0

I am having a self compiled binary in my sandboxed application. On user request I run the command. It tries to create a file on a volume and fails with permission denied.

The app is sandboxed and a security scope bookmark for file:/// is created and valid. When run from terminal the command works, sudo is not necessary.

let task = Process()
task.launchPath = Bundle.main.url(forResource: "f3write", withExtension: nil)
task.arguments = ["/Volume/SDCard"]
task.launch()

I am piping the commands output:

Free space: 28.64 GB
Creating file 1.h2w ... 
f3write: Can't create file /Volumes/SDCard/1.h2w: Operation not permitted
Asperi
  • 228,894
  • 20
  • 464
  • 690
Volker
  • 4,640
  • 1
  • 23
  • 31
  • 1
    You have no write permission for `file:///`, not even in a non-sandboxed environment. And creating a security scoped bookmark for the entire file system is actually a misuse of the functionality with regard to *security*. – vadian Jan 10 '21 at 18:09
  • Thx, I understand that it is a misuse, I was testing with that and had considered it to be useful to have a Macintosh HD bookmark. But that was exactly the culprit. When setting the bookmark to the mounted sd card it works. Can you make an answer so I can check it answered? – Volker Jan 10 '21 at 19:07

1 Answers1

0

As mentioned in the comments the security scope bookmark to file:/// is not just misuse but also does not grant write access to folders within the file volume structure.

If I add a bookmark for /Volumes/SDCard before running the f3write command from within my app, no error is shown and the command runs well.

Volker
  • 4,640
  • 1
  • 23
  • 31