3

I am writing temporary files from a sandboxed app that need to be executable, but they are marked as quarantine despite changing the usual settings.

I've explicitly set LSFileQuarantineEnabled to NO in my app's Info.plist just in case (this is already supposed to be the default) with no change.

Based on a comment at How can I stop my app from setting the "quarantine" bit?, I've also tried adding com.apple.security.files.user-selected.executable = YES to my app's entitlements files but that has no effect either. (The destination files are not "user selected" — maybe that's why not?)

Is there any other configuration that would prevent the system from marking written files as quarantined? Note that my app does not need to pass Apple censorship; I am opting in to the sandbox voluntarily.

Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
natevw
  • 16,807
  • 8
  • 66
  • 90
  • 2
    What APIs does your code use to create the files and mark them executable? In what directory are you creating them? Do the filenames have any particular extension? Does it still happen with a different extension? Does this still happen if you turn off sandboxing? Does calling `[theNSURL setResourceValue:[NSNull null] forKey:NSURLQuarantinePropertiesKey error:NULL]` on the file successfully remove the quarantine attribute? – Ken Thomases May 18 '18 at 01:58
  • @KenThomases Any file I write gets a com.apple.quarantine extended attribute. For example `try! ("testing123" as NSString).write(to: tmpUrl, atomically: true, encoding: String.Encoding.ascii.rawValue)` with `let tmpUrl = URL(fileURLWithPath: NSTemporaryDirectory()).appendingPathComponent("123.test")` then `xattr -l` on `tmpUrl.path` shows it set. – natevw May 23 '18 at 17:40
  • Ever find a solution? – spartygw Jun 11 '19 at 20:10
  • 1
    @spartygw No, I never found a clear cause for this. IIRC the workaround was to remove the attribute after creating a file, perhaps through an un-sandboxed XPC helper. – natevw Jun 11 '19 at 20:27

0 Answers0