Sandbox file access

Hi, all. In my application user can select path in setting to copy file in this path. But user can selecp path



/Users/{username}/blablabla/


That would give this options, i set in sundbox "com.apple.security.files.user-selected.read-write". But after restart application, this access is not work. After every restart application users need select path. In my mind this is not normal. How access i can select for save file in any path ?

Replies

If the user grants you access to a path and you want to persist that access across relaunches of your app, you should use a security scoped bookmark. You can read about this in the Security-Scoped Bookmarks and Persistent Resource Access section of the App Sandbox Design Guide.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Sorry but i can't understand how this work. In documentation write, "create an app-scoped bookmark for that folder", ok, im try


NSURL *openPanelFileURL = [NSURL URLWithString:[urlString stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]];

NSError *error = nil; BOOL bookmarkDataIsStale;

NSData *bookmarkData = nil;

bookmarkData = [openPanelFileURL bookmarkDataWithOptions:NSURLBookmarkCreationWithSecurityScope includingResourceValuesForKeys:nil relativeToURL:nil error:&error];

if (error) { NSLog(@"Error creating bookmark for URL (%@): %@", urlString, error); [NSApp presentError:error];


but see error in terminal


Error creating bookmark for URL (/Users/username/Desktop/test/): Error Domain=NSCocoaErrorDomain Code=262 "Scoped bookmarks can only be made with file URLs" UserInfo={NSURL=/Users/username/Desktop/test/, NSDebugDescription=Scoped bookmarks can only be made with file URLs}


Your need create app-scoped for folder, but your can't create app-scoped for folder ??? ***???


What wrong?

"Scoped bookmarks can only be made with file URLs"

This isn’t referring to file vs directories, it means a URL with the

file
scheme (
file:///some/path
). You need to look at how
openPanelFileURL
is being created. Honestly, I don’t understand what the code you’ve posted is trying to do, and it doesn’t help that you haven’t shown where
urlString
comes from.

Most folks get a file URL straight from the open panel’s

URL
property (or
URLs
property, if you want to support multiple selection), and I strongly recommend you do that in this case.

Here’s a simple example:

NSOpenPanel *  panel;

panel = [NSOpenPanel openPanel];
panel.canChooseDirectories = YES;
panel.allowsMultipleSelection = NO;
panel.canChooseFiles = NO;
[panel beginSheetModalForWindow:self.window completionHandler:^(NSInteger result) {
    if (result == NSOKButton) {
        NSData *        bookmark;
        NSError *      error;

        bookmark = [panel.URL
            bookmarkDataWithOptions:NSURLBookmarkCreationWithSecurityScope
            includingResourceValuesForKeys:nil
            relativeToURL:nil
            error:&error
        ];
        if (bookmark != nil) {
            NSLog(@"success");
        } else {
            NSLog(@"error %@", error);
        }
    }
}];

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Do i understand correctly:


1. I need get bookmark to NSData

2. Save NSData to local file with access.

3. Restart application

4. Load bookmark to NSData from local file

5. Load NSUrl from NSData, this:

NSURL *bookmarkFileURL = nil;
ookmarkFileURL = [NSURL URLByResolvingBookmarkData:bookmark options:NSURLBookmarkCreationWithSecurityScope relativeToURL:nil bookmarkDataIsStale:&bookmarkDataIsStale error:&error];


6. startAccessingSecurityScopedResource for NSUrl


???

Do i understand correctly:

There’s lots of fiddly details to get right but, yeah, that’s the right overall strategy.

Oh, one things that’s definitely not right is the resolution code you posted.

NSURLBookmarkCreationWithSecurityScope
is a bookmark creation option. When resolving, you want
NSURLBookmarkResolutionWithSecurityScope
.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Can this method work in 10.14 Mojave for access a folder in ~/Library, and its contents ? Or does that require full disk access privileges no matter what ? My tests seem to indicate the latter, but may be I'm missing something.