Apple Events won't trigger Privacy & Security alerts due to Sandboxing

Question

Created 2d

Replies 2

Boosts 0

Participants 2

I created an app in Xcode using ApplescriptObjC that is supposed to communicate with Finder and Adobe Illustrator. It has been working for the last 8 years, until now I have updated it for Sonoma and it no longer triggers the alerts for the user to approve the communication. It sends the Apple Events, but instead of the alert dialog I get this error in Console:

"Sandboxed application with pid 15728 attempted to lookup App: "Finder"/"finder"/"com.apple.finder" 654/0x0:0x1d01d MACSstill-hintable sess=100017 but was denied due to sandboxing."

The Illustrator error is prdictably similar.

I added this to the app.entitlements file:

<key>com.apple.security.automation.apple-events</key>
<array>
    <string>com.apple.finder</string>
    <string>com.adobe.illustrator</string>
</array>

I added this to Info.plist:

<key>NSAppleEventsUsageDescription</key>
<string>This app requires access to Finder and Adobe Illustrator for automation.</string>

I built the app, signed with the correct Developer ID Application Certificate.

I've also packaged it into a signed DMG and installed it, with the same result as running it from Xcode.

I tried stripping it down to just the lines of code that communicate with Finder and Illustrator, and built it with a different bundle identifier with the same result.

What am I missing?

Answered by DTS Engineer in 819734022

Also, you will need to add an Apple Event Temporary Exception entitlement to your app so it can talk to Illustrator. Please see The following for more details: Entitlement Key Reference: App Sandbox Temporary Exception Entitlements

Boost

Answer 1

DTS Engineer OP

Apple

2d

Recommended

Also, you will need to add an Apple Event Temporary Exception entitlement to your app so it can talk to Illustrator. Please see The following for more details: Entitlement Key Reference: App Sandbox Temporary Exception Entitlements

0

Answer 2

Gmath0001 OP

1d

Thanks for your help. I added Temporary Exception Entitlements as instructed in the docs, and after reading a bit further added Scripting Targets. I still have the same problem, but with different error messages. Finder and Illustrator processes give me this:

Since sending application [sess=100017 pid=25738 uid:501,501,501 g:20,20 pV:70839] is not permitted to send this AppleEvent to this process, returning an errAEEventNotPermitted reply.

Under the tccd process I get this:

AccessRequestIndirect: Policy disallows prompt for com.skyline.scaperapp; access to kTCCServiceAppleEvents denied

This is my Entitlements file:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.security.app-sandbox</key>
	<true/>
	<key>com.apple.security.automation.apple-events</key>
	<array>
    		<string>com.apple.finder</string>
    		<string>com.adobe.illustrator</string>
	</array>
	<key>com.apple.security.temporary-exception.apple-events</key>
	<array>
		<string>com.apple.finder</string>
    		<string>com.adobe.illustrator</string>
	</array>
	<key>com.apple.security.scripting-targets</key>
		<dict>
			<key>com.adobe.illustrator</key>
			<array>
				<string>Application</string>
				<string>Document</string>
				<string>Text</string>
			</array>
			<key>com.apple.finder</key>
			<array>
				<string>Standard</string>
				<string>Finder</string>
				<string>Container</string>
				<string>Desktop</string>
			</array>
		</dict>
	<key>com.apple.security.network.client</key>
	<true/>
	<key>com.apple.security.network.server</key>
	<true/>
</dict>
</plist>

I launched the app from a signed and notarized DMG.

What can I possibly do next?

0