I am trying to get the list of printers using NSPrinter.printerNames, but it doesn't return any items. static func getPrinterList() -> [(name: String, isAvailable: Bool)] { let printerNames = NSPrinter.printerNames return printerNames.map { name in let isAvailable = NSPrinter(name: name) != nil return (name: name, isAvailable: isAvailable) } } The printerNames is a empty string array. I checked the settings for printers and screens, and there is a printer device listed. I need to set something else?

I have an Electron app built for macOS, and it was distributed via 'Developer ID' for years, it worked well and I was able to access the photos in the system Photos library. Surely I already have the 'NSPhotoLibraryUsageDescription' key in Info.plist. Recently we are trying to publish this app to Mac App Store, so I have to turn on the sandbox, after that the app starts giving XPC errors while accessing the Photos library. The errors look like: PHAuthorizationStatus: Authorized CoreData: XPC: sendMessage: failed #0 CoreData: XPC: Unable to sendMessage: to server ... CoreData: XPC: sendMessage: failed #7 CoreData: XPC: Unable to connect to server with options { NSPersistentHistoryTrackingKey = 1; NSXPCStoreServerEndpointFactory = "<PLXPCPhotoLibraryStoreEndpointFactory: 0x7fc67e8af370>"; skipModelCheck = 1; } CoreData: XPC: Unable to load metadata: Error Domain=NSCocoaErrorDomain Code=134060 "A Core Data error occurred." UserInfo={Problem=Unable to send to server; failed after 8 attempts.} CoreData: fault: Unable to create token NSXPCConnection. NSXPCStoreServerEndpointFactory 0x7fc67e8af370 -newEndpoint returned nil CoreData: error: Failed to create NSXPCConnection It seems the app could detect the current PHAuthorizationStatus which is Authorized, but it can't fetch the photos from the Photos library (using PhotoKit). I learned from here that I could look for errors from the sandboxd daemon, so I did that, here is what I saw: Sandbox: Picture Keeper(32625) deny(1) mach-lookup com.apple.photos.service Violation: deny(1) mach-lookup com.apple.photos.service Process: Picture Keeper [32625] Path: /Applications/Picture Keeper.app/Contents/MacOS/Picture Keeper Load Address: 0x103bd3000 Identifier: com.simplifieditproducts.picturekeepermas Version: 4575 (4.5.75) Code Type: x86_64 (Native) Parent Process: Picture Keeper [1] Responsible: /Applications/Picture Keeper.app/Contents/MacOS/Picture Keeper User ID: 501 Date/Time: 2024-08-26 16:16:14.645 EDT OS Version: macOS 14.5 (23F79) Release Type: User Report Version: 8 MetaData: {"process_path":["Users","Kevin","Projects","Electron","picturekeeper-electron","dist","picturekeeper","mas-dev","Picture Keeper.app","Contents","MacOS","Picture Keeper"],"apple-internal":false,"primary-filter":"global-name","policy-description":"Sandbox","flags":5,"platform-policy":false,"build":"macOS 14.5 (23F79)","process-path":"\/Applications\/Picture Keeper.app\/Contents\/MacOS\/Picture Keeper","responsible-process-path":"\/Applications\/Picture Keeper.app\/Contents\/MacOS\/Picture Keeper","primary-filter-value":"com.apple.photos.service","platform_binary":"no","responsible-process-signing-id":"com.simplifieditproducts.picturekeepermas","hardware":"Mac","target":"com.apple.photos.service","action":"deny","mach_namespace":1,"checker-pid":1,"container":"\/Users\/Kevin\/Library\/Containers\/com.simplifieditproducts.picturekeepermas\/Data","binary-in-trust-cache":false,"team-id":"LU744924UY","process":"Picture Keeper","global-name":"com.apple.photos.service","platform-binary":false,"pid":32625,"summary":"deny(1) mach-lookup com.apple.photos.service","checker":"launchd","responsible-process-team-id":"xxxxx","operation":"mach-lookup","normalized_target":["com.apple.photos.service"],"errno":1,"uid":501,"profile-flags":0,"profile-in-collection":false,"sandbox_checker":"launchd","signing-id":"com.simplifieditproducts.picturekeepermas","release-type":"User"} I believe I already have the necessary entitlements for the Photos library, see: codesign -d --entitlements - /Applications/Picture\ Keeper.app/Contents/MacOS/Picture\ Keeper [Dict] [Key] com.apple.application-identifier [Value] [String] xxxx.com.simplifieditproducts.picturekeepermas [Key] com.apple.developer.team-identifier [Value] [String] xxxx [Key] com.apple.security.app-sandbox [Value] [Bool] true [Key] com.apple.security.application-groups [Value] [Array] [String] xxxx.com.simplifieditproducts.picturekeepermas [Key] com.apple.security.assets.movies.read-only [Value] [Bool] true [Key] com.apple.security.assets.music.read-only [Value] [Bool] true [Key] com.apple.security.assets.pictures.read-write [Value] [Bool] true [Key] com.apple.security.cs.allow-dyld-environment-variables [Value] [Bool] true [Key] com.apple.security.cs.allow-jit [Value] [Bool] true [Key] com.apple.security.cs.allow-unsigned-executable-memory [Value] [Bool] true [Key] com.apple.security.cs.disable-executable-page-protection [Value] [Bool] true [Key] com.apple.security.cs.disable-library-validation [Value] [Bool] true [Key] com.apple.security.device.usb [Value] [Bool] true [Key] com.apple.security.files.bookmarks.app-scope [Value] [Bool] true [Key] com.apple.security.files.bookmarks.document-scope [Value] [Bool] true [Key] com.apple.security.files.downloads.read-only [Value] [Bool] true [Key] com.apple.security.files.user-selected.read-write [Value] [Bool] true [Key] com.apple.security.network.client [Value] [Bool] true [Key] com.apple.security.network.server [Value] [Bool] true [Key] com.apple.security.personal-information.location [Value] [Bool] true [Key] com.apple.security.personal-information.photos-library [Value] [Bool] true By the way, the Photos library related code was built into a .node file (which is a dylib), and it will be loaded by the main executable during runtime. Anything I missed? Thank you!

We have a cross platform App available on Mac, iOS & soon tvOS. We are adding a new App Group to be used by this app. We also have a as yet unpublished future Mac Catalyst app that will need access to the App Group. The Apple docs suggest prefixing app groups on Mac with the team ID but not on other platforms. We would like to avoid prefixing with the team ID because: my understanding is that Mac Catalyst apps don't use the team ID and we would like to support that use case to communicate between our current cross platform app and the future catalyst app. Having a single code base but different group container IDs per platform means a bunch of extra conditional logic in the project we would rather avoid. So with that context our aim is to have an app group that is named consistently across platforms and meets sandboxing requirements for App Store distribution. However when developing using the non-team prefixed app group name on macOS Sequioa I see the following alert every time I launch the app. I have the App Group listed correctly in the entitlements file and if I change the app group name on macOS from group.com.example to (TEAMID).com.example then it works as expected so I think the rest of the setup is correct. Looking at the Sequoia Beta release notes it states: Specifically, the app must use FileManager to get the app group container path and meet one of the following requirements: the app is deployed through Mac App Store; the app group identifier is prefixed with the app’s Team ID; or the app group identifier is authorised by a provisioning profile embedded within the app. I am using Xcode managed signing and looking at the provisioning profiles I can see that the iOS one includes the app group but the macOS one does not. I assume that if I could somehow get the app group correctly add to the macOS provisioning profile then all would be good. But I am now stuck on how to get the app group added to the macOS provisioning profile. It seems whatever I try Xcode does not want to add it. Presumably this is because it expects you to instead use a team ID prefixed app group which would not need to be added. Is there any magic I can do to make this work with automatic signing? If not then how would I go about setting it up manually and is that the best solution?

We have an app that is published both on iOS and macOS (Catalyst). Now, the iOS app is sharing group containers between app extension and main app target, but it's not sandboxed. The macOS Catalyst app is sandboxed but the group containers were removed a week ago with the latest AppStore submission. We are facing the same issue and still seeing the error message saying "You can only transfer sandboxed apps that are not sharing a group container." when transferring the app. It's not clear why we are having that message as the group containers were removed from the macOS app. Can anyone from Apple give a bit more details what can we do to fix that?

Hi, I'm writing a sandboxed Daemon that I register from my sandboxed application via SMAppService. The registration is successful, and the daemon is called based on logs. However when I'm trying to save a keychain item into the keychain, I see entries like this in the logs: (Security) SecItemAdd [com.apple.securityd:atomicfile] create /Library/Keychains/System.keychain.sb-1c133873-RPL9wo: Operation not permitted [com.apple.securityd:security_exception] UNIX error exception: 1 [com.apple.securityd:security_exception] CSSM Exception: 100001 UNIX[Operation not permitted] [com.apple.securityd:security_exception] CSSM Exception: 100001 UNIX[Operation not permitted] I'm attempting to create the item with the regular SecItemAdd function call: var query: [String: Any] = [ kSecClass as String: kSecClassGenericPassword, kSecAttrLabel as String: "[redacted string]", kSecAttrAccount as String: "[redacted string]", kSecAttrService as String: "[redacted string]", kSecValueData as String: secretData ] SecItemAdd(query as CFDictionary, nil) I'm guessing this is because the System keychain is outside of the sandbox for the daemon. Is there a way to create items for the System Keychain from a sandboxed daemon?

multiprocessing.Queue() method of python getting "PermissionError: [Errno 1] Operation not permitted" error if it is sandboxed: CODE: import multiprocessing tensorflow_coordinates_queue = multiprocessing.Queue() ERROR: ./test_temp9 Traceback (most recent call last): File "/Applications/test_temp9.app/Contents/MacOS/test_temp9.py", line 4, in <module> File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/context.py", line 103, in Queue File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/queues.py", line 43, in __init__ File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/context.py", line 68, in Lock File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/synchronize.py", line 162, in __init__ File "/Applications/test_temp9.app/Contents/MacOS/multiprocessing/synchronize.py", line 57, in __init__ PermissionError: [Errno 1] Operation not permitted BUNDELED WITH NUITKA: echo *** | sudo -S python3.9 -m nuitka --run --standalone --macos-disable-console --macos-create-app-bundle --macos-app-mode=ui-element --enable-plugin=pyside6 --macos-app-icon=icons/app_icon.png --include-data-dir=icons=icons test_temp9.py SIGNED WITH FOLLOWING SH: sign.txt sign2.txt ENTITLEMENTS: app.entitlements.txt

When using the following API, is it expected that the app would require both incoming and outgoing permissions with App Sandbox? public func sendto(_: Int32, _: UnsafeRawPointer!, _: Int, _: Int32, _: UnsafePointer<sockaddr>!, _: socklen_t) -> Int Since I'm only sending UDP broadcasts, I would have expected outgoing to be sufficient. Thanks!

When making a custom System Settings panel, I want the project to automatically move the prefpane file to /Library/PreferencePanes/. With Run Script, the build fails because of denial to perform the operation. Sudo doesn't help, too. PREFPANE_SRC="${BUILT_PRODUCTS_DIR}/App.prefPane" PREFPANE_DST="$HOME/Library/PreferencePanes/" echo "PrefPane source path: $PREFPANE_SRC" echo "PrefPane destination path: $PREFPANE_DST" if [ -d "$PREFPANE_SRC" ]; then echo "Installing preference pane to ${PREFPANE_DST}" cp -R "${PREFPANE_SRC}" "${PREFPANE_DST}" else echo "Preference pane not found: ${PREFPANE_SRC}" exit 1 fi

I'm attempting to create an application that uses a System Extension / Network Extension to implement a PacketTunnelProvider. After creating and configuring the packet device, I want to spawn a child process to do the actual reading and writing of network packets. I want to do this because the child is written in Go (it uses wireguard-go and my company's Go-SDK). When I call posix_spawn from within the System Extension, I get "Operation not permitted" as the error, and sandboxd drops a log with Violation: deny(1) process-exec* /private/var/root/Library/Containers/<my system extension>/Data/Documents/<my-child-binary> Is it possible to execute other processes from within the System Extension sandbox? Do the binaries have to be stored in a particular place, and if so, where? I attempted to build with the App Sandbox removed from the System Extension capabilities, and this seemed to fail before even executing my Network Extension code, so I'm guessing System Extensions are required to be sandboxed, but it would be nice to have that confirmed.

Hi everyone, I'm currently testing my app's subscription feature in the sandbox environment, but I'm encountering an issue where my subscriptions are not appearing in the StoreView. I've implemented the StoreKit configurations and ensured that the product IDs are correctly set up. However, when I try to display the subscriptions in the StoreView, nothing appears. Here are a few details about my setup: I’m using StoreKit to manage auto-renewable subscriptions. The product IDs are correctly registered and match those in App Store Connect. Testing in the sandbox environment. I’ve confirmed that my internet connection is stable, and there are no apparent issues with the request. Despite this, the StoreView remains empty, and I'm unable to see any subscription options. Has anyone else encountered this problem? If so, how did you resolve it? Any help or suggestions would be greatly appreciated! Thanks in advance!

I'm developing an application that uses hardlinks to track certain files created by the app. Initially, before the hardlink is created, the files behave as expected. For example, if the app generates a .number file, I can open and edit it with Numbers without any issues. However, once the hardlink is created, the file appears locked, and Numbers can no longer write to it. Checking the logs in the Console app, I see that Numbers throws an NSCocoaErrorDomain error with code 513. This problem only occurs with sandboxed apps—non-sandboxed apps like Visual Studio Code work fine. I’ve also tried creating the hardlink manually using the ln command in Terminal, but the behavior is the same. I'm currently on a M1 Pro mac running Sonoma 14.2.1. I've also tried on an intel one running Sonoma 14.4 and the behaviour is the exact same. This issue doesn’t occur with symlinks, but my application specifically requires hardlinks, and I haven't been able to find a workaround. Does anyone have any suggestions?

When I was making sandbox payments in the testing environment, I made a normal recharge, but I received multiple purchase callbacks at the same time. Has anyone encountered the same situation? Does this situation only occur in sandbox environments?

Hi, we have quite a headache around wanting to transfer one of our applications to a new Apple Developer Organization. The macOS Application is sandboxed and is bundled with a Safari Extension. The two must be in an App Group in order to share data (as per official Apple documentation). Now this also means, according to this documentation from Apple that this App cannot be transferred, because it has made use of App Groups. If I read correctly online, even if we were to remove this entitlement from the Application, we wouldn't be able to transfer it. Is this all there is to know? I find it rather hard to believe there isn't a workaround for this. Is there maybe a way to transfer the Application and the Safari Extension to the new organization at once, together? I don't mind moving the App Group as well. Can a technical support incident be requested for this type of issue? I'm happy to talk this through with someone from Apple if there is a one-by-one basis (maybe a manual transfer with help from Apple) way to solve this. Why this is a problem, you might ask. First and largest problem is the continuous service for our existing subscribers to the premium version of our application. If we can't move the app, we need to recreate it in the new organization with a new bundle id, new subscription items, everything. I haven't found a straightforward way to move these subscriptions over to another app. I thought about creating an Introductory/Promotional offer, only shown to users with subscriptions in old app. But the length of their subscriptions vary, and offers have a fixed with. Is there anything else I haven't looked at? Thanks in advance!

我创建了一个macos 应用，应用开启了沙盒功能，我有一个shll脚本和一个嵌入的可执行命令行工具位于/Users/Library/Containers/com.***/Data/Library/Application Support/***/下面，用于拷贝工作，我发现我并不能执行成功，总是被拒绝，有人知道原因吗，

macOS application Mulligan's Eagle (403115926) macOS deployment - macOS 10.14 (Mojave) through Sonoma 14.5 macOS targets - Mac App Store, ad hoc direct drag-to-install image Xcode version 15.4, various development Macs (Intel, M1, M2) Eagle delivered since pre-Mac App Store days - derived from System 7 MacApp development. App most recently delivered with min system Mac OS 10.12 through current Sonoma 14.5, dual target for Mac App Store automatically signed with Apple Development credentials and for outside release automatically signed with Developer ID credentials. Recent revisions to the software to bump min system to 10.14 (Mojave) with typical continuing development for tech, reqm'ts, etc. Updates (a couple since previous release) to Xcode - now using version 15.4, which recommended some config changes that made sense, except min system. Popular application with lots of older (uh... elder) users running Macs servicing golfers. The application is ready to distribute with automatic signing, but wasn't able to do so with Developer ID credentials, but Xcode note (and reading of tips in this forum and my poor understanding) managed to submit for notarization - failed. Tried to manually sign... and reviewed signing info in Xcode... So I reviewed Certificate(s) etc. that should have been used when previously signing Dev ID for notarization and release. I have (I think) six Developer ID Application certs and six Developer ID Installer certs and I can't find any combination of those certificates - some with duplicate dates or expirations - that allows me to use one to automatically sign code to notarization or delivery. What do I do? I've lived a peaceful solo developer life for 25 years delivering and signing code for the Mac and as long as iOS has existed. I'm terrified about this issue however... My early Mac OS using customers (since Lion - pre sandbox) still have serial numbers for this software and have bought a Mac every 6 - 10 years so they could get my latest release. We've never required that they re-purchase from the App Store... they have a perpetual license. Sandboxing was a shock they never felt - we kept delivering updates to them and if they decided sandboxing mattered, they purchased from Apple and we included the container-migration entitlement in the App Store version to move their data to the new sandbox. Pretty slick. Until we built an install disk to test it on an unsandboxed version of Eagle in our office. It "lost" its data - vanished by remaining in the old Application Support directory while the new hardened runtime version looked for it in the sandbox - finding nothing. Just imagine encountering that if you're 80 years old running a golf league. How can I "reset" the futzed-up certificate Developer ID mess? I have multiple machines, all with varying subsets of what seem to be good certificates. And Xcode builds new provisioning profiles just for the heck of it, it seems. I'm afraid to revoke or throw out any certificates because I can't tell which ones are good, bad or duplicates - they're all valid. And I can't create any more Developer ID certs because there's a max to control certificate-miscreants like me (yes, I've read Quinn's protection of your Dev ID note - I screwed it up with only 1 employee). I depend on automatic signing because I'm still, after 58 years of coding, just a novice. Is it true that I should still specify in my build settings that I'm using Developer ID credentials for my ad hoc development and distribution schemes? And that the proper settings for those should NOT enable hardened runtime or app sandboxing? Sorry for my intensity here.... It's been 2 weeks since App Review bonked an initial submission with just an "it's broken" reject message, and DTS decided this is not such an emergency that the Developer Forum shouldn't be able to handle it. I'm truly hoping it's so.

Hello macOS gurus, I am writing an AUv3 plug-in and wanted to add support for additional formats such as CLAP and VST3. These plug-ins must reside in an appropriate folder /Library/Audio/Plug-Ins/ or ~/Library/Audio/Plug-Ins/. The typical way these are delivered is with old school installers. I have been experimenting with delivering theses formats in a sandboxed app. I was using the com.apple.security.temporary-exception.files.absolute-path.read-write entitlement to place a symlink in the system folder that points to my CLAP and VST3 plug-ins in the bundle. Everything was working very nicely until I realize that on my Mac I had changed the permissions on these folders from to The problem is that when the folder has the original system permissions, my attempt to place the symlink fails, even with the temporary exception entitlement. Here's the code I'm using with systemPath = "/Library/Audio/Plug-Ins/VST3/" static func symlinkToBundle(fileName: String, fileExt: String, from systemPath: String) throws { guard let bundlePath = Bundle.main.resourcePath?.appending("/\(fileName).\(fileExt)") else { print("File not in bundle") } let fileManager = FileManager.default do { try fileManager.createSymbolicLink(atPath: systemPath, withDestinationPath: bundlePath) } catch { print(error.localizedDescription) } } So the question is ... Is there a way to reliably place this symlink in /Library/... from a sandboxed app using the temporary exception entitlements? I understand there will probably be issues with App Review but for now I am just trying to explore my options. Thanks.

Hello, Currently my macOS application registers itself as a login item in the AppDelegate applicationDidFinishLaunching method (see code below) However, I'm running into a problem that if the user is auto upgraded (internal 3rd party implementation) that the .pkg postinstall script runs, the last step which is launching the GUI application. Because of this, if a user unselects our app as a LoginItem, when it is relaunched, it will add itself back. I have checked the SMAppService statuses (.enabled, .notRegistered, .notFound) and discovered that when a user disables the app as a login item, the status is returned as .notFound. I am trying to find a way to detect if the user previously removed our app from login items and not register the app as a login item back, but for the first time the user opens the app the app is registered as a login item. Would checking if the status is .notRegistered work in this case for a first time install? What should i do differently? func applicationDidFinishLaunching(_ aNotification: Notification) { ... guard !Runtime.isDebug else { self.logger.debug("Detected Xcode host; Skipping installation of helper components.") return } self.logger.info("Setting UI login item") if mainApp.status != .enabled { //old code, incorrect. What should go here? do { try mainApp.register() } catch { logger.error("Failed to initialize UI login item: \(error.localizedDescription)") } } }

Hello, I am using sandbox_init_with_parameter API to enable sandbox on current process. This API returns 0. But when I use sandbox_check to check whether current process is sandboxed, it returns false. It only happens on a few user devices. I am wondering what could be wrong?

I have developed a backup application in Java. In it, users can configure whether they want it to autostart or not. If they do, a plist file is being written to ~/Library/LaunchAgents so that my app starts at login. This works perfectly so far. I've not submitted it to the Mac App Store. But for that, it needed to be sandboxed. And with that, I had to add a "com.apple.security.temporary-exception.files.home-relative-path.read-write=/Library/LaunchAgents/" to my entitlements so that the plist file could still be written to ~/Library/LaunchAgents. However, they do not approve this. Is there another solution to launch my application at login? Must work with sandbox-mode Must work from Java/Shell/... (I found "SMAppService", but this seems only available in Swift/Objective-C)

I have an XPC service that embeds Python. It executes a python script on behalf of the main app. The app and xpc service are sandboxed. All seems to work just fine in the development environment but the script fails in the released version. I disabled writing pycache by setting the PYTHONDONTWRITEBYTECODE environment variable because pycache tries to write inside my app bundle which fails (I believe I can redirect the pycache directory with PYTHONPYCACHEPREFIX and may experiment with that later). Specifically this line fails in the release version only (not from Xcode): PyObject *pModule = PyImport_Import(moduleNameHere); if (pModuleOwnedRef == NULL) { // this is null in release mode only. } Any ideas what can be going wrong? Thanks in advance.