My app has the App Sandbox enabled and the File Access to Downloads folder is set to Read / Write in XCode. Upon clicking on a button the app should open the Finder displaying the Downloads folder. The following code snippet is used to launch the Finder if let inspirationsDirectory = FileManager.default.urls(for: .downloadsDirectory, in: .userDomainMask).first{ NSWorkspace.shared.open(inspirationsDirectory) } On my MacOS it works well. After releasing the app to the AppStore and installing it on another Mac the following message is received upon clicking the button: The application does not have permission to open "Downloads" Which would be the solution to launch the Finder successfully ? Is it possible to launch the Finder showing the Downloads folder sorted by the Date Added column descending ?

I'm encountering an intermittent issue while trying to run safaridriver on macOS Sonoma. Here are the details of the problem: I ran sudo /usr/bin/safaridriver -p0 --enable in the beginning. After that when I run this multiple times /usr/bin/safaridriver -p0, I sometimes receive an "Operation not permitted" error, but not consistently. This issue seems to occur intermittently. I've checked the sudo logs, and I see the following error message: kernel: (Sandbox) Sandbox: com.apple.WebDriver.HTTPService(2049) deny(1) user-preference-write com.apple.WebDriver.HTTPService cfprefsd: (CoreFoundation) [com.apple.defaults:cfprefsd] rejecting write of key(s) MobileDeviceRemoteXPCEnabled in { com.apple.WebDriver.HTTPService, nimish, kCFPreferencesAnyHost, /Users/nimish/Library/Preferences/com.apple.WebDriver.HTTPService.plist, managed: 0 } from process 2049 (com.apple.WebDriver.HTTPService) because setting these preferences requires user-preference-write or file-write-data sandbox access cfprefsd: (CoreFoundation) [com.apple.defaults:cfprefsd] Couldn't open parent path due to [2: No such file or directory kernel: (Sandbox) Sandbox: com.apple.WebDriver.HTTPService(2049) deny(1) network-bind local:*:7055 com.apple.WebDriver.HTTPService: (WebDriver) [com.apple.WebDriver:WebService] Error starting HTTP server listening on localhost:0: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" UserInfo={NSLocalizedDescription=Operation not permitted, NSLocalizedFailureReason=Error in bind() function} com.apple.WebDriver.HTTPService: (WebDriver) [com.apple.WebDriver:XPCService] Client connection invalidated for some reason I am getting this on Mac Os Sonoma Can anybody please help on this?

Hi everyone, I've been trying for a few days and still getting the same errors..so any help would be appreciated!! I've got the app to pass the Validation in XCode Organizer, but after I uploaded to Apple Store Connect through the Organizer, I'd get an email with errors, ITMS-90238: Invalid Signature, mentioning a long list of plugins, and then ITMS-90296: App sandbox not enabled. I'm not sure how to investigate these problems, so I've been just blindly trying everything. I've added the Sandbox capability in Xcode and have the entry in the entitlement file. The app even shows Sandbox Yes in Activity Monitor. This is an Qt app. I generated an Xcode project using qmake, then use Xcode to sign and upload. I tried both manually selecting the profile and letting Xcode manage signing automatically. I've tried both Distribution profiles and Development profiles. It was giving build errors in signing unless I used the --deep flag in Other Code Signing Flags. Then I read online that it's not recommended. So I've tried using the -codesign option in the Qt's mac deployment tool, macdeployqt. It passed the validations but still gives the same error. I suspect it's doing a codesign --deep internally. This is how I'm using macdeployqt macdeployqt myapp.app -qmldir="$SOURCE_DIR"/qml -always-overwrite -appstore-compliant -codesign="$SIGNING_CERT" Any advice would be much appreciated!! I'm on macOS Sonoma 14.0, Apple M2, Qt 6.5.3

The old one is "x-apple.systempreferences:com.apple.preference.security?Privacy_ScreenCapture"

I've recently updated my development laptop, and my continuous integration build nodes (a pair of Mac minis) to macOS Sonoma. Prior to this update, my CI workflows passed without issue. Since updating, every time I attempt to run my app's unit tests, an impassible alert is shown stating: “MyApp” differs from previously opened versions. Are you sure you want to open it? Opening “MyApp” will allow it to access data from previously used versions of “MyApp”. My tests go no further, and my CI workflows fail. I found that if I switched from using Ad-Hoc code signing for my tests, that this dialog is no longer shown on my local development laptop, however it is still shown on my CI nodes. Is there some way to tell Xcode to bypass this warning? If there's not, Sonoma doesn't seem to be usable for doing testing.

Hello, I currently am designing a data backup solution, and have an unsandboxed launch agent written in DotNet 6 that needs read access to files in order to back them up. It is configured together with its own App Group (with the sandboxed GUI). However, this Launch Agent cannot access files or enumerate directories in ~/Library/Group Containers/com.apple.notes whatsoever (even after enabling full disk access for the calling app, the files are not restricted either). I am trying to access the NoteStore.sqlite and similar files so that the Launch Agent can read the file and upload it to S3. Is there some entitlement I need to add, or access prompt? It seems like there is additional security layers for Sandboxed folders for apps that I'm trying to bypass. What is the recommended solution for my use case? (For Ventura and Sonoma users)

I`m trying create simple http sever, when I do it in main target of my macOS app then it works, but when I do it in uitests target it fails (result == -1 (Operation not permitted)). Interestingly when I run it in iOS uiTests target then it works. let sockfd = socket(AF_INET, SOCK_STREAM, 0) var serverAddress = sockaddr_in(sin_len: __uint8_t(MemoryLayout<sockaddr_in>.size), sin_family: sa_family_t(AF_INET), sin_port: CFSwapInt16HostToBig(8080), sin_addr: in_addr(s_addr: inet_addr("127.0.0.1")), sin_zero: (0, 0, 0, 0, 0, 0, 0, 0)) let result = withUnsafePointer(to: &serverAddress) { $0.withMemoryRebound(to: sockaddr.self, capacity: 1) { Darwin.bind(sockfd, $0, socklen_t(MemoryLayout<sockaddr_in>.size)) } } I've got set in my main target entitlements: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> </dict> </plist> What can be reason that it fails? how can I fix it?

My app iterates over all folders on disk and queries metadata of each folder. After Sonoma was released, a bunch of users (but not all) complained that the app has become very slow or stalls indefinitely while performing the scan. I have narrowed down that the delay occurs in POSIX open() function, and the folders it stalls on are folders inside ~/Library/Containers and ~/Library/Group Containers, which store data of sandboxed apps. My app is not sandboxed itself, and the problem doesn't happen on all Macs, only on a subset of Macs. I read it in WWDC transcripts that in macOS Sonoma, Apple has introduced additional privacy access control to these particular folders, and my guess is that the delays and stalling are related to this new macOS feature. Is anyone else is experiencing this problem? Can I do something to work around this problem? Or is this a bug of macOS Sonoma and I should report it to Apple?

I am trying to test an application in a SANDBOX environment. iPhone XR, iOS 17.0.3, Xcode 15.0.1 Everything works, but with every transaction or update I get a lot of CoreServise warnings, Error messages, etc.

I found my pkg installer while writing to Data Container in App Sandbox since macOS 14 Sonoma. What is wrong with my installer? My pkg will install file to App Sandbox Container. (Destination Path: "~/Library/Containers/net.mtgto.inputmethod.macSKK/Data/Documents/Dictionaries/SKK-JISYO.L") But I found Installer always asks that “Installer” would like to access data from other apps. Keeping app data separate makes it easier to manage your privacy and security. Click "Don't Allow" button and Installer.app says "The installation failed". This dialog is not shown macOS 13 Ventura. So it seems to relate App Sandbox changes in macOS 14: https://developer.apple.com/documentation/security/app_sandbox/accessing_files_from_the_macos_app_sandbox Is there a way to write to App Sandbox Container from pkg? For detail: https://github.com/mtgto/macSKK/issues/54 Also you can download installer from https://github.com/mtgto/macSKK/releases/tag/0.9.1 (pkg file is exists in macSKK-0.9.1.dmg)

Hi, I have a developer tool that often needs access to files outside of the file the user has selected. For example, they can easily select a file that contains a reference to an include file NOT in the current folder or a descendent. But I still need access to that file. How do I handle this, on the latest version of MacOS? Right now it just fails to give me access to the file, making it look like our Mac version is WAY BEHIND the Windows version. Oh and this needs to be in the App Store eventually, but right now I need it to be available outside of it, so I have to use my Developer ID and notarized. I think I've got all of that nailed down, but I'm still having file permission issues. My entitlements currently (which doesn't work): com.apple.security.cs.disable-library-validation com.apple.security.cs.disable-executable-page-protection com.apple.security.app-sandbox com.apple.security.files.user-selected.read-write Thank you, -Chilton

I have an app that needs to read a file the user selects from an Open dialog. Right now it works fine on my machine (of course), but doesn't let my app access the file on other systems. I code signed it using my Apple Developer ID. I have notarized it. I have checked it all with the notaryTool and it shows NO ERRORS and as far as I can tell, no warnings either. Here's the entitlements: com.apple.security.cs.disable-library-validation com.apple.security.cs.disable-executable-page-protection com.apple.security.app-sandbox com.apple.security.files.user-selected.read-write What could I be doing wrong? Thank you, -Chilton

Hello, I have read com.apple.security.app-sandbox entitlement is required for macOS applications distributed through appstore. If so, how can it be possible for an application like Microsoft Word to read/write files in Documents folder ? It should be forbidden, due to sandbox ? Thanks

Hi, is it possible for a user to remove the implicit permission he or she gave to an app after opening a folder using a standard dialog? I'm asking this because a discussion took place with actual users reasonably arguing that the action may have been a mistake, not intentional at all, so at least we should give them a way to revert what was wrongly interpreted as intent. I believe that they are right and there should be a simple user-level way of doing that. So I looked for a way to remove the bookmark from the command line but to no avail. Thanks, Carlos.

Im working on a small text snippet / lorem ipsum app as a side project and the idea is, for instance, whenever and wherever user types "lorem10" I'd like to print/paste 10 random lorem ipsum words. Eg. "lorem10 " -&gt; ("Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do") For that to be possible I need to, Programmatically press "delete" key to remove the trigger string ("lorem10"). Programmatically press "cmd + v" for pasting the result string. This is possible, even in sandbox! But it requires accessibility permission. For instance I can simulate "delete" key press like this: func delete() {     let eventSource = CGEventSource(stateID: .combinedSessionState)     let keyDownEvent = CGEvent(       keyboardEventSource: eventSource,       virtualKey: CGKeyCode(51),       keyDown: true)     let keyUpEvent = CGEvent(       keyboardEventSource: eventSource,       virtualKey: CGKeyCode(51),       keyDown: false)     let loc = CGEventTapLocation.cghidEventTap     //Triggers system default accessibility access pop-up     keyDownEvent?.post(tap: loc)     keyUpEvent?.post(tap: loc)   } My question is essentially if this is allowed in Mac App Store? Because requesting accessibillity permission like this is not allowed in sandbox: func getPermission() { AXIsProcessTrustedWithOptions([kAXTrustedCheckOptionPrompt.takeUnretainedValue():true] as CFDictionary). } But I can simulate one short "shift" or "cmd" key press for instance, and trigger the pop-up inside a sandboxed app and get around this it seems. Is this a bug? I really hope I can release my app in the Mac App Store, but doing so I just want to be sure Im not using any bug that might get removed in the near future.

I'm the developer of a small utility for Mac called "MusicDeviceHost". https://apps.apple.com/us/app/musicdevicehost/id1261046263?mt=12 As the name suggests, it is a host application for audio units (music device components). See also "Using Sound Canvas VA with QMidi": https://youtu.be/F9C4BiBR A problem occurs while trying to authorize the "Sound Canvas VA" component, Roland Cloud Manager (v3.0.3) returns the following error: “Authorization Error - RM Service not connected Error Connecting to Roland Cloud Manager Service” I guess the error is caused by some permission denied to the sandboxed application version. The NOT sandboxed version of MDH actually works flawlessly. I am using the following entitlements: com.apple.security.app-sandbox com.apple.security.network.client So connecting to the service should work, because "com.apple.security.network.client" is enabled. At Roland, they say: "Cloud Manager isn't supported in a sandboxed environment." But as far as I can see, MainStage and other sandboxed apps works fine... So what is the right answer? Is there someone out there with the same issue? Thanks for helping :)

I am developing a tool for myself using Swift and SwiftUI where I can retrieve student projects using git and then running Maven tests for the projects. The app is not sandboxed, since it is just for my personal use. I use Process to launch git clone or git pull, and then get the commit log and parse the commit data to the app database. All this works just fine, I can see the app database table populated with repository commit data. But when I do the same to execute Maven tests, and call try process.run() process.waitUntilExit() The process never returns, unlike running git the same way. The only difference is the command executed and the arguments given to Process. In the process view, I can see that there is a java child process running in my app, but it never (like in tens of minutes I have waited) completes. Running the same mvn test command...: /opt/apache-maven-3.6.3/bin/mvn -Dstyle.color=never -Dtest=ReverseArrayRangeTests test ...from command line finishes in a couple of seconds. While running the Maven command below executes just fine from Process: /opt/apache-maven-3.6.3/bin/mvn -DskipTests -Dstyle.color=never package In this case, I can see the output from the process while it builds the .jar package from the project. Is there something special in running mvn test command, running Java in the child process, that it just does not work? Takes too much resources or something? macOS limiting what the child process can do, even though the app is not sandboxed? I have also tried to Archive the app and run it outside of Xcode debugging, but that doesn't change anything. My previous solution was to run the tests separately in Terminal using a shell script, saving the test results to a log file the app then read and parsed. But I'd like to do everything within the same GUI app, if possible. Any ideas?

Hi I'm using library in my project which create, modify and read file in iConf. How to get access for the app to read from that file. Tnx, Filip

Is there any way to read/write preferences for a Mac app group using the defaults command? I'm talking about the stuff you would programmatically manipulate using [NSUserDefaults initWithSuiteName:], and that is stored on disk in ~/Library/Group Containers. If I just say defaults read &lt;suite name&gt;, it tells me the the domain does not exist.

General: DevForums tag: App Sandbox App Sandbox documentation App Sandbox Design Guide documentation — This is no longer available from Apple. There’s still some info in there that isn’t covered by the current docs but, with the latest updates, it’s pretty minimal (r. 110052019). Still, if you’re curious, you can consult an old copy [1]. App Sandbox Temporary Exception Entitlements archived documentation — To better understand the role of temporary exception entitlements, see this post. Embedding a Command-Line Tool in a Sandboxed App documentation Discovering and diagnosing App Sandbox violations (replaces the Viewing Sandbox Violation Reports DevForums post) Resolving App Sandbox Inheritance Problems DevForums post Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" [1] For example, this one archived by the Wayback Machine.