I have a parent app that contains a child app in the bundle. The child app uses applescript to trigger some events in the parent app. Now that I'm preparing for App Store I have sandboxed the apps and I am missing something with the entitlements that I don't understand. In the parent app I have defined the .sdef and I can dump it with sdef /Applications/Parent.app once installed from TestFlight and I see: <!DOCTYPE dictionary SYSTEM "file://localhost/System/Library/DTDs/sdef.dtd"> <dictionary title="Parent">     <suite name="Parent Suite" code="prnt" description="Parent Scripts">         <command name="is_first_run" code="prntisfr" description="Is this the first time running the app?">             <cocoa class="MyScriptInterface"/>         </command>         <command name="activation_complete" code="prntWRac" description="Activation is complete">             <cocoa class="MyScriptInterface"/>         </command>         <command name="sign_out" code="prntWRso" description="Sign out and delete local credentials">             <cocoa class="MyScriptInterface"/>         </command>         <command name="get_version" code="prntgetv">             <cocoa class="MyScriptInterface"/>             <direct-parameter type="text" description="None"/>             <result type="text"/>         </command>     </suite> </dictionary> In the parent app I have the following included in the .plist: <key>NSAppleEventsUsageDescription</key>         <string>AppleEvents needed to communicate between components</string>         <key>NSAppleScriptEnabled</key>         <true/>         <key>OSAScriptingDefinition</key>         <string>Parent.sdef</string> In the Parent entitlements I include the following key parts: <key>com.apple.security.automation.apple-events</key>         <true/> <key>com.apple.security.scripting-targets</key>         <dict>                 <key>com.foo.parent</key>                 <array>                         <string>com.foo.parent.is_first_run</string> <string>com.foo.parent.activation_complete</string>                         <string>com.foo.parent.sign_out</string>                         <string>com.foo.parent.get_version</string>                 </array>                 <key>com.foo.parent.child</key>                 <array>                         <string>com.foo.parent.is_first_run</string>                       <string>com.foo.parent.activation_complete</string>                         <string>com.foo.parent.sign_out</string>                         <string>com.foo.parent.get_version</string>                 </array>         </dict> In the Child app I have only this key: <key>NSAppleScriptEnabled</key>         <true/> And in the Child entitlements I have only this: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict>         <key>com.apple.security.app-sandbox</key>         <true/>         <key>com.apple.security.inherit</key>         <true/> </dict> </plist> I am not getting something. When I install the app and watch Console output I see a combination of errors: For the Parent app: AppleEvents/sandbox: Returning errAEPrivilegeError/-10004 and denying dispatch of event prnt/isfr from process '<private>'/0x0-0x7dccdc5, pid=95806, because it is not entitled to send an AppleEvent to this process. For the Child app from sandboxd: Violation:       deny(1) appleevent-send com.apple.systemevents MetaData: {"platform-binary":false,"build":"macOS 12.3.1 (21E258)","sandbox_checker":"appleeventsd","process-path":"\/Applications\/Parent.app\/Contents\/MacOS\/Child.app\/Contents\/MacOS\/Child","profile-in-collection":false,"platform_binary":"no","primary-filter-value":"com.apple.systemevents","primary-filter":"appleevent-destination","checker":"appleeventsd","platform-policy":false,"policy-description":"Sandbox","summary":"deny(1) appleevent-send com.apple.systemevents","binary-in-trust-cache":false,"responsible-process-team-id":"367******2","target":"com.apple.systemevents","hardware":"Mac","pid":95806,"appleevent-destination":"com.apple.systemevents","flags":5,"responsible-process-signing-id":"com.foo.parent","apple-internal":false,"normalized_target":["com.apple.systemevents"],"checker-pid":359,"profile-flags":0,"operation":"appleevent-send","errno":1,"action":"deny","uid":501,"responsible-process-path":"\/Applications\/Parent.app\/Contents\/MacOS\/Parent","signing-id":"com.foo.parent.child","team-id":"367******2","container":"\/Users\/spartygw\/Library\/Containers\/com.foo.parent\/Data","process":"Child","release-type":"User"}

This seems to be a sandboxing issue but the solution is not so obvious ...  Our sandboxed Audio unit extension requires a permanent folder in which to store a database which can be used by all instances of the AU. Where can we store the database in a directory so that the AU can find it regardless of which host app it's running in ? The AU supports loading in-process. The problem we have is that when the AU is running in-process in a sandboxed host app URLs to the usual directories ( ~documents, shared, app support etc ) all resolve to the sandbox container.   But when the AU is hosted in a non-sandboxed host  ( ie. Logic Pro )  the URLs resolve to the actual user folder.  (~/users/***/documents etc  ) How can the AU automatically obtain a URL that will always resolve to the same place, will be permanent, wont be hidden from the user AND still remain “legal” for distributing in the App Store?   …   thanks!

I've noticed that on Monterey/Big Sur certain system and C++ functions in Logic no longer appear to work on files located outside of /Library/Audio/Plug-Ins/Components. For example, if you try to use std::ifstream on a file outside of the system plugin directory, it simply doesn't work (but still works fine in DAWs like Reaper, Ableton, ect). Certain graphics functions like NSOpenPanel appear to no longer work at all: Logic seems to prevent the window from opening, but still allows pop-up windows like CFUserNotificationDisplayAlert to display. Again, in other DAWs this all works fine. Has anyone noticed this, and if so, what's going on here? Is this the intended behavior for Logic now? It's not a huge deal, but some users like to install or place the sample directories of my plugins on different hard drives and things like that, and it seems like this is maybe no longer possible if they are using Logic? Tested in Logic 10.7.3 Monterey 12.3. Older AU SDK, but doubtful that's what has caused this.

We have a sandboxed Network Extension. Now we need to use /dev/auditpipe and this obviously doesn't work unless I turn sandboxing off. Is there a "temporary" exception entitlement for this kind of access? com.apple.security.temporary-exception.files.absolute-path.read-only and com.apple.security.temporary-exception.files.absolute-path.read-write have no effect on /dev/, apparently.

I have a document-based app. Whenever I'm publishing a new version on App Store, and even when setting a new build number, my app completely loses the recent files list. I'm accessing the list using recentDocumentURLs, but the recent documents are also lost from the File -> Recent files menu. This started happening when I started building my app on Monterey. When built in Big Sur, this doesn't happen. I'm guessing this is not a feature, because other apps don't seem to behave this way when downloading a new update. I'm guessing something has changed in sandboxing or somewhere else, and I'm missing it?

Hi, We have trouble with uploading our app to the App Store connect. The screenshot shown below is the error that appears while uploading, The error says that the app sandbox is not enabled. But the sandbox has been enabled in the targets as well as in the entitlements of both app and helper app bundle. The path [(“com.magnima.airpoint.pkg/Payload/MagnimaAirPoint.app/Contents/Library/Loginltems/ APHelper.app/Contents/MacOS/APHelper” in the error seems to be of the function SMLoginSetEnabled (https://developer.apple.com/documentation/servicemanagement/1501557-smloginitemsetenabled?language=objc#parameters) which we have used in the app to launch the same at login as per user consent. The previous version of the app had this feature and was uploaded and submitted to App Store successfully.  Does it have any dependency with making the app compatible also for silicon based macOS also? Are there any additional settings that needs to be enabled? It would be great if we could get a solution for this.

Hello. I have an application that consists of two parts: Python (the main app, which works as a server) and Electron ("helper" app, which works as a UI). I plan to submit it to the App Store, so it's sandboxed. Right now, I'm testing the sandboxed development-signed build, and I have a problem with it. Some info about the entitlements and signing: The Python app is packaged with Py2App (I heard that it's the only possible way to package a Python app for the App Store). The Python app has com.apple.security.network.client, com.apple.security.network.server, and sandbox entitlements, I sign it using the Mac Development certificate. The Electron app is packaged with electron-builder and signed with electron-osx-sign (Mac Development certificate, as well). The Electron app has standard entitlements, I just added the sandbox and security.inherit to its entitlements. I have generated the development provision profile and embedded it into the app's bundle. Yes, I know that this architecture is a bad choice for the macOS/App Store, I'm aware of it. The project is 99% done, and it's just easier for me to somehow overcome this issue, rather than rewriting everything from zero to Swift/Obj-C. So, when the user clicks on the .APP, this is what happens: the Python app starts, it creates the server, and finally, launches the Electron. The problem begins here: the Electron successfully starts but fails to load the server's URL. I tried to open my server's URL in Chrome and everything works fine. So this problem is related to the Electron or maybe entitlements. I also tried to load any other webpages, like google.com, and it still doesn't work, I get the exact same error. When I load the page (like calling the app.loadURL or changing the window.location.href), these messages get printed out in the Console: default 13:36:40.749975 +0200 trustd cert[2]: AnchorTrusted =(leaf)[force]> 0 default 13:36:42.903489 +0200 symptomsd rssi (-49) or transmitRate (145.000000) changed on interface en1 for BSSID:b0:95:75:21:bc:d8 default 13:36:50.909786 +0200 symptomsd rssi (-50) or transmitRate (145.000000) changed on interface en1 for BSSID:b0:95:75:21:bc:d8 default 13:36:51.321708 +0200 trustd could not enable test hierarchy: no UAT pinning preferences set I googled this "no UAT pinning preferences set", and didn't find anything useful. These messages are always the same, it doesn't matter if I try to open a localhost page or google.com. I also tried using "fetch" in the Electron's app console, it outputs this error: >>> await fetch("https://google.com") ---> VM123:1 GET https://google.com/ net::ERR_NAME_NOT_RESOLVED ---> VM123:2 Uncaught TypeError: Failed to fetch ---> at <anonymous>:1:7  I think that this issue is somehow related to security.inherit entitlement. Maybe when I launch the Electron, Python's entitlements don't get passed to the Electron? So, Electron doesn't inherit the "com.apple.security.network.client" entitlement and has no right to load any web pages, am I right? If yes, then how should I properly launch the Electron? Currently, I tried using the "open" command and an AppleScript, the error stays the same in any case. Here are the commands I used: Open: open "MyPythonApp.app/Contents/MacOS/MyElectronApp.app" AppleScript: osascript -e "tell application \"MyPythonApp.app/Contents/MacOS/MyElectronApp.app\" to activate" I sign the Python app with these entitlements: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CFBundleIdentifier</key> <string>com.abtco.myquickmaclite</string> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.network.server</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.files.downloads.read-write</key> <true/> <key>com.apple.security.assets.pictures.read-write</key> <true/> <key>com.apple.security.assets.music.read-write</key> <true/> <key>com.apple.security.assets.movies.read-write</key> <true/> </dict> </plist> And the Electron app with these ones: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.inherit</key> <true/> </dict> </plist> Mac Mini 2012 (macOS 10.13.6) Python 3.9.1 Electron 16.0.5 Thank you.

The best way to view sandbox violation reports has changed over the years, so I thought I’d post some up-to-date info. I tested the following with Xcode 13.3 on macOS 12.2. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Viewing Sandbox Violation Reports After enabling the App Sandbox, you may find that your app fails in some non-obvious way. That is, something within your app doesn’t work, but your app doesn’t display a permissions error and so you have no idea where to start. If you find yourself in that situation, look for a sandbox violation report: Run the Console app. For each line below, copy the line and paste it in to the search box at the top right. type:error subsystem:com.apple.sandbox.reporting category:violation This searches for sandbox violation reports. Note The exact query terms have changed over time. The above is accurate from macOS 12.2. Click the Save button in the bar below the search box and enter a name for your saved search. I typically use “Sandbox” for this. In future, click on this saved search to skip the previous step. Click “Start streaming”. Run your app and reproduce the problem. Look for a sandbox violation report in the log. If you see one, follow the steps below to investigate. Inside a Sandbox Violation report A sandbox violation report log entry looks like this: type: error time: 11:58:26.009175+0000 process: sandboxd subsystem: com.apple.sandbox.reporting category: violation message: Sandbox: AppSandboxViolat(5807) deny(1) file-read-data /Users/quinn/.ssh/id_rsa The message includes a complete sandbox violation report. That’s too big to include here, so I’ve added it as a text attachment. sandbox-violation-report.txt Look at the Violation field first: Violation: deny(1) file-read-data /Users/quinn/.ssh/id_rsa This means that the App Sandbox blocked an attempt to read the data of the file at the path /Users/quinn/.ssh/id_rsa. Next look at the thread backtraces. It’s normally pretty easy to identify the thread responsible for the violation: It’s the one blocked in a system call that could reasonably trigger this violation. For example: Thread 0 (id: 291952): 0 libsystem_kernel.dylib … __open + 10 1 Foundation … _NSReadBytesFromFileWithExtendedAttributes + 167 2 Foundation … -[NSData(NSData) initWithContentsOfFile:options:maxLength:error:] + 119 3 libswiftFoundation.dylib … NSData.__allocating_init(contentsOf:options:) + 77 4 libswiftFoundation.dylib … Data.init(contentsOf:options:) + 76 5 AppSandboxViolator … ViewController.violateAction(_:) + 1507 (ViewController.swift:25) 6 AppSandboxViolator … @objc ViewController.violateAction(_:) + 65 (<compiler-generated>:0) 7 AppKit … -[NSApplication(NSResponder) sendAction:to:from:] + 288 … Here you see that AppKit has called the ViewController.violateAction(_:) method (frame 6) which has tried to created a Data value from the contents of a file (frame 5) which has eventually called open (frame 0), which is what triggered the violation. Using this information, investigate and fix your sandbox incompatibility. No Sandbox Violation Report It’s possible that you might not see a sandbox violation report even though the problem is caused by the App Sandbox. For example, imagine you have code like this: let url: URL = … some file URL … let data: Data if access(url.path, R_OK) == 0 { data = try Data(contentsOf: url) } else { data = Data() } The access system call never triggers a sandbox violation report. If the App Sandbox blocks access to url, this code will not fail, not generate a sandbox violation report, and set data to empty. IMPORTANT Preflighting file system calls is racy and, in the worse case, can result in TOCTTOU vulnerabilities. Avoid writing code like this. Debugging problems like this can be tricky.

Hi, I am developing a Final Cut Pro workflow extension. I would like to upload a Final Cut Pro video with the extension. As far as I understand both the macOS app and the extension are sandboxed and the user doesn't have a direct access to the Final Cut Pro folders. Here there is a described way to receive media through a custom share destination. So far I have been able to parse the XML describing the video after dragging the video from FCP and dropping it in the extension. I have the URL of the video but no access to it - permissions denied. Can I programmatically acquire access to the folder/ file in question? Or have the user allow access at the beginning and use it later? Or should I use custom shared destination for that purpose? Thank you in advance!

Now, I have created an extension via the fileprovider template and adopts fileprovider protocols. But when i download a file, the system throws the error: "Couldn't communicate with helper application". From the system log i can see that the fetch-content failed with such error: ┳139b4 ‼️ done executing <FP2 ‼️ fetch-content(a file 1) why:materialization|itemChangedRemotely sched:userInitiated.1647482996.810533#1647482996.810533 error:<NSError: Cocoa 4101 "Couldn't communicate with helper application." Underlying={NSError: POSIX 2 "couldn't issue sandbox extension com.apple.app-sandbox.read-write for '/f/db641e9a04e144c6b320': No such file or directory" }}>> Any advise would be appreciated, thanks!

I am performing some tests that involves the app extension and an external app connected through XPC I get the following when I try to connect to an external app from the safari app extension with sandbox enabled connection to service named "com.test.sample"was invalidated: failed at lookup with error 159 - Sandbox restriction." UserInfo={NSDebugDescription=The connection to service named com.test.sample was invalidated: failed at lookup with error 159 - Sandbox restriction. I have tried: Disabling the sandbox for the app extension target Adding the entitlements file path in the test target Both of which still give me the same result. How can I proceed with this? Does the entitlement for the sandbox only work when Safari is running the appex?

Call to bind() is failing in my Cocoa app project but not in a commandline tool project (with same exact networking code). No sandbox Catalina (with SIP disabled, but solution will need to work on machines with SIP enabled) App transport settings wide open (this is a client-only setting though AFAIK) sandboxd says "deny(1) network-bind*:32323" When I copy the code to a commandline project, it works. 1 - If the app is not sandboxed, why is there a sandbox error in the log? 2 - Is there something else I need to add to Info.plist for binding to a network port (and other related server functionality) from a Cocoa app?

I've got an app with a quicklook generator bundled within it. The app opens port 42222 for localhost queries. The quicklook generator fails to connect to the socket. The log shows these 2 sandbox errors: Sandbox: 1 duplicate report for java deny(1) file-read-data /private/etc/hosts Sandbox: ExternalQuickLoo(1253) deny(1) network-outbound*:42222 ... which is weird because the app isn't sandboxed: % codesign -d --entitlements :- /Applications/Test.app                                                          Executable=/Applications/Test.app/Contents/MacOS/Test The same code functions correctly when executed from a separate app running on the same machine (rather than from the generator). Any idea why the quicklook generator isn't able to connect to a localhost socket? ... or why sandbox rules are being applied to a non-sandbox app?

Dear all, we are developing a File Provider Extension that synchronises files and folders across devices using our custom upload/download server. We have noticed that every file written in the temp folder of the extension have the quarantine flag set, thus avoiding any app or executable to be launched from the folder itself. Specifically in each file we see those Quarantine Keys: ["LSQuarantineIsOwnedByCurrentUser": 1, "LSQuarantineTimeStamp": 2022-03-03 16:30:54 +0000, "LSQuarantineAgentName": XXXXX, "LSQuarantineType": LSQuarantineTypeSandboxed] We also tried the following: LSFileQuarantineEnabled = NO in the info.plist com.apple.security.files.user-selected.executable = true in the entitlements (in the main app and extension target) We tried in the application to use the following swift code: var resourcevalues = URLResourceValues() resourcevalues.quarantineProperties = nil try self.setResourceValues(resourcevalues) We didn't get any error using the code above, but the quarantine flag is still present. All without success. Only using this command everything works sudo xattr -dr com.apple.quarantine path/to/AppOrExecutable which, of course, is not feasible. Any help on this?

Crazy question, but it came from a friend now working at a different company and I wanted to make sure I'm not telling him the wrong thing. I said "no," but I'm not 100% sure and I can't find anything online about it. He wants to take his own sandboxed build and disable sandboxing/notarization/codesigning on it (POSTFACTO) for testing some issue he's working on. I spent a half hour on the phone trying to understand why, but I still don't get it. Crazy or not, it's an interesting question, so I thought I'd float it here.