3 Replies
      Latest reply on May 16, 2019 1:13 AM by eskimo
      tonyarnold Level 1 Level 1 (0 points)

        I'm in the process of enabling sandboxing, and the hardened runtime for my app, and I'm trying to share some files written my a group container shared by my main application, and an XPC service that it bundles.


        Unfortunately, any files or directories I create in the group container have com.apple.quarantine set on them.


        It doesn't seem to matter if I use NSFileManager API to create folders/files, or use an external tool like /usr/bin/ditto.


        Is there any way to prevent this?

        • Re: Preventing quarantine bit from being set when writing to app group container
          eskimo Apple Staff Apple Staff (11,225 points)

          Does the quarantine attribute actually cause a problem?  If so, how?

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: Preventing quarantine bit from being set when writing to app group container
              tonyarnold Level 1 Level 1 (0 points)

              Hi Quinn - thanks for replying!


              For my use, yes, I think it does cause a problem. I'm one of the developers working on Reveal and the filesystem items I'm writing out from our sandboxed app are:


              • An iOS framework that contains our runtime support
              • An iOS simulator application bundle that I use simctl to install and launch


              The installation via simctl works fine, but the Simulator refuses to load the app it seems because of that quarantine bit. I'm expecting I'll face similar problems when I try to dyld inject our framework into that app same app via launch args/environment variables.


              At this stage, I think we'll need to offer a post-install download containing these items in order to support sandboxing.


              Do you have any ideas? I'm keen to work within the rules, but I understand that my use case here isn't run-of-the-mill.