1

I am having an issue with my App Sandbox entitlements.

My Mac OS app allows a user to open an XML file. When that file is parsed it reads a image file in the same directory as XML file.

If App Sandbox is False, the image loads just fine. If App Sandbox is True, the image fails to load. (The XML file is still read)

The App Sandbox must be True to push to the App Store.

I have tried

com.apple.security.files.user-selected.read-write = TRUE
com.apple.security.temporary-exception.files.home-relative-path.read-only = TRUE
com.apple.security.temporary-exception.files.absolute-path.read-only = TRUE

I pulled this information from Apple’s documentation: Apples Entitlement Doc

Is there a way that I can read both files? Anyone else encounter something like this?

Additionally, the two files can be anywhere the user would normally save a file. Including, Network Drives.

CodeSmile
  • 64,284
  • 20
  • 132
  • 217
user-44651
  • 3,924
  • 6
  • 41
  • 87
  • I don't understand your question at all. Or is it just me as a dumb? What does an XML file that the user selects have to do with an image file? What does reading an image file mean? Accessing the image file and then what? What purpose are you playing with those temparary-exception entitlements for? – El Tomato Feb 21 '14 at 02:38
  • The user will open an XML file. The XML file has a corresponding image. It's sprite sheet and its atlas file. I can read the XML file and Image fine without App Sandbox. If that is turned on, I can only read the XML file. – user-44651 Feb 21 '14 at 02:47

2 Answers2

1

com.apple.security.files.user-selected.read-write = TRUE

this is a Boolean value and it's OK, the XML representation in the entitlements file is:

<key>com.apple.security.files.user-selected.read-write</key>
<true/>

the other 2 entitlements are not Boolean, but arrays of strings. So the correct way to represent it in the entitlements file is:

<key>com.apple.security.temporary-exception.files.home-relative-path.read-only</key>
<array>
    <string>example/local/path1/</string>
    <string>example/local/path2/</string>
</array>
<key>com.apple.security.temporary-exception.files.absolute-path.read-only</key>
<array>
    <string>/usr/local/bin/</string>
    <string>/usr/local/lib/</string>
</array>
Giuseppe Amato
  • 71
  • 3
0

No. In order for the file to be read, it must be:

  • In a world readable location, or
  • In a folder that can enabled in the entitlement preferences, i.e Downloads folder, or
  • Manually opened or saved to by the user using an NSOpenPanel after which it can optionally be
  • Stored as a security scoped bookmark, after which it can be accessed freely. See here.
SevenBits
  • 2,836
  • 1
  • 20
  • 33
  • Ugh. So my best option would be to bypass the Mac App Store all together? My user may save to places thats not directly in the standard folders. – user-44651 Feb 21 '14 at 02:15
  • Not necessarily. You can modify your code to use security scoped bookmarks, using something like an `NSDictionary` or Core Data to associate a file path to its security scoped bookmark, and then save that data to a file in your app's container or `NSUserDefaults` to be rejuvenated at the app's next run. – SevenBits Feb 21 '14 at 02:18
  • Yikes. That seems a little involved. Know of any tutorials? – user-44651 Feb 21 '14 at 02:20
  • Well, keep in mind that security scoped bookmarks remain valid after a file is moved at least, saving some work. For tutorials, there's [here](http://cocoaintheshell.com/2012/09/saving-sandboxing/) and [here](http://blog.tatamisoftware.com/post/63394628163/security-scoped-bookmarks) and I've written some [open source code using them](https://github.com/SevenBits/Mac-Linux-USB-Loader/tree/rewrite). – SevenBits Feb 21 '14 at 02:23
  • Nice! I appreciate the help. I'll check them all out. – user-44651 Feb 21 '14 at 02:28