[7268:372225] Failed to create an FPSandboxingURLWrapper for file:///Users/####/Downloads/mod##06-9-19.pdf. Error: Error Domain=NSPOSIXErrorDomain Code=1 "couldn't issue sandbox extension com.apple.app-sandbox.read-write for 'file:///Users/####/Downloads/mod##06-9-19.pdf' PS- Used ### to hide info I am facing an error with apple sandbox in my dot NET MAUI project here is the entitlements file I don't know Why I'm getting the in my understanding with user-selected.read-write it should work

Though I cannot find any documentation, it seems that UIPasteboard cannot be used from a Quick Look Preview app extension. I have such an extension, which contains a view that supports copying text as follows: - (IBAction)copy:(nullable id)sender { UIPasteboard * pboard = UIPasteboard.generalPasteboard; pboard.string = _rep.text; } This is invoked from a context menu (edit menu) item. This works fine In the simulator, but on device the pasteboard remains empty and errors like the following are emitted: -[PBServerConnection pasteboardWithName:createIfNeeded:authenticationBlock:dataOwnerBlock:error:] failed with error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.pasteboard.pasted was invalidated: failed at lookup with error 159 - Sandbox restriction." UserInfo={NSDebugDescription=The connection to service named com.apple.pasteboard.pasted was invalidated: failed at lookup with error 159 - Sandbox restriction.} It's unclear to me why such functionality would be problematic and necessary to block. It would be nice if this were documented clearly, as I wasted a lot of time trying to figure out why this was not working. (And no, I have not filed a feedback report or TSI yet, as I'm presently very short on time, and I don't have a sample project prepared to demonstrate the issue.)

If I drag something into my SwiftUI Mac app the .dropDestination gets an array of URLs that I can do with what I want. If I use .fileImporter to get an identical array of URLs I should wrap start/stop securityScopedResource() calls around each URL before I do anything with it. Can anyone explain the logic behind that? Is there some reason I'm not seeing? It is especially annoying in that the requirement for security scoping also doesn't exist if I use an NSOpenPanel instead of .fileImporter.

Hello 👋, I am quite new in the Apple development world, so please forgive me if I am saying something wrong. I am working on a macOs application which aims to act mainly as an assistive window switcher. In order to do so it leverages on AXUIElementCopyAttributeValues and AXUIElementCopyAttributeValue, especially the former to retrieve other application's window titles and the latter to set and focus a target main window. I read online, according to Apple Store guidelines, that app to be accepted in App Store must be sandboxed. And as I read in several forums there may not be a way to use accessibility features within sandbox. So, first question, based on this I would like to know if there is a way to achieve the same without accessibility features? Currently the only thing which does not work is the permission prompt, but an user may also enable Accessibility permissions under Privacy & Security for a certain app. May the app pass the review process, supposing no prompt will be requested to the user, but a "Getting started" will inform and guide the user to set the permissions? Thanks in advance 🙏

Am I calling this right? host_priv_t hostPriv = 0; int err = host_get_host_priv_port(mach_host_self(), &hostPriv); err = host_processors(hostPriv, &processorList, &processorCount); host_get_host_priv_port above returns 4 "(os/kern) invalid argument". Tried with App Sandbox enabled and disabled.

Hello Fellow Developers, I'm reaching out for insights or solutions to a challenge we're encountering with our sync client application, particularly related to maintaining user folder access permissions across app sessions and system restarts. In our application, we leverage the openFileDialog to enable users to select a folder for file downloads and synchronization. To ensure smooth access on subsequent app launches, we save a security bookmark of the chosen folder. This is crucial for our app to function without repeatedly asking for user permissions, thereby enhancing the user experience. However, we've hit a snag where the security bookmark expires after a few days or upon a system restart, leading to a less than ideal scenario where users are prompted for reauthorization through a FileDialog. This repetitive process is not the seamless experience we aim to provide. To address permissions and security, we are currently using two entitlements: com.apple.security.files.bookmarks.document-scope com.apple.security.files.bookmarks.app-scope Despite these, we still face the bookmark expiration issue. We're seeking advice on whether there are other entitlements or methods we should consider to maintain persistent access to the selected folder without the security bookmark expiring. Our goal is to reduce or eliminate the need for users to repeatedly grant access, ensuring a seamless and efficient user experience. Has anyone faced a similar challenge or can offer guidance on additional entitlements or strategies to achieve persistent folder access? Any suggestions, alternative approaches, or insights would be greatly appreciated. We're keen on exploring all possible solutions to enhance our application's functionality and user satisfaction. Thank you for your time and assistance. I look forward to any advice or discussions this community can offer.

I've developed a crypto token kit extension using the Xcode template. I've successfully added the certificate and its corresponding private key to the keychain. However, when attempting to sign with this certificate, I need to call a command-line interface (CLI) that I've created. The CLI is located at ~/Applications/mycli/cli_executable. My issue arises because the extension is sandboxed, prohibiting direct communication with the CLI. I attempted to remove the sandbox, but that didn't resolve the problem (the extension wasn't being registered without the app sandboxed). Additionally, the CLI relies on a database, so simply copying the file to the app container folder isn't a feasible solution (unless it's a symlink – I'm unsure if this is possible). How can I effectively address this problem and enable communication between the sandboxed extension and my CLI (GoLang app)? Thank you.

Is it possible to read messages from chat.db inside a MacOS app? I'm developing a MacOS app, I'm able to successfully connect to ~/Library/Messages/chat.db but when I try to run a query I get Error preparing select: authorization denied I know other apps like TablePlus are able to read chat.db but these apps are outside of iOS. Thanks in advance!

I am implementing parental control app via python 3.9 for macOS. Therefore I want to use launch agent to keep my application always alive (app reopened automatically after reboot pc and protected against to be closed via activity monitor.) I want to give keep alive enabling and disabling option to parents that they can deactivate or activate it in the app GUI. I achieved to keep alive my app standalone signed app without sandboxing(or via Terminal command) but if I sign it with sandbox then I get following error for "launchctl load" and "launchctl bootstrap" commands which are executed in the application "Load failed: 5: Input/output error" My steps without Sandbox which works fine: 1- Create a com.test_gui.macos.plist file under /Library/LaunchAgents with following content: `<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>KeepAlive</key> <true/> <key>Label</key> <string>test_gui</string> <key>ProgramArguments</key> <array> <string>open</string> <string>-g</string> <string>-a</string> <string>/Applications/test_gui.app</string> </array> </dict> </plist>` 2- create a python file for launch agent activation (I know either launchctl load or bootstrap should be used but I used both of them to test both.): import subprocess cmd = "launchctl enable gui/501/test_gui" response = subprocess.call(cmd, shell=True) time.sleep(2) cmd = "launchctl load -w /Library/LaunchAgents/com.test_gui.macos.plist" response = subprocess.call(cmd, shell=True) time.sleep(2) cmd = "launchctl bootstrap system /Library/LaunchAgents/com.test_gui.macos.plist" response = subprocess.call(cmd, shell=True) time.sleep(50) 3- Create standalone app via nutika: python3.9 -m nuitka --run --standalone --macos-disable-console --macos-create-app-bundle \--macos-app-mode=ui-element --enable-plugin=pyside6 --macos-app-icon=/Users/emre/Documents/MrProtect/icons/app_icon.png \--include-data-dir=icons=icons test_gui.py 4-Create a .sh file to sign app without sandboxing: #!/bin/sh APP_PATH="/Users/emre/Documents/tests/Deployment/test_gui.app" SIGNING_IDENTITY_APP="Apple Development: Emre Guenay (***)" PASSWORD="***" codesign -s "$SIGNING_IDENTITY_APP" -f \ "$APP_PATH/Contents/MacOS/Python" codesign -s "$SIGNING_IDENTITY_APP" -f \ "$APP_PATH/Contents/MacOS/test_gui" exit 0 5-execute sh file and see following output: /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/Python: replacing existing signature /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/test_gui: replacing existing signature 6-copy paste signed standalone app(without sandbox) file under /Applications/ 7-execute app and try to close app via activity monitor and observe that the app is reopened automatically. so the launch agent works fine Failed Steps(Sign the same app with sandbox and observe that both launchctl load and bootstrap returns "Load failed: 5: Input/output error") 8- create an app.entitlements file with following content: \<?xml version="1.0" encoding="UTF-8"?\> \<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"\> \<plist version="1.0"\> \<dict\> \<key\>com.apple.security.app-sandbox\</key\> \<true/\> \</dict\> \</plist\> 9-Create a .sh file to sign app with sandboxing: #!/bin/sh # APP_PATH="/Users/emre/Documents/tests/Deployment/test_gui.app" SIGNING_IDENTITY_APP="Apple Development: Emre Guenay (***)" PASSWORD="***" codesign -s "$SIGNING_IDENTITY_APP" -f \ \--entitlements app.entitlements \ "$APP_PATH/Contents/MacOS/Python" codesign -s "$SIGNING_IDENTITY_APP" -f \ \--entitlements app.entitlements \ "$APP_PATH/Contents/MacOS/test_gui" exit 0 10-execute sh file and see following output: /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/Python: replacing existing signature /Users/emre/Documents/MrProtect/tests/Deployment/test_gui.app/Contents/MacOS/test_gui: replacing existing signature 11-execute app and try to close app via activity monitor and observe that the app is closed although app started the launch agent. 12-you can re-execute app under /Applications/test_gui.app/Contents/MacOS folder with "./test_gui" or even with sudo "sudo ./test_gui" commands you would see following error message for both launchctl load and bootstrap returns: "Load failed: 5: Input/output error". So if you close the app, it will not be re-opened Moreover console tool launchd.log output shows also (1: Operation not permitted) error for launchctl load and bootstrap commands My questions: 1-Is there any other method different than launch agent for keep alive? I researched it in internet but I could not find any other method unfortunately. Moreover launch agent is not user friendly anyway, with the reason that sandboxed apps cannot copy paste any files under LaunchAgents folder automatically. I am planning to provide my plist file to users that they can copy paste the file themself into launch agent folder out of sandbox. 2-How can i get rid of "Load failed: 5: Input/output error", thereby I can proceed at least with lanuchctl? What I have tried additionally: 1-I have also tried to use these linux commands, before executing my sandboxed standalone app file: sudo -S chown 600 /Library/LaunchAgents/com.test_gui.macos.plist sudo -S chown root:wheel /Library/LaunchAgents/com.test_gui.macos.plist 2-I have already given security fulldisk access to my test_gui app, but it also did not work My Requirements: Nuitka: 1.9rc5 Commercial: None Python: 3.9.12 (v3.9.12:b28265d7e6, Mar 23 2022, 18:22:40) Flavor: CPython Official Executable: /Library/Frameworks/Python.framework/Versions/3.9/bin/python3.9 OS: Darwin Arch: x86_64 Version C compiler: /usr/bin/clang (clang). macOS Sonoma: 14.2.1

Why is "fork" prohibited in sandboxed apps?

I am trying to run a simple bash script from within swift. Eventually it should call a python script, but for now, I am just trying to get it to echo hello. The script is included in the bundle and also included in the targets. The script is called from the QLExtension. The script is correctly found, but I get an error: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" let scriptPath = Bundle.main.path(forResource: "run_local", ofType: "sh") if scriptPath == nil { print("script not found or other error") return nil } let process = Process() process.executableURL = URL(fileURLWithPath: "/bin/bash") process.arguments = [scriptPath!] do { try process.run() process.waitUntilExit() } catch { print("Failed to run the script: \(error)") } The script, run_local.sh is included in the bundle and is just #!/bin/bash echo "hi" > /dev/null Is this possible? Are there any particular entitlements that I need in order for this to work? Everything else works with this app; this is the only error. -- The reason I am building this: I use google drive to synchronize files locally. A number of those files do not have a local representation. Google "stores" those files locally using a text file with a document ID (one would open something like docs.google.com/docs/) I want to be able to preview the google drive files using quicklook One very simple way to do this is to fetch the google drive files (using google drive API) at preview time. I have a python script that can do this and wanted to hook it up to the QLExtension for preview Another option is to keep a separate service running (I would use python) that keeps a local copy of all the synchronized google files. (But then I'll probably need to connect to a local sql database or similar that tells the swift extension the local file math: i.e., effectively a mapping from ID => local_file_path. But perhaps access of this kind to a SQL database is allowed?)

有用户反馈有些APP引导弹窗多次弹出，经过埋点日志观察发现，这些用户保存在钥匙串中的openudid，沙盒数据，甚至网络请求的cookie都突然丢失了，然后后续几次重启后可能这些数据又都恢复了，感觉非常不可思议，代码上看不出有任何问题，有大神帮忙解答下吗？

Hi, I would love to disable app sandbox completely, because my music application requires extended filesystem permissions. Like reading configuration files from $HOME and enabling services through sockets. The UI toolkit I am using endorses IPC mechanism. cheers, Joël

I have a sandboxed app in /Applications. I'm attempting to shoot a problem with LLDB, so I cd to /Applications/app-name/Contents/MacOS and do lldb programname. However, once I fire it off with "r" it dies instantly with: error: process exited with status -1 (lost connection) Should this work? Should I try signing the lldb executable? Thanks!

I've been trying to submit an application made with the Electron framework (electronjs.org) to the Mac Apple Store, but when launched an alert dialog appears with the text: "App Name Helper (Renderer)" differs from previously opened versions. Are you sure you want to open it? Opening "App Name Helper (Renderer)" will allow it to access data from previously used versions of "App Name Helper (Renderer)". ...this is preventing my Mac App Store submission. I've looked at troubleshooting information related to Gatekeeper and entitlements, etc. but I have not been able to determine which Apple subsystem (App Sandbox? Gatekeeper?) this particular alert comes from so I can possibly carve out an exception for it, or otherwise figure out how to fix it. "App Name Helper (Renderer)" is an agent process. Checking the App Store build results in: > spctl -a -t exec -vvv App\ Name.app/Contents/Frameworks/App\ Name\ Helper\ \(Renderer\).app App Name.app/Contents/Frameworks/App Name Helper (Renderer).app: rejected origin=Apple Distribution: Kevin Hughes (MYTEAMID) ...for App Store submission, is it expected that all agent processes should be signed with the Apple Distribution certificate? And is it OK that nothing is notarized before submission? If everything should be notarized, which certificate should be used? Does the App Store verification process check for this kind of thing regarding agent processes? Should it? Note that I can build, install, launch, and fully execute an Apple Developer ID-signed and notarized binary with a hardened runtime (and Apple Development profile) myself on my local machine as well as other macOS Sonoma 14.3.1 systems without any issues. The entitlements for my App Store build are: <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.assets.movies.read-only</key> <true/> <key>com.apple.security.assets.music.read-only</key> <true/> <key>com.apple.security.assets.pictures.read-only</key> <true/> <key>com.apple.security.automation.apple-events</key> <true/> <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.security.cs.debugger</key> <true/> <key>com.apple.security.cs.disable-executable-page-protection</key> <true/> <key>com.apple.security.cs.disable-library-validation</key> <true/> <key>com.apple.security.files.downloads.read-only</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.network.client</key> <true/>