Call to bind() is failing in my Cocoa app project but not in a commandline tool project (with same exact networking code). No sandbox Catalina (with SIP disabled, but solution will need to work on machines with SIP enabled) App transport settings wide open (this is a client-only setting though AFAIK) sandboxd says "deny(1) network-bind*:32323" When I copy the code to a commandline project, it works. 1 - If the app is not sandboxed, why is there a sandbox error in the log? 2 - Is there something else I need to add to Info.plist for binding to a network port (and other related server functionality) from a Cocoa app?

Dear all, we are developing a File Provider Extension that synchronises files and folders across devices using our custom upload/download server. We have noticed that every file written in the temp folder of the extension have the quarantine flag set, thus avoiding any app or executable to be launched from the folder itself. Specifically in each file we see those Quarantine Keys: ["LSQuarantineIsOwnedByCurrentUser": 1, "LSQuarantineTimeStamp": 2022-03-03 16:30:54 +0000, "LSQuarantineAgentName": XXXXX, "LSQuarantineType": LSQuarantineTypeSandboxed] We also tried the following: LSFileQuarantineEnabled = NO in the info.plist com.apple.security.files.user-selected.executable = true in the entitlements (in the main app and extension target) We tried in the application to use the following swift code: var resourcevalues = URLResourceValues() resourcevalues.quarantineProperties = nil try self.setResourceValues(resourcevalues) We didn't get any error using the code above, but the quarantine flag is still present. All without success. Only using this command everything works sudo xattr -dr com.apple.quarantine path/to/AppOrExecutable which, of course, is not feasible. Any help on this?

Crazy question, but it came from a friend now working at a different company and I wanted to make sure I'm not telling him the wrong thing. I said "no," but I'm not 100% sure and I can't find anything online about it. He wants to take his own sandboxed build and disable sandboxing/notarization/codesigning on it (POSTFACTO) for testing some issue he's working on. I spent a half hour on the phone trying to understand why, but I still don't get it. Crazy or not, it's an interesting question, so I thought I'd float it here.

Hi there! I published an auto clicker app on the Mac App Store about 7 months ago with no issue. However, I just submitted a new update and was binary rejected for the following reason: "Your app uses public APIs in an unapproved manner, which does not comply with guideline 2.5.1 of the App Store Review Guidelines. Specifically, the app uses Accessibility to keep the mouse active, which is not the intended use of the Accessibility API." I'm currently using a CGEvent.post() to click automatically, and this requires Accessibility permissions to work. Is there an approved, official way to programmatically click for users? There are tons of auto clickers on the Mac App Store, so I'm a little confused as to why I'm being rejected now. Thank you so much! Here's the code snippet that actually clicks the mouse: if AXIsProcessTrusted() == true { var ml = NSEvent.mouseLocation ml.y = NSHeight(NSScreen.screens[0].frame) - ml.y var location = CGPoint(x: ml.x, y: ml.y) var downClick = CGEvent(mouseEventSource: nil, mouseType: mouseTypeDown, mouseCursorPosition: location, mouseButton: mouseButton)! var upClick = CGEvent(mouseEventSource: nil, mouseType: mouseTypeUp, mouseCursorPosition: location, mouseButton: mouseButton)! downClick.post(tap: .cghidEventTap) upClick.post(tap: .cghidEventTap) }

A similar form of this question has been asked a few times on this forum, but the answers varied a lot, and things have changed since previous posts.* My application is inside the 'App Sandbox', I want to communicate with another application which is not inside the sandbox at all. The non-sandboxed application has an IPC file which is present in the following location: /var/folders/0x/h5vjdg1s1gb3s__gfr5mmx040000gn/T/discord-ipc-0 cbyrne@Conors-Air in ~ ❯ echo $TMPDIR /var/folders/0x/h5vjdg1s1gb3s__gfr5mmx040000gn/T/ My application can't see that file, and when I try to give it permission to see that file by using the NSOpenPanel dialog, swift-nio is unable to establish a connection to the socket: connect(descriptor:addr:size:): Operation not permitted (errno: 1) However, if I let my app out of the 'App Sandbox': <key>com.apple.security.app-sandbox</key> <false/> It works fine, and my app is able to communicate with the non-sandboxed app. So, can sandboxed apps not communicate with other non-sandboxed apps via IPC at all?

I have build a python app by pyinstaller for Mac OS. The app run correctly and I can sign and send to App Store. As Appstore requires to sandbox the app, I put sandbox option in my app.entitlements but sandboxing the app crashes the app with "hardware illegal instruction". I tried many options in my app.entitlements and no way to avoid the crash. Send may hours , fed up do not find valuable information, please advise.

I'm getting a sandbox_extension_issue_file error [1: Operation not permitted] from ScopedBookmarkAgent while trying to resolve a successfully created security-scoped bookmark via URL(resolvingBookmarkData:options:relativeTo:bookmarkDataIsStale:) which then produces the error Error Domain=NSCocoaErrorDomain Code=256 "Couldn't issue sandbox extension for the resolved URL" The error only occurs for files under a dedicated folder /System/Volumes/Data/Test and not for files and folders under, e.g., /Users/... From what I understand, everything at /System/Volumes/Data/ and below should be accessible for the user. I've made sure that the Test folder has read and write permissions for the current user and changed ownership of the folder to username:staff, where username denotes my local user name. This happens both under macOS Big Sur 11.6.2 and macOS Monterey 12.1. Any help is much appreciated!

I'm writing an app for the macOS App Store in C++/QT with now some mixed in Objective C, and I'm currently trying to add the following functionality : Create an album in the Apple Photos app, then add some videos to it given their id (videos that are already in the library, not importing videos). For this, I've written the hybrid C++/Objective C function: char *Obj_C::obj_C_addMediaToAlbum(char *albumName, char *mediaId) { NSString *objAlbumName = [NSString stringWithUTF8String: albumName]; NSString *mediaIdS = [NSString stringWithUTF8String: mediaId]; NSString *source = [NSString stringWithFormat:@"tell application \"Photos\"\n" @" set selMedia to (get media items whose id contains \"%@\")\n" @" if not (album \"Trash from %@\" exists) then\n" @" make new album named \"Trash from %@\"\n" @" end if\n" @" add selMedia to album \"Trash from %@\"\n" @"end tell", mediaIdS, objAlbumName, objAlbumName, objAlbumName]; NSDictionary *errorDictionary; NSAppleScript *script = [[NSAppleScript alloc] initWithSource:source]; NSAppleEventDescriptor *resultDesc = [script executeAndReturnError:&errorDictionary]; NSString *returnString = @OBJ_C_SUCCESS_STRING; if ( resultDesc ) { // was successful return (char *)[returnString UTF8String]; } else{ returnString = [NSString stringWithFormat:@"%@", errorDictionary]; return (char *)[returnString UTF8String]; } } I've added the following elements to my entitlements file, after looking at the Photos.sdef file which describes the scripting targets available for the Photos app: <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.automation.apple-events</key> <true/> <key>com.apple.security.scripting-targets</key> <dict> <key>com.apple.Photos</key> <array> <string>com.apple.Photos.library.read-write</string> <string>com.apple.Photos.spotlight</string> </array> </dict> </dict> </plist> And the following to my .plist file as I read somewhere it's necessary: <key>NSAppleEventsUsageDescription</key> <string>The app uses events to control Apple Photos, to help you identify duplicates within you library.</string> When I run this outside the sandbox, it runs fine. However, if I attempt inside the sandbox, I get the error AppleEvents/sandbox: Returning errAEPrivilegeError/-10004 and denying dispatch of event core/getd from process '<private>'/0x0-0x130f30e, pid=63826, because it is not entitled to send an AppleEvent to this process. when looking in the console and the output from my function is : { NSAppleScriptErrorAppName = Photos; NSAppleScriptErrorBriefMessage = "A privilege violation occurred."; NSAppleScriptErrorMessage = "Photos got an error: A privilege violation occurred."; NSAppleScriptErrorNumber = "-10004"; NSAppleScriptErrorRange = "NSRange: {51, 68}"; } I also get the same error if instead of the whole complex AppScript command, I only give the command : "tell application \"Photos\" to make new album named \"Test album\", so it doesn't seem to come from one element of the script itself. **I don't understand: what am I missing to make it work correctly ? ** NB: If instead I use com.apple.security.temporary-exception.apple-events with my entitlements file being : <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.automation.apple-events</key> <true/> <key>com.apple.security.temporary-exception.apple-events</key> <array> <string>com.apple.Photos</string> </array> </dict> </plist> It then works, but it doesn't seem the safe way to do it nor the approved way to do it from my understanding of the temporary exception being intended to be replaced by the scripting targets when available, and they are available for the Photos app...

I'm having issues signing my electron mac app. I'm trying to upload the pkg to MacStore, but I get rejected by them as the software appears to be done by an unknown developer. I have my Developer Id Certificate and everything (I guess) is required. After building and notarizing my app (I received the confirmation from Apple that the notarizing was successful I get the following information when running those commands: codesign -dvv dist/mas/app-1.1.9.pkg Executable=/Users/user/Documents/Development/app/electron-app/dist/mas/App-1.1.9.pkg Identifier=MyCompany-1 Format=generic CodeDirectory v=20200 size=172 flags=0x10000(runtime) hashes=1+2 location=embedded Signature size=9059 Authority=Developer ID Application: MyCompany Inc (xxxxxxxx) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=23 Dec 2021 09:43:58 Info.plist=not bound TeamIdentifier=xxxxxxx Sealed Resources=none Internal requirements count=1 size=172 spctl -vvv --assess --type exec dist/mas/electron-app-1.1.9.pkg dist/mas/electron-app-1.1.9.pkg: rejected source=Unnotarized Developer ID origin=Developer ID Application: MyCompany Inc (xxxxxx) pkgutil --check-signature dist/mas/app-1.1.9.pkg Package "app-1.1.9.pkg": Status: signed by a developer certificate issued by Apple (Development) Certificate Chain: 1. 3rd Party Mac Developer Installer: MyCompany Inc (xxxxxx) Expires: 2022-12-06 02:39:58 +0000 ------------------------------------------------------------------------ 2. Apple Worldwide Developer Relations Certification Authority Expires: 2030-02-20 00:00:00 +0000 ------------------------------------------------------------------------ 3. Apple Root CA Expires: 2035-02-09 21:40:36 +0000 Besides that, I'm able to upload the app through Transporter, but the Apple reviewer get the error saying that the developer is unknown.

I've just bought a new MacBook Pro M1, and restored everything from my old Intel MacBook Pro using a Time Machine backup. It was a pretty smooth process, a few glitches such as needing to re-download certain apps to get the M1 version (e.g. Android Studio). One thing that I've noticed, and I don't know whether this is a Monterey thing or an M1 thing but as part of my day-to-day development work, I maintain various .sh files for building projects on different platforms. I have found that as soon as I edit and save an existing .sh file using TextEdit, it then sets the quarantine bit on the file and prevents it running from inside Zsh: zsh: operation not permitted: ./test.sh xattr yields the following: xattr ./test.sh  com.apple.TextEncoding com.apple.lastuseddate#PS com.apple.macl com.apple.metadata:kMDLabel_pjtfm5adga5rvjv2xmgkyqjwmq com.apple.quarantine This is incredibly annoying and I can't believe it is by design - this is not a file that has been downloaded from the Internet, it's my own file. Why can't I edit it using TextEdit? I do not get the same problem when I edit and save using Sublime Text, as one example, so what's with TextEdit doing that?

Hi, I'm trying to build a CLI Tool using Swift to access a usb device I'm developing. I would like to enable the App Sandbox - USB Entitlement for the tool. But as soon as I enable it and run the app in Xcode the app stops at a breakpoint on the main thread even though I didn't set any breakpoint: libsystem_secinit.dylib`_libsecinit_appsandbox.cold.5:   0x192b730d4 <+0>: pacibsp    0x192b730d8 <+4>: sub  sp, sp, #0x30       ; =0x30    0x192b730dc <+8>: stp  x20, x19, [sp, #0x10]   0x192b730e0 <+12>: stp  x29, x30, [sp, #0x20]   0x192b730e4 <+16>: add  x29, sp, #0x20      ; =0x20    0x192b730e8 <+20>: mov  x19, x2   0x192b730ec <+24>: mov  x20, x0   0x192b730f0 <+28>: str  x1, [sp]   0x192b730f4 <+32>: adrp  x2, 0   0x192b730f8 <+36>: add  x2, x2, #0xf22      ; =0xf22    0x192b730fc <+40>: mov  w1, #0x800   0x192b73100 <+44>: bl   0x192b73580        ; symbol stub for: snprintf   0x192b73104 <+48>: adrp  x8, 346125   0x192b73108 <+52>: add  x8, x8, #0x690      ; =0x690    0x192b7310c <+56>: stp  x20, x19, [x8]> 0x192b73110 <+60>: brk  #0x1 I'm running Xcode 12. This is reproducible simple by creating a new command line project and enabling the sandbox.

Hello I'm trying to make one of our internal app compliant with App Store rules for public release. The app is a custom Firefox launcher, that will be used to easily manage Firefox profile. Which mean part of the code will start Firefox with specifics args. And that's the part that does not fit well in the sandbox. What's the correct way to refactor the following code to be sandbox compatible?      let command = Process()     command.executableURL = URL(fileURLWithPath: "/usr/bin/open")     command.arguments = ["-n", "-a", "/Applications/Firefox.app", "--args", "--no-remote", "-P", name]     try? command.run() Right now with this code, Firefox open, but behave improperly, like if it was started from my own sandbox and could not load the selected profile. If I switch to NSWorkspace, the behavior is the same.

I'm working on a macOS app that I want to give "Full Disk Access". When I run from Xcode, I get "permission denied" errors when reading a file in my home directory. What can I do so that I can run and debug from Xcode? I dragged the binary from the derived data folder to the System Preferences list for Full Disk Access, but that seems to do nothing.

Hi, I've built everything natively for arm64, the M1 doesnt have Rosetta 2 installed. The app runs fine when started from the terminal. I am packaging the .app exactly the same way as for x86_64 but it refuses to launch on an M1 mac. I see "You do not have permission to open the application 'APPNAME'" when trying to open the app. I've tried when both codesigned and not codesigned (both work on x86 dev machine). In Console.app I see: LAUNCH: Runningboard launch of com.mydomain.myapp private returned RBSRequestErrorFailed, error Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x600007803450 {Error Domain=NSPOSIXErrorDomain Code=111 "Unknown error: 111" UserInfo={NSLocalizedDescription=Launchd job spawn failed with error: 111}}}, so returning -10826 The app launches using shell scripts, I've tried to modify the plist to launch the executable directly to see whether it was the issue, but it didnt change anything. The way its starting makes me think it doesnt even try to launch the executable and that its failing right away when looking at something in the package, but I have no idea what it could be. I've been at this for hours, any help would be appreciated. Cheers

I want to unit test my iOS app running on my M1 machine. The tests generate snapshots and I'd like to be able to save them on the host machine running the tests but I can't seem to come up with a good way to do it. I tried saving to the sandbox and using a post action in Xcode to just copy the files from the sandbox to where I need them to be. Unfortunately I have no idea how to reliably retrieve the sandbox url from the iOS app. Instead of the bundle id it seems to use some random UUID for the sandbox identifier (e.g. /Users/[USERNAME]/Library/Containers/D354FAB7-AEA9-4351-BE46-648BF0D13357/Data/Documents/) and I have no idea where that's coming from. I also can't seem to opt out of the sandbox (which I figured but still). I can't use NSOpenPanel or any user-driven interaction for getting a system shared folder to save anything to since it's all supposed to be automated. Any ideas of what I'm missing or what else I might try?

Is it possible to read the files from a DMG from a sandboxed app? I have tried using hdiutil using Process but always run in to the error "hdiutil: attach failed - Device not configured". I am running hdiutil attach -verbose -debug -mountroot /path/to/mount/ /path/to/dmg.dmg where both the mount root and DMG file have been chosen via an NSOpenPanel and support writing by the application. I have also tried moving the DMG to a directory within the app's storage (as returned via FileManager.default.urls(for:in:)) and mounting it within the same directory but get the same error. The full output is: fileURL file:///path/to/dmg.dmg directoryURL file:///path/to/mount/ calling DIHLDiskImageAttach with debug: true image-options: quiet: false mount-type: in drive-options: main-url: file:///path/to/dmg.dmg mount-point: file:///path/to/mount/ verbose: true agent: hdiutil 2020-07-28 17:24:35.848455+0100 hdiutil[15701:1369864] DIHLDiskImageAttach: input dictionary { agent = hdiutil; debug = 1; "drive-options" = { }; "image-options" = { }; "main-url" = "file:///path/to/dmg.dmg"; "mount-point" = "file:///path/to/mount/"; "mount-type" = in; quiet = 0; verbose = 1; } 2020-07-28 17:24:35.848677+0100 hdiutil[15701:1369864] DIHLDiskImageAttach: disabling legacy image format attach 2020-07-28 17:24:35.848700+0100 hdiutil[15701:1369864] DIHLDiskImageAttach: newImagekeys = { "legacy-disabled" = 1; } 2020-07-28 17:24:35.848729+0100 hdiutil[15701:1369864] DIHLDiskImageAttach: creating DIHelperProxy 2020-07-28 17:24:35.848769+0100 hdiutil[15701:1369864] with dictionary: { agent = hdiutil; debug = 1; "drive-options" = {length = 42, bytes = 0x62706c69 73743030 d0080000 00000000 ... 00000000 00000009 }; "image-options" = {length = 65, bytes = 0x62706c69 73743030 d101025f 100f6c65 ... 00000000 0000001e }; "main-url" = "file:///path/to/dmg.dmg"; "mount-point" = "file:///path/to/mount/"; "mount-type" = in; operation = DIHelperAttach; quiet = 0; verbose = 1; } 2020-07-28 17:24:35.848787+0100 hdiutil[15701:1369864] [DIHelperProxy alloc] 2020-07-28 17:24:35.848815+0100 hdiutil[15701:1369864] [DIHelperProxy alloc] returning self 0x600002c0c480, retainCount 1 2020-07-28 17:24:35.852410+0100 hdiutil[15701:1369864] DIHLDiskImageAttach: running DIHelperProxy 2020-07-28 17:24:35.852426+0100 hdiutil[15701:1369864] [DIHelperProxy performOperationReturning] entry 2020-07-28 17:24:35.852438+0100 hdiutil[15701:1369864] [DIHelperProxy performOperationReturning] detaching thread 2020-07-28 17:24:35.852675+0100 hdiutil[15701:1369867] [DIHelperProxy workerThread] entry 2020-07-28 17:24:35.852696+0100 hdiutil[15701:1369867] [DIHelperProxy workerThread] setting up server 2020-07-28 17:24:35.852706+0100 hdiutil[15701:1369867] [DIHelperProxy threadSetupServer] entry 2020-07-28 17:24:35.852737+0100 hdiutil[15701:1369867] [DIHelperProxy threadSetupServer] Cannot start hdiejectd because app is sandboxed 2020-07-28 17:24:35.852750+0100 hdiutil[15701:1369867] [DIHelperProxy threadSetupServer] exiting 2020-07-28 17:24:35.852759+0100 hdiutil[15701:1369867] error: unable to set up framework server. 2020-07-28 17:24:35.852767+0100 hdiutil[15701:1369867] [DIHelperProxy workerThread] waiting for task to terminate to avoid zombies 2020-07-28 17:24:35.852775+0100 hdiutil[15701:1369867] checkHelperStatusWaitingForExit: no helper process, skipping 2020-07-28 17:24:35.852783+0100 hdiutil[15701:1369867] [DIHelperProxy workerThread] helper exited 2020-07-28 17:24:35.852793+0100 hdiutil[15701:1369867] [DIHelperProxy workerThread] exiting 2020-07-28 17:24:35.852824+0100 hdiutil[15701:1369864] [DIHelperProxy performOperationReturning] returning 6 2020-07-28 17:24:35.852847+0100 hdiutil[15701:1369864] DIHLDiskImageAttach: DIHelperProxy returned 6 2020-07-28 17:24:35.852860+0100 hdiutil[15701:1369864] [DIHelperProxy dealloc] DIHLDiskImageAttach() returned 6 (null) hdiutil: attach failed - Device not configured The issue appears to be "Cannot start hdiejectd because app is sandboxed", does this mean it's not possible to read a DMG in a sandboxed app, or is there another method available?