I have a .saver which attempts to launch a helper .app and the helper app is struggling under Catalina (beta 1-3).
The .saver is launching the .app using a simple call to Process.Launch
The errors look like this:
rejecting read of { com.mycompany.saver.77300306, kCFPreferencesAnyUser, kCFPreferencesCurrentHost, no container, managed: 0 } from process 1281 (myScreensaver) because accessing preferences outside an application's container requiresuser-preference-read or file-read-data sandbox access
What's interesting:
- the error happens in my app before I do any reading or writing of CFPreferences - it appears to be the Appkit framework itself
- the CFPreferences are being read from kCFPreferencesAnyUser, kCFPreferencesCurrentHost, which seems wrong - shouldn't it be CurrentUser? I would expect that a sandboxed process would have no permissions to write to the AnyUser domain.
- also, when the app launches, it opens a WKWebView, which fails to render properly.
What I've tried:
- I've tried adding / removing changing the plist for my helper app (sandbox, sandbox inherit, various entitlements) but nothing seems to have any effect.
- I've found a partial workaround, which is to set the CFBundleIdentifier to the path to the container, e.g. /Users/username/Library/Containers/com.apple.ScreenSaver.Engine.legacyScreenSaver/Data/Library/Preferences/com.mycompany.saver.77300306 This prevents all the error messages in console;
- however WKWebView still fails to load.