Events app. By default the App Sandbox blocks you from sending those Apple events.

There are ways to change that default, known as temporary exception entitlements. See App Sandbox Temporary Exception Entitlements. However, this won’t work for you because you’re targeting the Mac App Store. While I don’t work for App Review, and can’t make definitive statements on their behalf, my experience is that they take a dim view of folks trying to use temporary exception entitlements for this sort of thing.

This speaks to a wider App Store philosophy. In general, App Store apps are not allowed to make changes that affect other apps, or the system, and shutting down the system is such a change.

One potential way around this is to support script attachability. Imagine you recast your app from ‘shut down at this time’ to ‘run a script at this time’. That sort of thing is supported in App Store apps via NSUserScriptTask and its various subclasses. If the user then chooses to configure your app to run a script that shuts down the system, that’s their prerogative.

Alternatively, you could choose to distribute your app directly, using Developer ID signing. Such an app doesn’t need to be sandboxed and, even if it is sandboxed, can freely use temporary exception entitlements to punch minimal holes in the sandbox.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

How can I run scripts with Sandbox enabled for AppStore distribution ?
 
 
Q