No permission to read file when chosen with .fileImporter

I have a sandboxed application that opens a file that has been chosen by the NSOpenPanel (or .fileImporter as it is a SwiftUI).

The permissions are set properly with for the sandbox (see screenshot)

After recompiling with Xcode 15.3 (and also with 15.2) the permission is not granted anymore and I cannot open the file anymore. An exception is thrown with The file “someFile.csv” couldn’t be opened because you don’t have permission to view it..

Is there something new, that needs to be done, so that this works again? If I turn off the sandbox the file opens without any problem.

It is even reproducible with a completely new application with the following simple code:

import SwiftUI
import UniformTypeIdentifiers

@main
struct IFinanceCleanerApp: App {
    var body: some Scene {
        WindowGroup {
            ContentView()
        }
    }
}

struct ContentView: View {
    @State private var url: URL?
    @State private var showErrorDialog = false
    @State private var showImporter = false
    @State private var lastError: Error?
    
    var body: some View {
        Button("Show") {
            showImporter = true
        }
        .fileImporter(isPresented: $showImporter, allowedContentTypes: [.commaSeparatedText]) { result in
            switch result {
            case .success(let openUrl):
                url = openUrl
                do {
                    let strings = try String(contentsOf: openUrl)
                } catch {
                    showErrorDialog = true
                    lastError = error
                }
            case .failure(let error):
                print("Open Panel failed: \(error.localizedDescription)")
            }
        }
        .alert("Opening File failed", isPresented: $showErrorDialog) {
            Button("OK") {}
        } message: {
            Text(lastError?.localizedDescription ?? "")
        }
    }
}

I have found a workaround to this. If you explicitly ask to access a securityScopedResource then it works again.

So if you add the following code

let access = openUrl.startAccessingSecurityScopedResource()
defer {
   if access {
      openUrl.stopAccessingSecurityScopedResource()
   }
}

then the file can be opened again.

But this is clearly against the documentation. In https://developer.apple.com/documentation/security/app_sandbox/accessing_files_from_the_macos_app_sandbox?language=objc the documentation states clearly the following:

The operating system implicitly starts security-scoped access on URLs passed from open panels, save panels, or items dragged to your app’s icon in the Dock.

This is clearly not happening anymore. I think I will file a bug.

Is there any progress or workaround? startAccessingSecurityScopedResource helps with files created by the app, but whenever I try to open the same file, but modified externally (by other computer) or try to open any arbitrary file, I can't. Hitting 'unknown client' with 'permission denied'.

No permission to read file when chosen with .fileImporter
 
 
Q