General: DevForums tag: App Sandbox App Sandbox documentation App Sandbox Design Guide documentation — This is no longer available from Apple. There’s still some info in there that isn’t covered by the current docs but, with the latest updates, it’s pretty minimal (r. 110052019). Still, if you’re curious, you can consult an old copy [1]. App Sandbox Temporary Exception Entitlements archived documentation — To better understand the role of temporary exception entitlements, see this post. Embedding a Command-Line Tool in a Sandboxed App documentation Discovering and diagnosing App Sandbox violations (replaces the Viewing Sandbox Violation Reports DevForums post) Resolving App Sandbox Inheritance Problems DevForums post Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" [1] For example, this one archived by the Wayback Machine.

Hey! Having a bit of an issue while trying to setup a sandbox account. The service replies with HTTP 502 after 10 seconds of loading. Is the service down? [https://appstoreconnect.apple.com/sandbox/v2/account/create)

Hi! I'm trying to set up a test account in the App Connect Sandbox for testing payments and I'm getting this error: "Something Went Wrong. Try again later." Steps to repro: Login to App Store Connect Go to Users and Access Go to Sandbox Go to Test Accounts - Note: I see the same error here before even starting to add an account Click Add Test Account button Fill out form Click Create button Result: I receive the "Something Went Wrong. Try again later." error with no test account created. Expected result: A test account created that I can use to test payment flows in the sandbox before submitting app for review. Any help here would be awesome so we can test before we submit this app! 🙏

When I navigate via either Safari or Chrome (from my MacBook) to: https://appstoreconnect.apple.com/access/users/sandbox I get the red error message at the top of the page: "Something went wrong. Try again later". Using the browser debugger, I see that the error is a 502 Bad Gateway error. Sometimes, I can view my Test Accounts, but over the last couple of days, I get the "Something went wrong..." error just about every time I attempt to access the Test Users. If I am lucky enough to load my list of test users and then attempt to modify one of them, the Save operation fails with (you guessed it) 502 Bad Gateway. I'm relatively new here, so if I've missed something and there is a crucial step that I need to do to get some work done, please enlighten me. This has worked in the past but is failing pretty consistently now. Super frustrating.

I am creating a new macOS application that requires access to files outside of the sandbox. It needs to be docked in a silent state and packaged using the Electron Builder application. I have configured the relevant permissions as com.apple.security.memory-exception.files.absolute path.read-only, It can be accessed normally in the local version of mas dev. The configuration parameters are as follows: <key>com.apple.security.temporary-exception.files.absolute-path.read-only</key> <array> <string>/Volumes/NO NAME/</string> <string>/Volumes/NO NAME 1/</string> <string>/Volumes/NO NAME 2/</string> </array> But during the review period of the app store, some people said it was not of legal value. The following is the original statement: Your application is not properly sandboxed, or it contains one or more rights with invalid values. Before resubmitting the new binary file, please review the included rights and sandbox documentation and resolve this issue. com.apple.security.temporary-exception.files.absolute-path.read-only True If there is a com.apple.security.memory-exception.files.absolute path.read-only authorization, will the app store accept it? What do I need to do to access it?

我们正在创建一个新的 macOS 应用程序，该应用程序需要访问沙盒之外的文件。它需要以静默状态停靠并使用 Electron Builder 应用程序进行打包。我已将相关权限配置为 com.apple.security.memory-exception.files.absolute path.read-only ， 它可以在 mas dev 的本地版本中正常访问。配置参数如下： com.apple.security.temporary-exception.files.absolute-path.read-only /Volumes/NO NAME/ /Volumes/NO NAME 1/ <字符串>/卷/无名称 2/</字符串> </阵列> 但在应用商店审查期间，有人说它不是法律价值。以下为声明原文： 您的应用未正确实现沙盒，或者它包含一个或多个具有无效值的权利。在重新提交新的二进制文件之前，请查看包含的权利和沙盒文档并解决此问题。 com.apple.security.temporary-exception.files.absolute-path.read-only True 如果存在 com.apple.security.memory-exception.files.absolute path.read-only 授权，应用商店会接受它吗？我需要做些什么才能访问它？

I have an app in the App Store that doesn't need to be sandboxed (it's been in the MAS since 2010, before sandboxing became mandatory for new apps). I have run into an obscure bug that ONLY appears when the app was installed by TestFlight, but not when I run the same executable from before the upload (taken from the very same archive). I suspect it's a bug around the installed receipt or is codesign related, because that's the only things I am aware of that would be changed between my upload and the re-download via TestFlight. To debug this, I have built a small test project that I want to submit to DTS, demonstrating the bug in a clear and direct manner. But when I try to upload it, even for "internal testing" only, the upload gets rejected automatically because it's missing the App Sandbox entitlement. However, if I add the entitlement, then my app won't work, so I cannot enable it. Hence I need to get an exception from App Review so that they allow me test app being uploaded without the sandbox entitlement. I know that's possible because otherwise I'd not be able to upload my regular application, which I did just the other day. How do I get this resolved? Would a member of the App Store team please contact me? The Apple ID for the test project is: 410006334. Or, alternatively, you can also use the newer 6503298614 (I tried the other in hopes it would be allowed not to be sandboxed because I had created it long ago, but that didn't work out).

I know that system /tmp and $TMPDIR are cleaned periodically and on reboot, but what about /tmp directory inside app containers? Because it looks like on macOS Sonoma it is not cleaned automatically and I was wondering if it is by design? And what should I do about it? Should I delete these files manually for existing users or is it possible to somehow nudge macOS into doing it?

Hello, I'm trying to determine if my application is not releasing all security scoped resources and I'm curious if there's a way to view the count of all currently accessed URLs. I am balancing all startAccessingSecurityScopedResource calls that return true with a stopAccessingSecurityScopedResource, but sometimes my application is unresponsive when my mac wakes from sleep. Console logs indicate some Sandboxing issues. Unresponsiveness is resolved by a force-quit and restart of the application. I'd like to try and observe what's going on with the number of Security Scoped resources to get to the bottom of this. Is it possible?

I have the following situation: My SwiftUI App for macOS is using App Sandbox and is currently configured for read/write access for all the locations selectable in XCode I have added a file selector using a button and NSOpenPanel() to let the user select a folder containing a database file, to which I successfully get permissions using URL.bookmarkData() and URL.startAccessingSecurityScopedResource() I then try to read file paths from the database file and open those but I instantly get a permission error without a permission dialog/prompt appearing In my test I am using paths to files in my iCloud Drive folder I added all file/folder related usage string entries to the Info.plist for testing I think this is weird, since I can paste one of those file:// URLs from the database into a (non-Safari) browser and it shows the native permission dialog/prompt before downloading the file as expected. Is there any usage string that's not shown in the Info.plist Dropdown in XCode that I need to add to my app in order for this to work?

My App Store Connect's Sandbox Testers' page gave me the error message "Something went wrong. Try again later" today. It hasn't been resolved yet. I got the same error when adding a new sandbox tester. This is important for testing In-App-Purchase

For scheduling purpose our Mac application using crontab terminal commands, which are working fine when sandbox is not enabled. For submitting the application to Appstore, we enabled the sandbox option and after that Crontab commands are not working. Getting the error messages as, /bin/sh: /usr/bin/crontab: Operation not permitted. Could you please guide us how to use the crontab commands when sandbox option enabled.

I need help, when I run code without a sandbox it works well. however, when I enabled it, it gave me (Thread 3: "launch path not accessible")! How can I fix that? let task = Process() task.launchPath = "/Users/alielzieny/Documents/TerrierSectraFix/TerrierSectraFix/Frameworks/python3" task.arguments = ["/Users/alielzieny/Documents/TerrierSectraFix/TerrierSectraFix/SectraFix.py", selectedDirectoryURL.path, destinationDirectoryURL.path] let pipe = Pipe() task.standardOutput = pipe task.launch() task.waitUntilExit() let data = pipe.fileHandleForReading.readDataToEndOfFile() if let output = String(data: data, encoding: .utf8) { print(output) }

I am working on an App and I am in the process of adding Syphon support. Syphon uses CFMessagePort for IPC and passing of FrameBuffer data (MTLTexture) between apps - and is widely used in the professional video app and video production space. What I have noticed is that when the App is built as a Sandbox app, during the Syphon initialization, I see the following error message in the log: *** CFMessagePort: bootstrap_register(): failed 1100 (0x44c) 'Permission denied', port = 0x8703, name = 'info.v002.Syphon.D2499DBD-93AE-4CEA-B21F-FF356DCC069D' See /usr/include/servers/bootstrap_defs.h for the error codes. Syphon uses the "info.v002.Syphon.UUID" naming convention to identify IPC Syphon servers, so I don't think I can use the App Groups naming convention for Sandbox support. I have a very simple example app on github that publishes SpriteKit frames as a Syphon Server. To see the issue, simply enable App Sandbox for the build, and run the app. You should see the error message in the log and no data appears in any Syphon Client (I use Syphon Recorder for testing - available at syphon.github . io I am looking for other options to enable CFMessagePorts on a Sandbox App.

We've developed a macOS application that helps users manage other applications. This includes features like resizing applications through our application. However, this functionality works fine before integrating the sandbox, but stops working afterward. In essence, our application is unable to resize other applications after being sandboxed. Any guidance on how to achieve this functionality within the sandbox restrictions would be greatly appreciated. Thank you in advance for your assistance.

My Xcode workspace contains build settings for a macOS, iOS, and tvOS application. My Sandbox macOS app builds just fine and works great - and is on the App Store. I am in the process of creating a new build / branch of this app that is not Sandboxed so that I can add IPC (Syphon support) - as I don't think I can use App Groups to enable CFMessage support (which Syphon requires) because Syphon (third party framework) - uses its own naming convention for the ports. Anyway, sandbox support for a Syphon app is a topic for another day (it's actually quite disappointing that I can't release a Syphon version on the App Store). The trouble I am having, is that even afer deleting the App Sandbox entitlement from my project, my App still seems to be running in the App Sandbox, and I can't figure out how to remove the App Sandbox entitlement completely. What I am seeing, is that even after deleting the App Sandbox entitlement (using the project settings and deleting it in the "Signing and Capabilities" tab (and also checking the entitlements file manually to doubly make sure it is gone) - I am still seeing the following error message: *** CFMessagePort: bootstrap_register(): failed 1100 (0x44c) 'Permission denied', port = 0x8703, name = 'info.v002.Syphon.332143F7-0916-428A-A88A-59B752F95304' See /usr/include/servers/bootstrap_defs.h for the error codes. It is also saving my Application Support data in the ~/Library/Containers folder, and not in ~/Library/ApplicationSupport What step am I missing?

Hi everyone, first-time caller, long-ti... wait, no, I just got here. :) I am relatively new to all things Apple, so apologies in advance if it takes me a few goes to properly explain things. We have a framework, which includes an API, an XPC service, etc, and we have a device driver. We also have some sample apps that use the framework, and if they have the app sandbox capability, then we expect them to use the XPC Service instead of accessing our driver directly. This works fine on Monterey and presumably has worked fine on all previous versions of MacOS. Something seems to have changed on Ventura, and we don't understand what. When we build the same app on Ventura, it appears to be in the sandbox (according to the Sandbox column in Activity Monitor), but in the Console there is this line (twice): default <time> <OurAppName> Revoking sandbox extension; key = 0 Which we suspect is linked to the fact that the app then does not use the XPC Service, and instead accesses the driver directly, much to our surprise. Software built on developer's machines is "Automatically managed" and "Signed to Run Locally" in case that matters. Do we need to change our code to support Ventura and onward? Or is it a bizarre bug? Oh, I should say that I'm running the latest version of Ventura (13.6.7 as of writing) but not the latest Xcode (14.2 (14C18)) and CLI tools... can't remember how to find that version... Apple clang version 14.0.0 (clang-1400.0.29.202). Any help would be appreciated, thanks. Jeremy

We have trying to programmatically send data to Final Cut Pro by using Apple Event as decribed in Sending Data Programmatically to Final Cut Pro : tell application "Final Cut Pro" activate open POSIX file "/Users/JohnDoe/Documents/UberMAM/MyEvents.fcpxml" end tell This works fine in Script Editor but we run into problems when trying to do the same in our macOS app. We found interesting information in Workflow Extensions SDK 1.0.2 Release Notes.pdf. A) Hardened runtime has "Apple Events Enabled" checked. B) Info.plist contains NSAppleEventsUsageDescription: <key>NSAppleEventsUsageDescription</key> <string>Test string</string> C) We added following entitlements: <key>com.apple.security.scripting-targets</key> <dict> <key>com.apple.FinalCut</key> <array> <string>com.apple.FinalCut.library.inspection</string> </array> <key>com.apple.FinalCutTrial</key> <array> <string>com.apple.FinalCut.library.inspection</string> </array> </dict> <key>com.apple.security.automation.apple-events</key> <true/> With this configuration in place, our app is able to call AppleScript to activate Final Cut Pro application but it is unable to open the file. Following error is returned: Error executing AppleScript: { NSAppleScriptErrorAppName = "Final Cut Pro Trial"; NSAppleScriptErrorBriefMessage = "A privilege violation occurred."; NSAppleScriptErrorMessage = "Final Cut Pro Trial got an error: A privilege violation occurred."; NSAppleScriptErrorNumber = "-10004"; NSAppleScriptErrorRange = "NSRange: {56, 64}"; } Also there is no prompt asking user to allow Automation from our app to Final Cut. I am not sure whether the prompt is to be expected when developing an application in Xcode. Our current workaround is to add (or even replace com.apple.security.scripting-targets with): com.apple.security.temporary-exception.apple-events entitlement like this <key>com.apple.security.temporary-exception.apple-events</key> <array> <key>com.apple.FinalCutTrial</key> </array> However while this approach might work in development we know this would probably prevent us from publishing the app to Mac App Store. I think we are missing something obvious. Could you help? :-)

this is an email I have sent to Apple with no luck: Dear Apple Developer Support Team, I am writing to seek urgent assistance with a persistent issue I have been encountering with Xcode. For several months now, every time I connect my iPhone to Xcode for development purposes, it automatically overwrites the user data of my apps with an old, seemingly random container. This issue is severely impacting my ability to continue development, as I cannot test new changes effectively. This occurs since a few months in every iOS and Xcode/macOS Version. I tried it with different Apps and Devices. Sometimes the entire Container (Documents) gets read only access so no new data can be created or changed by the user. I frequently used the replace container feature on Xcode so maybe this has something to do with it. This problem persists despite numerous attempts to resolve it on my end. I am at a critical point in my development timeline, and it is crucial for me to resolve this as soon as possible. Could you please advise on the next steps I should take to address this issue? If there are any logs or further information you require, I am more than willing to provide them. Thank you for your attention to this matter. I look forward to your prompt response and hope for a resolution soon. Best regards, Victor Lobe

Hi there! I am trying to build a macOS app using Electron. There is a feature on the app that depends on a http server to run locally. This Server was built using Java. Both the compiled server and the Java Runtime Environment were bundled in the build. To start the server I use NodeJS's child_process.spawn, pointing the bundled JRE's executable and the server implementation. The issue I am facing is that the Java Virtual Machine is not starting. It returns the following error message: Error: Port Library failed to initialize: -1 Error: Could not create the Java Virtual Machine. Error: A fatal exception has occurred. Program will exit. Both the JRE and the server are located in Contents directory, in a subdirectory I have created for them. Here are the app's entitlements: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.application-groups</key> <string>REDACTED</string> <key>com.apple.application-identifier</key> <string>REDACTED</string> <key>com.apple.developer.team-identifier</key> <string>REDACTED</string> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> <key>com.apple.security.cs.disable-executable-page-protection</key> <true/> <key>com.apple.security.cs.disable-library-validation</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> <key>com.apple.security.device.microphone</key> <true/> <key>com.apple.security.device.audio-input</key> <true/> <key>com.apple.security.device.camera</key> <true/> <key>com.apple.security.print</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.temporary-exception.files.absolute-path.read-write</key> <true/> </dict> </plist> Here the entitlements inherit: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.inherit</key> <true/> </dict> </plist> Is there any missing step to allow the spawning of this process?

I am going through the list of ways to check if my app is given Full Disk Access (FDA) or not. Out of which only one method is supported by apple. @note The only supported way to check if an application is properly TCC authorized for Full Disk Access * is to call es_new_client and handling ES_NEW_CLIENT_RESULT_ERR_NOT_PERMITTED in a way appropriate * to your application. I have implemented this method using EndpointSecurity and calling it from a root process as required. But when I disable System Integrity Protection (SIP) and call it, it succeeds without FDA. No error is thrown. Then I tested, in our app both EndpointSecurity and protected folder access (like Documents folder) functionalities are working fine even without FDA when SIP is disabled. Now my questions are When SIP disabled, does every app has FDA access by default?. Is there any use case that still needs FDA access when SIP is off?. Is there any way to check for FDA permission given or not whenever SIP is off, since above method won't work in that case?.