Are Apple Mail Plugin Bundles sandboxed?

Question

I am writing some code running inside Apple Mail, via the known method of user built bundles.

I've found that many filesystem locations seem to be unaccessible for my code running inside Mail.app. For example, trying to do a simple fopen call to access a file in the current user directory, or even trying to read files in /tmp with all-access permissions (chmod 777), will fail with ERRNO set to 1 (Operation not permitted).

However, filesystem I/O from within plugin bundle is successful with NSTemporaryDirectoryprovided path.

I'm fairly new to the Apple development world, so my question is if those limitations are enforced by the operating system for some kind of bundles, by Apple Mail program or simply i'm doing the wrong things such as potentially mixing process and filesystem permissions.

Thank you very much.

Answer 1

I don't know about mail plugins, but sandboxed apps, such as mail are completely contained and can't access files outside of the container without the user selecting the file(s) from a dialog, handled by one of the Apple frameworks. The exception is if is part of an entitlement specified by the application, such as being able to access the user's music or photos directory.

According to Apple's documentation: -

If it is the sandbox blocking the plugin, you'll likely see an entry in the Console app which is coming from the daemon sandboxd.

I would expect that NSTemporaryDirectory is working because it will be designed to work with Sandboxed apps and will supply a valid location.

It may be worthwhile for you to read the Apple Sandbox Design Guide