I've got an Audio Unit (AU) and it ran fine in Logic and GarageBand, up to and including OSX 10.12. But starting with OSX 10.13 (High Sierra), the AU now fails to run in GarageBand (but runs okay in Logic). The error message is:
Audio Unit plug-in can't be used. The Audio Unit xxxxx could not be loaded for your
project, and may need to be updated. Contact the manufacturer for
an updated version or further assistance.
Clearly, this is a sandbox issue, and our plugin does indeed access files outside the GarageBand container/folder. Most of the files it accesses are in a single folder, say: ~/Library/Application Support/MyPlugin/ There are hundreds of files there: so we need a way to approve that folder, not individual files.
I googled, and found one possible solution related to the GarageBand container folder: a softlink was needed at ~/Library/Containers/com.apple.garageband10/Data/... which referred to ~/Library/Application Support/MyPlugin/ But that softlink is already there (I guess GarageBand created it) so that is not the solution.
I've read the Apple doc on sandboxing at https://developer.apple.com/library/mac/technotes/tn2247/_index.html but I'm not sure what specifically needs to be done. It talks about popping up a dialog using NSOpenPanel, and after the user "approves" a given folder in that dialog, the plugin could save this folder permanently using an security-scoped bookmark. But the GarageBand does not let the plugin run at all: so there is no opportunity to even display a NSOpenPanel to the user.
Our plugin's PLIST file already contains the temporary (from 2013) lines:
<key>resourceUsage</key>
<dict>
<key>network.client</key>
<true/>
<key>temporary-exception.files.all.read-write</key>
<true/>
</dict>
But it looks like that temporary exception is no longer sufficient.
So the question is: given that the AU must access hundreds of files in one specific folder (outside the GarageBand container) what steps must be taken so GarageBand will run the plugin?