Post not yet marked as solved
I have a couple of questions about how to properly implement data protection for my iOS apps. I couldn't find very much information about how the AppID Entitlement and it's default then relates to the options that you set when you write a file using NSFileManager or NSData writetofile. If you don't have the data protection entitlement on for your AppID, does this mean that adding NSDataWritingFileProtectionComplete to your code will not provide any protection?If you do have the data protection entitlement enabled in your AppID, and you have set that entitlement to Protected Until First User Authentication, is this the default level of protection? Can you still choose a higher level of data protection like NSDataWritingFileProtectionComplete for particular files?Thanks
In `man fs_snapshot_create` is stated "All snapshot functions require superuser privileges and also require an additional entitlement."Which entitlement is it?Background:I want to write a tool to create snapshots without `tmutil localsnapshot /` because I noticed that these snapshots are deleted randomly. So I had the idea to check if this only applies to snapshots created with `tmutil` or to APFS-snapshots in general... if it's `tmutil`-related I could circumvent it by using my own app – because for me snapshots are pretty useless if they vanish magically.
I'm trying to read the contents of a file on the filesystem in a macOS Swift app (Xcode 9 / Swift 4).I'm using the following snippet for it:let path = "/my/path/string.txt"
let s = try! String(contentsOfFile: path)
print(s)My problem is the following:1. This works in a Playground2. This works when I use the Command Line Tool macOS app template3. This terminates in a permission error when I use the Cocoa App macOS app templateThe permission error is the following:Fatal error: 'try!' expression unexpectedly raised an error:
Error Domain=NSCocoaErrorDomain Code=257 "The file "data.txt" couldn't be opened because you don't have permission to view it."
UserInfo={NSFilePath=/my/path/data.txt, NSUnderlyingError=0x60c0000449b0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}I guess it's related to sandboxing but I found no information about it.1. How can I read from the filesystem in a sandboxed app? I mean there are so many GUI apps which need an Open File dialog, it cannot be a realistic restriction of sandboxed apps to not read files from outside the sandbox.2. Alternatively, how can I switch off sandboxing in Build Settings?3. Finally, I tried to compare the project.pbxproj files between the default Cocoa Apps and Command Line Tool template and I didn't see any meaningful difference, like something about security or sandbox. If not here, where are those settings stored?
I'm developing a new extension in Files app.When I start a search in the top search bar, files in my extension are not showing up in the list.I tried to implement CSSearchableItem and index it to the corespotlight, but the items are only searchable in the corespotlight and not in Files app.There is no clue in NSFileproviderExtension showing how to implement the search feature in the Files App.How can I make my files searchable in Files app?Thanks
Hello.I have an CoreData app that explicitly enables the data protection capability and sets "NSFileProtectionComplete" in the entitlements. However, if I check the file attributes on the 3 files of the sqlite database I see that these are set to "NSFileProtectionCompleteUntilFirstUserAuthentication" The parent directory ("Application Support") is correctly set to "NSFileProtectionComplete". What am I missing?BRBjörn
Post not yet marked as solved
We read/write “com.apple.PowerManagement.plist” for managing power of MAC O.S. This was usually located in “/Library/Preferences/SystemConfiguration”. However from 10.12, It’s location is changed and name is also changed. Please let us know the location and name of this file in all/different version of MAC O.S. Also can we progrmatically (Using C++) detrime the location of this file?.
Post not yet marked as solved
Hi folks,Is there a way to `compare` (diff) the current disk content with a given tmutil localsnapshot?I found the compare verb in tmutil requires a snapshot path, but the localsnapshot is invisible to file system.Thanks!
Post not yet marked as solved
Hi everybody,I don't seem to be able to get FileProviderValidation to work. I am talking about the app announced by Apple at this year's WWDC. I have done everything the Readme states needs to be done. Under iOS 11, FileProviderValidation just crashes, under iOS 12 Beta 1, it lists all the available File Provider Extensions -- uncluding ours -- but it states that the extension was "Not eligible". (None of them is.)I had previously tried to implement the protocol on my own and to provide an own service source (in Swift, as the rest of the project). But that didn't work. So I went with the Files provided by Apple and included the service source in the bridging header.The only thing I am doing differently from Apple's solution is that I return two items in supportedServiceSources(for itemIdentifier: NSFileProviderItemIdentifier), theirs and ours which serves for XPC between the UI app that hosts the extension and the extension itself.Did anybody get this to work?
Post not yet marked as solved
My app allows users to create their own documents. iOS stores them in/var/mobile/containers/Data/Application/FFFF/Documents/This folder is in the app bundle, yes?When the user installs an updated build from the app store, they would then lose all of their documents.How can the app be made to keep the user's documents when a newer build is downloaded from the app store?
Post not yet marked as solved
On Mojave, my app needs a way to determine if the user has already added the app to the "Full Disk Access" list in System Preferences. (And if not, instruct him to do so).So far I've been using the following empirical test:int c = open("/Library/Application Support/com.apple.TCC/TCC.db", O_RDONLY);if (c == -1 && (errno == EPERM || errno == EACCES)) {// no full disk access}However it turns out that on a small percentage of systems, this test gives NO even when the app is already in the "Full Disk Access" list. I also noticed that on such systems, the folder /Library/Application Support/com.apple.TCC/ has access permissions 700 (drwx------), as opposed to "normal" systems where this folder has permissions 755 (drwxr-xr-x@). I guess this may be the reason why the test fails.Anyway, is there any API or a more reliable test to see if my app has been added to the "Full Disk Access" list in System Preferences?
Post not yet marked as solved
I have a file that can not be removed. When I attempt rm -f /Applications/CrashPlan.app I get "Operation not permitted"Here is the scenario, CrashPlan.app was installed on the MacBook Pro (MacBookPro14,2) running 10.14.4. I found out it was an older version of CrashPlan so I downloaded the installer for the new version and ran it. The installed failed and left behind a file of size 0K.-rw-r--r--@ 1 root admin 0 Apr 11 11:43 CrashPlan.appI then tried to remove the 0K file in terminal with sudo rm -f /Applications/CrashPlan.app and that failed with operation not permitted. I then booted into Recovery mode and ran csrutil disable from terminal and rebooted.sudo rm -f /Applications/CrashPlan.app still failed with operation not permitted.I ran csrutil status in terminal to make sure that sip was disabled and got back: System Integrity Protection status: disabled.I tried booting into single user mode and mounted the drive and tried to rm from there and got the same result. So, from single user mode I did the following:mv /Applications /ApplicationsOLDmkdir /Applicationsmv /ApplicationsOLD/* /Applications/and got an error "Operation not permitted" for CrashPlan.apprebooted and was able to install the new version of CrashPlan, but now I have a folder /ApplicationsOLD that I can not get rid of.Any ideas?
I've been trying to save the output of a macOS app to my desktop. This is the code I'm using to do so:let homePath = FileManager.default.homeDirectoryForCurrentUser
let desktopPath = homePath.appendingPathComponent("Desktop")
print(desktopPath)
let filePath = desktopPath.appendingPathComponent("TestFile.txt")
do {
try unicodeString.write(to: filePath, atomically: false, encoding: .utf8)
} catch {
errorMessage = error.localizedDescription + "\n" + unicodeString
}And this is the error I get: You don’t have permission to save the file “TestFile.txt” in the folder “Desktop”.The path that's printed looks like this: file:///Users/DKJ/Library/Containers/com.hatzicware.FileCreator/Data/Desktopwhich of course is not on my desktop. How do I construct a path that will let me save the file?I get the same error running the app both in Xcode, and on its own in Finder.
I'm experimenting with full-disk access to my app and can't make it working. Here is list of steps I did:Sandbox is turned ON. In fact the entitlements file looks like:<key>com.apple.security.app-sandbox</key><true/><key>com.apple.security.files.user-selected.read-write</key><true/>I created archive of the app and tried to distribute it using boths Developer ID or Development methodsI placed the binary of my app to /Applications folderI went to System Preferences -> Security & Privacy -> Privacy -> Full Disk Access and added access to my app in /Applications folderOf course I'm NOT attached to the app with XcodeI'm testing it in Xcode 11 and on Catalina. It's dummy app, opening NSOpenPanel to let user select archives to decompress and tries to decompress it in the same directory using
libarchive framework.
Any hints? Am I doing anything wrong?
Post not yet marked as solved
HiI am using from a C++ application the following bash commandcp -r MyApp.app /Applicationsbut no file is copied into /Application folder. This happens on macOS Catalina, but not on older OSsthanksBogdan
Post not yet marked as solved
Hi all,We have a Google Drive like application that reads the user's documents folders. In Catalina, Documents are protected and require user consent. I understand that when apps attempt to access these locations a User Consent pop up should be presented to the user by the OS.I have observed in Catalina 10.15 (19A602) that no user prompt appears when we try to access a file in Documents. The app is attempting to read these files without a user initiating the request thus we do not have "implicit" permissions. In our app logs I can clearly see that we try to access `~/Documents/someFile.txt`. This fails and the the error message I see is `Operation not permitted.` This brings up a question, why didn't the user get a pop up to allow access to the Documents folder?To workaround this I directed users to the `Security & Privacy` pane to give the app File and Folder permissions. This would get around the problem however our app does not appear in the File and Folder permission section. Users also can not add apps using the plus icon since it is greyed out. I read that only apps that attempt to access the resource will appear in the File and Folder permissions. Requesting for Full Disk Access fixes these issues however it is a no go. We attempted to read a file from Documents, why isn't our app appearing in File and Folder permissions? I feel like I am at a dead end. Is there another workaround?Thanks in advance! 🙂
Post not yet marked as solved
Hi Team, We are using following different concepts for storing the users data in the device in our hybrid mobile application and even though the app is killed or closed from background we should get the stored values, Because our app should work in offline as well. We are using below code to store. (language:jquery) 1.localStorage.put("some key", "somevalue") 2.preference.put("some key", "somevalue") 3.globalpreference.put("some key", "somevalue") 4.memorypreference.put("some key", "somevalue") And we are below code to retrive back. 1.localstorage.get("some key") 2.preference.get("some key") 3.globalpreference.get("some key") 4.memorypreference.get("some key) This concept was working 100% till iOS version 12.4.2 But this concept not working in iOS version 13.1, 13.2 The data will retain only when the app is in active state. But the stored key itself is deleted once we kill or destroyed the app from background task in iOS 13 device (iPad)and check back again. Surprisingly, Our above concept is perfectly working in Xcode 11.2 with iPad stimulator and even it will work on on real device debugging, and also for Lower version device. But when we generate the ipa and downloaded in real device, the data is getting deleted when we kill/close the application without uninstalling. But the same ipa working fine in lower version of real device. Kindly help us regarding this, because there is no code changes and we are unable to debug it because it is working as expected in stimulator. Need help on urgent basis because it is impacting our business for higher version of iPad device. Is there any work around for it?
Post not yet marked as solved
For my customers using Catalina, they're correctly asked once if my software can access files in their Documents folder, and then the issue is laid to rest.But for me - I have two copies of the executable, the release build in my Applications folder, and the debug build I'm continuing to update. Whenever I switch from one of these to the other, I get the "*.app" would like to access files in your Documents folder prompt again.Are other developers experiencing this? Why is it that having two copies of the same app causes this problem? How do I make it stop?My app is called "Paisley", and it's loading a document from the ~/Documents/Paisley/ directory at startup. let docsDir = FileManager.default.urls(for: .documentDirectory, in: .userDomainMask).last
_defaultDocumentsDirectory = docsDir!.appendingPathComponent("Paisley")Then I "let data = try Data(contentsOf: _defaultDocumentsDirectory.appendingPathComponent("UserData.xml"))"
Post not yet marked as solved
We use rsync to backup a user's documents to a network share and I seem to have run into an issue having it run at login.I can run the script below, at the terminal prompt, without root access, and the rync command will run without error and I will get a successful backup on the network share:rsync -rltgoD --progress --no-p --delete --cvs-exclude ~/Documents /Volumes/dfs/"$adOU"/"$loggedInUser"/"$computerName"When I add that command to be run by Enterprise Connect after a successful login, it fails with the following error message:building file list ...0 files...rsync: opendir "/Users/<USERNAME>/Documents" failed: Operation not permitted (1)1 file to considerIO error encountered -- skipping file deletionCurrently running 10.15.1Thank you for any advice.
Post not yet marked as solved
I need to save file to library directory to support retry capability, but some users found it not working. After some research, I got the following information:It affects about 100+ users per day, about one in ten thousand of DAU.96% of them are iOS 13, others are iOS 9, iOS 10, iOS 12(App lowest support version is iOS9).Once it occurs, later file creations always failed.App cant save file to sandbox, including library document temp caches directory, using API [NSString writeToFile:atomically:encoding:error:],the error it returns is "{"localizedRecoveryOptions":"","localizedDescription":"The operation couldn’t be completed.","domain":"NSCocoaErrorDomain","code":512,"localizedFailureReason":"","userInfo":{"NSUserStringVariant":"Folder"},"localizedRecoverySuggestion":""}", The localizedDescription is in Chinese(because the phone locale is Chinese), but I cant type Chinese in the post.Users some have remaining iCloud storage space and some not. They all have remaining disk stroage space.The sandbox is not empty, it contains some other files that App creates, but the files cretaed date earlier than the user last reinstall date, may synchronized by iCloud, but the user charging via power, not PC.The files in sandbox that already exist(eg: sqlite datebase file) can be edited.Scanning sandbox directory attribute using api -[NSFileManager attributesOfItemAtPath:error:], directory write permission returns "NSFilePosixPermissions":493(755 in Octal).After reinstall the App, It can create files again, some users after some time(may one day or longer) it occurs agains, the old files come back, newly created files disappear. and other users no more problems. So why this happned and how can I fix this problem?
Post not yet marked as solved
I've implemented the NSFilePresenter protocol in a Mac app (Catalina 10.15.3 Xcode 10.15.3) to watch a directory.Most protocol methods get called correctly, but some don't get called at all. For some there are (cumbersome) alternatives, but if, for example a file is immediately deleted in Finder using option+command+del, the NSFilePresenter delegate never receives any callback. Is there a workaround to trigger the callbacks?final class FileController: NSObject, NSFilePresenter {
...
init() {
presentedItemURL = // Some directory
NSFileCoordinator.addFilePresenter(self)
}
func accommodatePresentedItemDeletion(completionHandler: @escaping (Error?) -&gt; Void) {
// Never gets called
completionHandler(nil)
}
func presentedSubitemDidAppear(at url: URL) {
// Never gets called
}
func presentedSubitemDidChange(at url: URL) {
// Does get called
}
}
