5 Replies
      Latest reply on Sep 9, 2019 7:48 AM by eskimo
      srakesh Level 1 Level 1 (0 points)

        In our application we start and close external applications.

        Applications are started by opening the document/Uri of corresponding application.

        these application are later closed by using apple script

        osascript -e 'tell application \"APP_NAME\" to quit'

         

        This works in normal mode, but not in sandbox mode.

         

        I tried with following entitlements

         

            <key>com.apple.security.temporary-exception.apple-events</key>

            <array>

                   <string>com.microsoft.SkypeForBusiness</string> 

                   <string>com.logmein.GoToMeeting</string>

            </array>

            <key>com.apple.security.automation.apple-events</key>

            <true/>

            <key>com.apple.security.scripting-targets</key>

            <dict>

                  <key>com.microsoft.SkypeForBusiness</key>

                       <array>

                            <string>com.apple.systemevents</string>

                       </array>

                  <key>com.logmein.GoToMeeting</key>

                       <array>

                            <string>com.apple.systemevents</string>

                       </array>

            </dict>

         

        and in info.plist

          <key>NSAppleEventsUsageDescription</key>

          <string>Close apps started by this application</string>

         

        But I get error privilege violation occurred.

        GoToMeeting is downloaded from thier website in dmg format and Skype for buisness is pkg.

         

        Is there any issue with entitlements used or any other way to close open apps?

        Mac OS used: 10.13.6

        Development platform: electron

        • Re: Close other apps in sandbox mode
          eskimo Apple Staff Apple Staff (11,835 points)

          Are you sandboxed for the benefit of Mac App Store distribution?  Or are you shipping independently, via Developer ID, and have opted into the sandbox because it’s a good thing?

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: Close other apps in sandbox mode
              srakesh Level 1 Level 1 (0 points)

              Yes, sandboxing for Mac App store distribution.

                • Re: Close other apps in sandbox mode
                  eskimo Apple Staff Apple Staff (11,835 points)

                  First up, running scripts to quit an app is overkill.  A much more lightweight approach is to call -[NSRunningApplication terminate].

                  However, neither approach will work in a sandboxed app, because the sandbox significantly restricts an app’s ability to interfere with other apps.  You could potentially get around this with entitlements (like the com.apple.security.temporary-exception.apple-events entitlement you referenced), but such entitlements are carefully reviewed, and most often rejected, by App Review.

                  Can you walk me through the user scenario here?  Why do you need to quit running apps?

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                    • Re: Close other apps in sandbox mode
                      srakesh Level 1 Level 1 (0 points)

                      Thanks for the replay.

                      In the begining of the workflow, we start these apps(conference/screen mirroring) either by "open [URL]" or "open [APP_registered_FILE].

                      This will make the user to share the screen with others

                      So at the end of the workflow, these opened app has to be closed.

                      bz the app is developed using electron, to close the apps gracefully we use applescript.

                       

                      I understand the using specific entitlements, the possibily of rejection in review is present.

                      But first I want know if the entitlement values are correct. or is there any other way to achieve this in sandbox environment

                       

                      Let me know if more info is required.

                        • Re: Close other apps in sandbox mode
                          eskimo Apple Staff Apple Staff (11,835 points)

                          the app is developed using electron, to close the apps gracefully we use applescript.

                          If your only goal is to terminate an app, using AppleScript makes things way more complex than necessary.  Specifically, AppleScript has a habit of sending all sorts of weird and wonderful events to the target process, whereas in this case you really want to focus on the 'quit' Apple event.  And the easiest way to send that is with NSRunningApplication.

                          But first I want know if the entitlement values are correct.

                          As to how to get that to work, here’s a simple example:

                          let textEdit = NSRunningApplication.runningApplications(withBundleIdentifier: "com.apple.TextEdit").first!
                          let success = textEdit.terminate()
                          print("success: \(success)")

                          This is using these entitlements:

                          $ codesign -d --entitlements :- …
                          …
                          <dict>
                              <key>com.apple.security.app-sandbox</key>
                              <true/>
                              <key>com.apple.security.get-task-allow</key>
                              <true/>
                              <key>com.apple.security.temporary-exception.apple-events</key>
                              <array>
                                  <string>com.apple.TextEdit</string>
                              </array>
                          </dict>
                          </plist>

                          This code works a treat on macOS 10.14.6.

                          WARNING While I don’t work for App Review, and thus can’t make definitive statements on their behalf, my understanding is that they won’t allow you to use the com.apple.security.temporary-exception.apple-events entitlement.

                          or is there any other way to achieve this in sandbox environment

                          Not that I’m aware of.

                          Share and Enjoy

                          Quinn “The Eskimo!”
                          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                          let myEmail = "eskimo" + "1" + "@apple.com"