Modern versions of macOS use a file system permission model that’s far more complex than the traditional BSD rwx model, and this post is my attempt at explaining that model. If you have a question about this, post it here on DevForums. Put your thread in the App & System Services > Core OS topic area and tag it with Files and Storage. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" On File System Permissions Modern versions of macOS have four different file system permission mechanisms: Traditional BSD permissions Access control lists (ACLs) App Sandbox Mandatory access control (MAC) The first two were introduced a long time ago and rarely trip folks up. The second two are newer, more complex, and specific to macOS, and thus are the source of some confusion. This post is my attempt to clear that up. Error Codes App Sandbox and the mandatory access control system are both implemented using macOS’s sandboxing infrastructure. When a file system operation fails, check the error to see whether it was blocked by this sandboxing infrastructure. If an operation was blocked by BSD permissions or ACLs, it fails with EACCES (Permission denied, 13). If it was blocked by something else, it’ll fail with EPERM (Operation not permitted, 1). If you’re using Foundation’s FileManager, these error are both reported as Foundation errors, for example, the NSFileReadNoPermissionError error. To recover the underlying error, get the NSUnderlyingErrorKey property from the info dictionary. App Sandbox File system access within the App Sandbox is controlled by two factors. The first is the entitlements on the main executable. There are three relevant groups of entitlements: The com.apple.security.app-sandbox entitlement enables the App Sandbox. This denies access to all file system locations except those on a built-in allowlist (things like /System) or within the app’s containers. The various “standard location” entitlements extend the sandbox to include their corresponding locations. The various “file access temporary exceptions” entitlements extend the sandbox to include the items listed in the entitlement. Collectively this is known as your static sandbox. The second factor is dynamic sandbox extensions. The system issues these extensions to your sandbox based on user behaviour. For example, if the user selects a file in the open panel, the system issues a sandbox extension to your process so that it can access that file. The type of extension is determined by the main executable’s entitlements: com.apple.security.files.user-selected.read-only results in an extension that grants read-only access. com.apple.security.files.user-selected.read-write results in an extension that grants read/write access. Note There’s currently no way to get a dynamic sandbox extension that grants executable access. For all the gory details, see this post. These dynamic sandbox extensions are tied to your process; they go away when your process terminates. To maintain persistent access to an item, use a security-scoped bookmark. See Accessing files from the macOS App Sandbox. To pass access between processes, use an implicit security scoped bookmark, that is, a bookmark that was created without an explicit security scope (no .withSecurityScope flag) and without disabling the implicit security scope (no .withoutImplicitSecurityScope flag)). If you have access to a directory — regardless of whether that’s via an entitlement or a dynamic sandbox extension — then, in general, you have access to all items in the hierarchy rooted at that directory. This does not overrule the MAC protection discussed below. For example, if the user grants you access to ~/Library, that does not give you access to ~/Library/Mail because the latter is protected by MAC. Finally, the discussion above is focused on a new sandbox, the thing you get when you launch a sandboxed app from the Finder. If a sandboxed process starts a child process, that child process inherits its sandbox from its parent. For information on what happens in that case, see the Note box in Enabling App Sandbox Inheritance. IMPORTANT The child process inherits its parent process’s sandbox regardless of whether it has the com.apple.security.inherit entitlement. That entitlement exists primarily to act as a marker for App Review. App Review requires that all main executables have the com.apple.security.app-sandbox entitlement, and that entitlements starts a new sandbox by default. Thus, any helper tool inside your app needs the com.apple.security.inherit entitlement to trigger inheritance. However, if you’re not shipping on the Mac App Store you can leave off both of these entitlement and the helper process will inherit its parent’s sandbox just fine. The same applies if you run a built-in executable, like /bin/sh, as a child process. When the App Sandbox blocks something, it typically generates a sandbox violation report. For information on how to view these reports, see Discovering and diagnosing App Sandbox violations. To learn more about the App Sandbox, see the various links in App Sandbox Resources. For information about how to embed a helper tool in a sandboxed app, see Embedding a Command-Line Tool in a Sandboxed App. Mandatory Access Control Mandatory access control (MAC) has been a feature of macOS for many releases, but it’s become a lot more prominent since macOS 10.14. There are many flavours of MAC but the ones you’re most likely to encounter are: Full Disk Access (macOS 10.14 and later) Files and Folders (macOS 10.15 and later) App container protection (macOS 14 and later) App group container protection (macOS 15 and later) Data Vaults (see below) and other internal techniques used by various macOS subsystems Mandatory access control, as the name suggests, is mandatory; it’s not an opt-in like the App Sandbox. Rather, all processes on the system, including those running as root, as subject to MAC. Data Vaults are not a third-party developer opportunity. See this post if you’re curious. In the Full Disk Access and Files and Folders cases, users grant a program a MAC privilege using System Settings > Privacy & Security. Some MAC privileges are per user (Files and Folders) and some are system wide (Full Disk Access). If you’re not sure, run this simple test: On a Mac with two users, log in as user A and enable the MAC privilege for a program. Now log in as user B. Does the program have the privilege? If a process tries to access an item restricted by MAC, the system may prompt the user to grant it access there and then. For example, if an app tries to access the desktop, you’ll see an alert like this: “AAA” would like to access files in your Desktop folder. [Don’t Allow] [OK] To customise this message, set Files and Folders properties in your Info.plist. This system only displays this alert once. It remembers the user’s initial choice and returns the same result thereafter. This relies on your code having a stable code signing identity. If your code is unsigned, or signed ad hoc (“Signed to Run Locally” in Xcode parlance), the system can’t tell that version N+1 of your code is the same as version N, and thus you’ll encounter excessive prompts. Note For information about how that works, see TN3127 Inside Code Signing: Requirements. The Files and Folders prompts only show up if the process is running in a GUI login session. If not, the operation is allowed or denied based on existing information. If there’s no existing information, the operation is denied by default. For more information about app and app group container protection, see the links in Trusted Execution Resources. For more information about app groups in general, see App Groups: macOS vs iOS: Fight! On managed systems the site admin can use the com.apple.TCC.configuration-profile-policy payload to assign MAC privileges. For testing purposes you can reset parts of TCC using the tccutil command-line tool. For general information about that tool, see its man page. For a list of TCC service names, see the posts on this thread. Note TCC stands for transparency, consent, and control. It’s the subsystem within macOS that manages most of the privileges visible in System Settings > Privacy & Security. TCC has no API surface, but you see its name in various places, including the above-mentioned configuration profile payload and command-line tool, and the name of its accompanying daemon, tccd. While tccutil is an easy way to do basic TCC testing, the most reliable way to test TCC is in a VM, restoring to a fresh snapshot between each test. If you want to try this out, crib ideas from Testing a Notarised Product. The MAC privilege mechanism is heavily dependent on the concept of responsible code. For example, if an app contains a helper tool and the helper tool triggers a MAC prompt, we want: The app’s name and usage description to appear in the alert. The user’s decision to be recorded for the whole app, not that specific helper tool. That decision to show up in System Settings under the app’s name. For this to work the system must be able to tell that the app is the responsible code for the helper tool. The system has various heuristics to determine this and it works reasonably well in most cases. However, it’s possible to break this link. I haven’t fully research this but my experience is that this most often breaks when the child process does something ‘odd’ to break the link, such as trying to daemonise itself. If you’re building a launchd daemon or agent and you find that it’s not correctly attributed to your app, add the AssociatedBundleIdentifiers property to your launchd property list. See the launchd.plist man page for the details. Scripting MAC presents some serious challenges for scripting because scripts are run by interpreters and the system can’t distinguish file system operations done by the interpreter from those done by the script. For example, if you have a script that needs to manipulate files on your desktop, you wouldn’t want to give the interpreter that privilege because then any script could do that. The easiest solution to this problem is to package your script as a standalone program that MAC can use for its tracking. This may be easy or hard depending on the specific scripting environment. For example, AppleScript makes it easy to export a script as a signed app, but that’s not true for shell scripts. TCC and Main Executables TCC expects its bundled clients — apps, app extensions, and so on — to use a native main executable. That is, it expects the CFBundleExecutable property to be the name of a Mach-O executable. If your product uses a script as its main executable, you’re likely to encounter TCC problems. To resolve these, switch to using a Mach-O executable. For an example of how you might do that, see this post. Revision History 2024-11-08 Added info about app group container protection. Clarified that Data Vaults are just one example of the techniques used internally by macOS. Made other editorial changes. 2023-06-13 Replaced two obsolete links with links to shiny new official documentation: Accessing files from the macOS App Sandbox and Discovering and diagnosing App Sandbox violations. Added a short discussion of app container protection and a link to WWDC 2023 Session 10053 What’s new in privacy. 2023-04-07 Added a link to my post about executable permissions. Fixed a broken link. 2023-02-10 In TCC and Main Executables, added a link to my native trampoline code. Introduced the concept of an implicit security scoped bookmark. Introduced AssociatedBundleIdentifiers. Made other minor editorial changes. 2022-04-26 Added an explanation of the TCC initialism. Added a link to Viewing Sandbox Violation Reports.  Added the TCC and Main Executables section. Made significant editorial changes. 2022-01-10 Added a discussion of the file system hierarchy. 2021-04-26 First posted.

General: DevForums tags: Files and Storage, Finder Sync, File Provider, Disk Arbitration, APFS File System Programming Guide On File System Permissions DevForums post File Provider framework Finder Sync framework App Extension Programming Guide > App Extension Types > Finder Sync Disk Arbitration Programming Guide Mass Storage Device Driver Programming Guide Device File Access Guide for Storage Devices Apple File System Guide TN1150 HFS Plus Volume Format Extended Attributes and Zip Archives File system changes introduced in iOS 17 DevForums post Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

File system changes introduced in iOS 17 As part of iOS 17, tvOS 17, and watchOS 10, the system has reorganized where applications and their data containers are stored. In previous systems, both lived within the same volume but, starting in iOS 17, they will be stored on different volumes. What does this mean for you? Copying large amounts of data from the app bundle to a data container will take longer than in previous versions of iOS. Previously that copy would have occurred as an APFS file clone, but now the operation will occur as a standard copy, which may take much significantly longer. Because the data will need to be fully duplicated, storage usage will increase more than was the case in previous versions. You should minimize the data they copy out of their app bundle and avoid any unnecessary duplication of data between the app bundle and data container. When upgrading from previous system version, splitting the data into separate volumes may mean that there is insufficient space for all existing apps and their data. If this occurs, the app's data container will remain on the device, preserving the user's data, while the app bundle itself is removed using the same mechanism as "Offload Unused Apps". The user can then restore the app once they've freed sufficient space for the app to install. Revision History 2023-07-11 First posted

I was able to add new domain with 'NSFileProviderManager.add' function in Xcode past 2 months. Yesterday I created .pkg file (installer file) for distribution with 'pkgbuild' and 'productbuild' commands in terminal. I successfully install application and test it then uninstall it. However after this, In Xcode I cannot add new domain anymore. I keep getting "Error Domain=NSFileProviderErrorDomain Code=-2001 "No valid file provider found with identifier ‘’." Command that used to create .pkg file pkgbuild --root "path" --scripts "path" --identifier "same bundle identifier with app" --version 1.0 --install-location /Applications "newpkg.pkg" productbuild --synthesize --package "newpkg.pkg" Distribution.xml productbuild --distribution Distribution.xml --package-path "newpath.pkg" "newpathrelease.pkg" NOTE: When app is installed (But not running). I am able to add new domain in Xcode. After I uninstall app, I start to get same error again NOTE: I uninstall app by move it to Trash from Applications directory in finder Any suggestion about add new domain in Xcode during development? Or How to fix 'No valid file provider found with identifier' error

It says that the APFS (Apple File System) is the default file system on iOS, but I just want to confirm that all Apple provided apps such as Photos, Notes, Keynote, Mail, use it also. (hope this question isnt as ****** as it sounds, I guess I’m always a bit uncertain with Apple provided stuff as they have secret privileges)

I want to write a disk image (ISO, img) to an SD card, but I always get permission errno 13 (permission denied). let diskPath = "/dev/rdisk99" guard let diskHandle = FileHandle(forWritingAtPath: diskPath) else { throw NSError(domain: "DiskWriter", code: Int(errno), userInfo: [NSLocalizedDescriptionKey: "errno \(errno)"]) } It seems that when other macOS applications try to read from a raw block device it triggers an Access Removable Media prompt and when other applications try to write to a raw block device it triggers a Full Disk Access prompt. How can I trigger that prompt? And then how do I elevate my write to use that permission? P.S. I'm not a Swift coder, but I'd like to be... if it weren't that every "simple" thing I've tried launches me directly into a brick wall. :slight_smile: (not a criticism, just that the kinds of problems I like to solve tend towards uncommon and not as well supported in the ecosystem) What I've tried I did change Sandbox App to NO in MyApp.entitlements I have tried manually adding my Debug Archive to Full Disk Access Why? As to why I'm I interested in this: Well, it just seems silly that UI tools that do what dd does are hundreds of megabytes. Can't we do this in a UI that uses all the default macOS libraries and is just a few kilobytes (or megabytes at worst)?

the Xcode Version 16.2 (16C5032a), I want to know how to setup a directory in Xcode project when develop the iOS app. Here is the whole thing: I start a new iOS App project "test_path". then I right click, and choose "New Folder", to make a new folder "configx" then I right click on the configx folder, and choose the "add files to test_path", add a file in it But the folder does not exist in the project when try to access by "Bundle.main.urls" func. 5. when ls in the Mac, /data/Containers/Bundle/Application/E4F11903-3FAD-467F-A4CD-60AC68D64934/test_path.app, the file just at the root path of test_path.app, no "configx" folder ahead the file. so, how to setup a directory or a path in iOS project?

Please can somebody help me? I have a document-based iOS in the App Store (iNetWorth). I was able to run it on my M1 Mac Mini as a Mac (Designed for iPad) app without any issues until macOS 15. So, I created a simple test app based on a TabView to try and find out why I cannot get iNetWorth to run successfully on my Mac. The issue is that when TabViewApp.swift file looks like this: import SwiftUI @main struct TabViewApp: App { var body: some Scene { /*WindowGroup { ContentView() }*/ DocumentGroup(newDocument: TextFile()) { file in ContentView(document: file.$document) } } } TabView fails to load the ContentView() - in Xcode 16.2 running on macOS 15.3.2. On opening, the TabView app prompts the user to open a new or existing file normally but it then opens a window that is empty, apart from a Documents button and a label displaying the filename with a dropdown menu (Duplicate, Move, Rename..., Export As…). If the @Binding var document: TextFile line is removed from the ContentView() and the TabViewApp.swift file is changed to: import SwiftUI @main struct TabViewApp: App { var body: some Scene { WindowGroup { ContentView() } /*DocumentGroup(newDocument: TextFile()) { file in ContentView(document: file.$document) }*/ } } the TabView app loads and displays the ContentView() correctly. Both versions of TabView, when running in Xcode on My Mac (Designed for iPad), produce these warnings: CLIENT: Failure to determine if this machine is in the process of shutting down, err=1/Operation not permitted LSPrefs: could not find untranslocated node for <FSNode 0x6000013901a0> { isDir = ?, path = '/private/var/folders/3f/8788c4dj50q050_4wg9fssbr0000gp/X/518B55E1-0EC4-5D84-9202-4E44410EB249/d/Wrapper/TabView.app' }, proceeding on the assumption it is not translocated: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" LSPrefs: could not find untranslocated node for <FSNode 0x6000013901a0> { isDir = ?, path = '/private/var/folders/3f/8788c4dj50q050_4wg9fssbr0000gp/X/518B55E1-0EC4-5D84-9202-4E44410EB249/d/Wrapper/TabView.app' }, proceeding on the assumption it is not translocated: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" LSPrefs: could not find untranslocated node for <FSNode 0x6000013901a0> { isDir = ?, path = '/private/var/folders/3f/8788c4dj50q050_4wg9fssbr0000gp/X/518B55E1-0EC4-5D84-9202-4E44410EB249/d/Wrapper/TabView.app' }, proceeding on the assumption it is not translocated: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" LSPrefs: could not find untranslocated node for <FSNode 0x6000013901a0> { isDir = ?, path = '/private/var/folders/3f/8788c4dj50q050_4wg9fssbr0000gp/X/518B55E1-0EC4-5D84-9202-4E44410EB249/d/Wrapper/TabView.app' }, proceeding on the assumption it is not translocated: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted” However, the document-based version of TabView also displays these warnings: cannot open file at line 49450 of [1b37c146ee] os_unix.c:49450: (2) open(/private/var/db/DetachedSignatures) - No such file or directory I suspect that the lack of the DetachedSignatures file is the root cause of the ContentView() not being loaded but I cannot find out how to generate a DetachedSignatures file. Adding an empty DetachedSignatures file or directory to /private/var/db/ does not help. Has anyone else experienced this problem (and maybe found a solution)? Should I raise it as a bug via Feedback or am I missing something obvious? Thanks!

Hi all, i am trying to implement File Provider Extension. I have some questions about conflict resolution Same file is changed at user local and remote storage before it's synced. File has 2 different version at user local and remote storage. After trigger a new enumeration by calling signalEnumerator for the extension, I want to move user's local version to new conflicted copy (with new itemIdentifier: NSFileProviderItemIdentifier) and import remote storage version to user local (with current itemIdentifier: NSFileProviderItemIdentifier). Then users local version should uploaded to remote storage server with new conflicted copy name Any suggestion about this scenario? Or any documentation about conflict resolution

Hello Dev, The App, which I am working on, uses fcopyfile() to copy file from external storage (USB, thunderbolt) to internal disk. Looks like this call provides the best performance. fcopyfile(from, to, nullptr, COPYFILE_DATA); I need to be sure the data is copied after the call. Are there any necessity to synchronize a file's state with that on disk the data? (e.g. call fsync()) Thank you in advance! Pavel

Can be reproduced with a shared iPad setup (https://support.apple.com/de-de/guide/deployment/dep9a34c2ba2/web) and the example app provided by Apple (https://developer.apple.com/documentation/fileprovider/synchronizing-files-using-file-provider-extensions). The issue is that when using the File Provider extension implemented with 'NSFileProviderReplicatedExtension', the content of the share does not display in the iPadOS Files app. The 'NSFileProviderEnumerating.enumerator' function is invoked, but none of the functions of the returned 'NSFileProviderEnumerator' are executed: neither 'currentSyncAnchor', 'enumerateChanges', nor 'enumerateItems'. Instead, the 'NSFileProviderEnumerator' is immediately invalidated. This issue can be reproduced with iPadOS 18.3 and a shared iPad setup. Maybe i missing some additional steps/ settings in my extension to work properly on Shared iPads. Created also a post on the feedbackassistent: FB16587660 (NSFileProviderReplicatedExtension does not work in Shared iPad setup) Steps to reproduce: iPad with a Shared iPad profile Enroll the iPad and log in as a Guest user Turn on developer mode Install the example app from Apple (as mentioned above) Add some test files to the FruitBasket storage Add this FruitBasket domain to the FruitBasket-iOS app You may need to provide "Privacy - Local Network Usage Description" in the Info.plist of the FruitBasket-iOS example app to be able to find local FruitBasket storage. Check in the Files app to see that the FruitBasket share is empty -> The expected behavior is that the FruitBasket share should contain the test files added previously. (This works fine without a shared iPad setup).

In my App I want to create a new directory structure in a user selected base directory. In the entitlements com.apple.security.files.user-selected.read-write = true is defined. I call URL.startAccessingSecurityScopedResource( ) and get a true value back. When calling FileManager.createDirectory( at: directoryURL, withIntermediateDirectories: true, attributes: nil ) an error is thrown that write access is missing. User has write permissions in that directory. When the user selects a directory I store a bookmark via an @AppStorage variable. After write attempt URL.stopAccessingSecurityScopedResource() is called. I have also implemented a SharedExtension (especially for the Photo app). When user calls the SharedExtension of my app and the app just uses the bookmark stored with @AppStorage and follows the same process as described above no difficulties appear and directories are created as expected. Changing back to the main app, using again the untouched bookmark and execute the exactly same code as in the first attempt everything works fine and as expected. The phenomenon appears on real devices but not on simulator. Any ideas how to solve the issue of having no write access in first attempt?

macos 15.4 beta claims to support FSKit. Is there an FSKit sample available? I don't see anything useful in the published docs.

Hi all, i am trying to implement File Provider Extension. I have some scenarios that I can not figure out, User delete a file on local. 'deleteItem' callback is triggered. I send delete request to remote server. Remove server failed to apply deletion (for some reason deletion failed, blocked). I call 'completionHandler' with necessary error but here is the problem. File is removed in user local but exit in remote server. After some time 'deleteItem' callback is triggered multiple times for this file. I need to put same file in user local (rollback deletion) and stop triggered callbacks. I have a folder named "New folder". This folder is dataless (its sub items is not enumerated yet). User add a file named "a.txt" to this folder on remote server. I detect that addition. When I apply that addition with 'NSFileProviderChangeObserver' observers 'didUpdate' method then enumerate this directory "a.txt" is duplicated (a 2.txt is created). Is there any way to control folder named "New folder" is dataless (its sub items is not enumerated) so that I can skip file addition to prevent duplication. Any suggestion about above scenarios

Howdy! I'm in the R&D phase of this project and I need help. I can't find any sources that verify what I want to do is even possible. I need to connect an iPhone or iPad using a USB cord to an external device which will transfer files to the iPhone or iPad. I have an app already made which can organize the files and whatever else I need to do (app is from a similar project). I'll refer to this device as Alfred (for poops and giggles) The plan (if possible) is for Alfred to recognize my app and use its documents folder as the destination of the transfer. The iDevice doesn't have to communicate with Alfred, but that would be a bonus. I don't want Alfred to run on an SOC. My goal is to have it be as simple as possible. No OS, just firmware. If the only way to interact with Apple Devices is Bluetooth or Wifi than so be it. If Matter or Thread could be utilized I wouldn't be apposed. Any help with this project would be greatly appreciated. Thanks in advance.

I need to detect the triggering of an auto-mount operation when accessing the path to a formerly unknown mount point at the file system (BSD, POSIX, NSURL) level, and how to wait for it to finish the operation. Network shares can have sub-volumes on them Consider a Windows server. Let's say there's a SMB sharepoint at C:\Shared. It has some folders, one of which is at C:\Shared\More. Furthermore, there's another partition (volume) on the PC, which is mounted at C:\Shared\More\OtherVol. If you mount the initial share on a Mac with a recent macOS, macOS initially only sees a single mount point at /Volumes/Shared, which can be checked with the "mount" command. Now, if you use Finder to dive into the Shared/More folder, Finder will trigger an auto-mount action on the containing OtherVol folder, and after that, the "mount" command will list two mount points from this server, the second being at /Volumes/Shared/More/OtherVol. (This was a bit surprising to me - I'd have thought that Windows or SMB would hide the fact that the share has sub-volumes, and simply show them as directories - and that's what it did in older macOS versions indeed, e.g. in High Sierra. But in Sequoia, these sub-volumes on the Windows side are mirrored on the Mac side, and they behave accordingly) Browse the volume, including its sub-volumes Now, I have a program that tries to dive into all the folders of this Shared volume, even if it was just freshly mounted and there's no mountpoint at /Volumes/Shared/More/OtherVol known yet (i.e. the user didn't use Finder to explore it). This means, that if my program, e.g. using a simple recursive directory scan, reaches /Volumes/Shared/More/OtherVol, the item will not appear as a volume but as an empty folder. E.g, if I get the NSURLIsVolumeKey value, it'll be false. Only once I try to enter the empty dir, listing its contents, which will return no items, an auto-mount action will get triggered, which will add the mountpoint at the path. So, in order to browse the actual contents of the OtherVol directory, I'd have to detect this auto-mount operation somehow, wait for it to finish mounting, and then re-enter the same directory so that I now see the mounted content. How do I do that? I.e. how do I tell that a dir is actually a auto-mount point and how do I wait for it to get auto-mounted before I continue to browse its contents? Note that newer macOS versions do not use fstab any more, so that's of no help here. Can the DA API help? Do I need to use the old Disk Arbitration functions for this, somehow? I have used the DA framework in the part to prevent auto-mounting, so I imagine I could hook into that handler, and if I get a callback for a mount operation, I could then queue the newly mounted volume for scanning. The problem, however, is that my scanning code may, having only seen an empty directory at the not-yet-mounted mountpoint, already decided that there's nothing there and finished its operation. I'd need some reliable method that lets my recursive scanning code know whether an auto-mount has been triggered and it therefore needs to wait for the DA callback. So, is there some signal that will let me know IMMEDIATELY after entering the empty mountpoint directory that an auto-mount op is on the way? Because I suspect that the DA callbacks come with a delay, and therefore would come too late if I used that as the notifier that I have to wait.

The application search for the occurences of a string into files and folders. Everything work fine until I enable sanbox. Then opendir(path_to_folder) report "Operation not permitted". By example dp = opendir("/Users/alain/Desktop"); set dp to NULL for my own Desktop. The application need only read access. How can I get this access ?

We have a macOS app that has a Photos Extension, which shares documents with the app via an app group container. Historically we used to have an iOS-style group identifier (group.${TeamIdentifier}${groupName}), because we were lead by the web interface in the developer portal to believe this to be the right way to name groups. Later with the first macOS 15 betas last year there was a bug with the operating system warning users, our app would access data from different apps, but it was our own app group container directory. Therefore we added a macOS-style group identifier (${TeamIdentifier}${groupName}) and wrote a migration of documents to the new group container directory. So basically we need to have access to these two app group containers for the foreseeable future. Now with the introduction of iOS-style group identifiers for macOS, Xcode Cloud no longer archives our app for TestFlight or AppStore, because it complains: ITMS-90286: Invalid code signing entitlements - Your application bundle’s signature contains code signing entitlements that aren’t supported on macOS. Specifically, the “[group.${TeamIdentifier}${groupName}, ${TeamIdentifier}${groupName}]” value for the com.apple.security.application-groups key in isn’t supported. This value should be a string or an array of strings, where each string is the “group” value or your Team ID, followed by a dot (“.”), followed by the group name. If you're using the “group” prefix, verify that the provisioning profile used to sign the app contains the com.apple.security.application-groups entitlement and its associated value(s). We have included the iOS-style group identifier in the provisioning profile, generated automatically, but can't do the same for the macOS-style group identifier, because the web interface only accepts identifiers starting with "group". How can we get Xcode Cloud to archive our app again using both group identifiers? Thanks in advance

In my app I need to have access to the users desktop, and I would like to implement the standard dialogue for the user to give permission for this access at launch. I do not want to use the NSOpenPanel() for the user to select the desktop, as I dont think that is an elegant solution. However I am having issues implementing this. I use the following code to be granted access to the Desktop URL: let accessGranted = desktopURL.startAccessingSecurityScopedResource() However no dialogue box appears and the call returns false I have also included "Desktop Usage Description" in my plist. Here is my code @State var message:String = "Good Luck!" var body: some View { VStack { Button("Get Desktop files") { accessDesktopWithPermission() } Text(message) } .padding() } //: –—–—–—–—–—–—–—–—–—–—–—–—–—–— :// func accessDesktopWithPermission(){ guard let desktopURL = getDesktopURL() else{ return } let accessGranted = desktopURL.startAccessingSecurityScopedResource() if accessGranted{ if let content = try? FileManager.default.contentsOfDirectory(at: desktopURL, includingPropertiesForKeys: nil ){ message = "Found \(content.count) on Desktop" } else{ message = "issue loading file from desktop" } } else{ message = "Access denied to:\(desktopURL )" } } obviously I have setup something incorrectly so I have also attached my code if anyone is interested to take a look. [https://www.openscreen.co/DesktopAccess.zip)

Hi all, i am trying to implement File Provider Extension. I was able to enumerate remote storage directories to local via 'enumerateItems' function of NSFileProviderEnumerator. I can apply remote storage changes like newly created files/folders, move, rename and delete operations and successfully apply them to local with 'NSFileProviderChangeObserver' class 'didUpdate' and 'didDeleteItems' functions. However when file content is updated on remote server; If file content is not fetched(file is Dataless), i can not apply this change to local. When i call 'NSFileProviderChangeObserver' class 'didUpdate' function for changed file, only DateModified attribute is updated on finder, file size is not changed to new size. If file content has been fetched, When i call 'NSFileProviderChangeObserver' class 'didUpdate' function nothing is changed, file content stay depreciated Any suggestion how to fix it?

I am working on Flutter MAC app. And using ObjectBox store DB for local data saving. When i am setting Sandbox - NO, It is working fine. But when i am setting Sandbox - YES for production MAC flutter app - It is giving error and getting black screen only Getting error- Error initializing ObjectBox store: StorageException: failed to create store: Could not open database environment; please check options and file system (1: Operation not permitted) (OBX_ERROR code 10199)

Hi There, I have an app which access the media library, to save and load files. Since the IOS 18.2, the access to the media library stopped working. Now, I've noticed that our App doesn't show in the List of apps with access to Files ( Privacy & Security -> Files & Folders). Weird behavior is that, one iPhone with iOS 18.3.1 can access to the Files but others no, same iOS version 18.3.1. Test on Simulators (MAC) and works fine also. My info.plist file have the keys to access media library for long time and hasn't changed (at least in the las 4 years) including the key "Privacy - Media Library Usage Description". Also, I've noticed, that the message (popup) that request access to the media library, when using the app for the first time, doesn't show up anymore. We request access to the network (wifi) and this message still showing up but no the media library. I'm using Visual Studio with Xamarin on a MAC. I really appreciate any help you can because is very odd behavior and this started from the iOS 18.2.

Hello, I'm a newer Xcode developer trying to debug an error I'm getting in my iOS app. I'm using this code to get file content: //inputFile = "here is my file name with no extension" let filepath = Bundle.main.path(forResource: inputFile, ofType: "txt") //filepath = "/Users/username/Library/Developer/CoreSimulator/Devices/[DeviceGUID]/data/Containers/Bundle/Application/[AppGUID]/AppName.app/here is my file name with no extension.txt" let fileContent = try String(contentsOfFile: filepath) That line generates a runtime error: error NSError domain: "NSCocoaErrorDomain" - code: 264 0x0000600000c74d20 Xcode 16.2 on macOS Sequoia 15.1.1 I had this code working... I had to step away from the code for a few months; I updated Xcode and now I'm getting this error. (I could've screwed the code up). I navigated to the directory and the file is there. Anybody have any ideas? Thank you! Hoss