Any chance to use 'com.apple.security.temporary-exception.sbpl' and get my app published?

Hello,

I'm also interested,

Is there a way to access IOKit in the sandbox mode?

Thank you

I use IOKit in the sandbox. It works fine for me. It would be better to start your own thread with the specific details of what you are having trouble with.

John, can you please tell me how to use IOKit in the sandbox? Now i use

<Key> com.apple.security.temporary-exception.sbpl </ key>

<string> (allow iokit-open) </ string>

and this cause of rejection in the Mac App Store.

Any ideas how to save sandbox status and get information from IOKit without security.temporary-exception?

My comment was meant for sglibey who had resurrected a year-old thread with some kind of IOKit question. My reply would also be applicable to your question a few months after that.

Rather than ask about a temporary expection, it would be better to explain what you are attempting and ask how to do it. If you current use a particular method, say what that is, and explain the temporary expection you are using to make it work.

My app makes some IOKit calls from the sandbox and it works fine with no temporary exception or anything else out of the ordinary. All I am doing is iterating through IOKit devices that match a query string and returning their values. I use functions like IOServiceGetMatchingServices, IOIteratorNext, IORegistryEntryCreateCFProperties, IORegistryEntryGetParentEntry, IORegistryEntryGetChildIterator, and IORegistryEntryGetParentIterator.

That is about all I know how to do in IOKit.

Rather than ask about a temporary expection, it would be better to explain what you are attempting and ask how to do it.

Indeed. And if you put that in a new thread, that’d be grand (either here in Distribution > Mac Apps or over in Core OS > Drivers and Device Access). Problems like this a very much specific to your use case, so it’s hard to offer advice that’s applicable to all developers.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I use this SMCWrapper(https://github.com/FergusInLondon/SMCWrapper) to get the CPU temperature and fan speed, but in order for it to work with the sandbox it is necessary to use the exception

<Key> com.apple.security.temporary-exception.sbpl </ key>

<string> (allow iokit-open) </ string>

because of which the application does not pass the test in the Mac App Store.

Maybe you have an idea how to make this wrapper work without exception (I'm just weak in C)? My email utopiacosmica@icloud.com. Thank you very much!

There’s no supported API to get CPU temperatures and fan speeds on the Mac. Specifically, the

AppleSMC

This assumes that you’re specifically looking for CPU temperatures and fan speeds. If you’re using that information for other purposes ― for example, as a proxy for whether the machine is under thermal stress ― there may be alternative approaches you can take. If that’s the case, post back with more details about your requirements.

Finally, if you’d like Apple to add supported CPU temperature and fan speed APIs in the future, I encourage you to file an enhancement request describing your requirements. And if you do file such a request, please post the bug number, just for the record.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Sorry, you are down -2 (at least) on that angle. That library uses private APIs. Even if you didn't need the temporary exception, the automated app scanning might reject your app for using those private APIs. And finally, Apple doesn't publish any SMC keys so there is no guarantee that what you get from that app is going to be correct.

There are some APIs that are public but still fail in the sandbox. But even then, I couldn't recommend trying a temporary exception. Suppose you do a lot of work for this feature and Apple rejects it? Is it worth setting up your own purchase and distribution system? (Hint: due to worldwide consumer laws, global trade laws, EU privacy laws, and tax laws in the EU and a few other places, setting up your own purchase and distribution system is much harder than it appears. It is doable, but it will wind up costing right at 30% of your sales. 😟)

What do you need this information for anyway? The CPU temperature and fan speed market is already well-served with a number of apps. I wouldn't recommend trying to break into that market. You can get this information from analytics in recent versions of macOS. Use the "systemstats" command. It even includes bona-fide fan speed information, but you are still on your own for figuring out which SMC key seems to be providing CPU temperature for your specific machine. There are many possible candidates. But even here, you would need a temporary exception to access sytemstats from the sandbox.

> but you are still on your own for figuring out which SMC key seems to be

> providing CPU temperature for your specific machine.

Apple used to document the sensor keys in their Apple Technician Guides, I imagine they still do that. Of course, you'll probably need to make friends with your local Authorised Apple Repair shop for access.

Apple used to document the sensor keys in their Apple Technician Guides, I imagine they still do that.

Well, that’s an interesting tidbit. Thanks for sharing.

However, I want to be clear that such documentation doesn’t make something a supported API [1]. As a rule, supported APIs are those included in one of our public SDKs.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

[1] That’s one of the reasons why I use the term “supported” rather than “documented”, the other being that many of the APIs that I support aren’t actually documented properly *sniff*