So I'm aware that Apple can designate a folder as a "data vault", and access to that folder is limited to applications that have a specific entitlement. I was wondering if there was an equivalent (or the same, I'm not fussy :) feature available to third parties, even if only during the app-store submission ? To avoid the X-Y problem, what I want to do is have a launch agent with access to a SQLite database, and I want only that launch agent to have access. Any reads of the database will have to be done through an XPC call from the main user-facing application. I want to store private data into that database, and I don't want there to be any way for any other application to read it. If there's a way to do that without data-vaults I'm all ears :) I'm not sure if this is really the right place, perhaps the core-os forum would be better, but since the Apple solution is gate-kept by entitlements, I thought I'd start here :)

I am adding NSFileProviderPartialContentFetching support to an existing NSFileProviderReplicatedExtension. My backend has a high "Time To First Byte" latency (approx. 3 seconds) but reasonable throughput once the connection is established. I am observing a critical behavior difference between Partial Content Fetching and standard Materialization that causes sequential reads (e.g., dd, Finder copies, Adobe apps) to fail with timeouts. The Scenario: I have a 2.8 GB file. I attempt to read it sequentially using dd. **Baseline (Working): Partial Fetching Disabled ** I do not conform to NSFileProviderPartialContentFetching. The system triggers fetchContents(for:version:request:completionHandler:). My extension takes 3 seconds to connect, then streams the entire 2.8 GB file. Result: Success. The OS waits patiently for the entire download (minutes) without timing out, then dd reads the file instantly from the local disk. **The Issue: Partial Fetching Enabled ** I add conformance to NSFileProviderPartialContentFetching. The system requests small, aligned chunks (e.g., 16KB or 128KB). My extension fetches the requested range. This takes ~3 seconds due to network latency. The first few chunks succeed, but shortly after, the operation fails with Operation timed out. It appears the VFS kernel watchdog treats these repeated 3-second delays during read() syscalls as a stalled drive and kills the operation. **My Questions: ** Is there a documented timeout limit for fetchPartialContents completion handlers? It seems strictly enforced (similar to a local disk I/O timeout) compared to the lenient timeout for full materialization. Is NSFileProviderPartialContentFetching inherently unsuitable for high-latency backends (e.g., cold storage, slow handshakes), or is there a mechanism to signal "progress" to the kernel to reset the I/O watchdog during a slow partial fetch? Does the system treat partial fetching as "Online/Direct I/O" (blocking the user application) whereas full fetch is treated as "Offline/Syncing" (pausing the application), explaining the difference in tolerance? Any insights into the VFS lifecycle differences between these two modes would be appreciated.

Hi everyone, I’m an iOS developer working on a Mac with limited storage (256 GB). I’ve noticed that the ~/Library/Developer folder is taking up almost 90 GB, mainly due to Xcode-related content. Inside it I see folders like: Xcode/DerivedData DocumentationCache iOS DeviceSupport UserData CoreSimulator/Devices Before deleting anything, I’d like to understand which of these folders are safe to clean up, and what the potential side effects might be (for example, rebuild times, simulator re-downloads, etc.). What is the recommended best practice to manage disk space when using Xcode on a low-storage machine? Thanks in advance for your help.

Happy new year to all! I have created an iOS app that also runs on Apple Vision Pro. On iOS, when you activate the fileImporter modal, you can swipe down the modal in iOS to dismiss. However, in visionOS, this same modal CANNOT be swiped down to cancel/dismiss. If you are drilled deep into a file hierarchy, you have to navigate back to the top level to tap X to dismiss. Is there a way to add swipe down to the visionOS implementation of fileImporter, or any other workaround so the user doesn't have to navigate back to the top to dismiss? Again, this is not a visionOS app but an iOS app compatible for use in Vision Pro. Thanks!

Issue After upgrading to Tahoe 26.2, print queues monitored by PaperCut no longer work. The print queue gets paused, and the jobs fail to print. This issue was discovered during our internal testing prior to the Tahoe 26.2 public release, and a growing number of our mutual customers have also reported it since then. Root cause This appears to be due to changes in the behavior of CUPS Sandbox restrictions, which prevent the backend (and filter) from reading/writing to the PaperCut install folder. Error messages From syslog. 2025-12-22 16:41:59.283761+1100 0x1daf61 Error 0x0 0 0 kernel: (Sandbox) Sandbox: papercut(5783) deny(1) file-write-data /Library/Printers/PaperCut/Print Provider/print-provider.log When trying to create a TCP socket from the PaperCut filter. 2025-12-15 19:50:08,403 ERROR: os_tcp_socket_create: getaddrinfo failed: nodename nor servname provided, or not known Technical details PaperCut implements print queue monitoring using a CUPS backend (and filter). CUPS backends and filters run in a security 'sandbox' which limits what they can do (such as file/folder access, create network sockets, and execute sub-processes, etc.). The PaperCut backend (and filter) relies on some of these operations, so to function correctly, our code updates /etc/cups/cups-files.conf with "Sandboxing relaxed". Until 26.2, this relaxed mode allowed us to read/write to PaperCut folders, create TCP sockets to communicate with the local PaperCut Application Server, and execute/kill sub-processes. As an alternative to the relaxed mode, we also tried "Sandboxing off", but that doesn't help either (from CUPS scheduler/conf.h). typedef enum { CUPSD_SANDBOXING_OFF, /* No sandboxing */ CUPSD_SANDBOXING_RELAXED, /* Relaxed sandboxing */ CUPSD_SANDBOXING_STRICT /* Strict sandboxing */ } cupsd_sandboxing_t; Test code We can provide a simplified version of our backend that demonstrates the issue if required Questions Has the CUPS sandbox relaxing changed? According to the CUPS man pages (cups-files.conf(5)), "Sandboxing relaxed" should still work as before. If this is the new intended behavior, what are the other options/directives we can use to relax the limitations on CUPS backends and filters?

On macOS Tahoe, our application using the Endpoint Security Framework (ESF) observes that during file copies through finder application, DesktopServicesHelper unlinks the source file if the ESF authorization response is delayed for ~5 seconds, even though the authorization event deadline remains 15 seconds, indicating that the process does not wait for the full ESF deadline before deleting the file. Before Tahoe, we didnt see this behaviour.

NSApplicationDelegate.application(_:open:) gets the files it needs to read from the file URLs given. There are similar older functions that use a String to identify the file. What format are those strings expecting? A path name? An URL?

I am currently encountering a problem: during the process of uploading a large file, I have moved the file that was not successfully uploaded to the trash can. These two operations have been tested to be serial (triggering the 'create Item' callback first, followed by the 'modify Item' callback), which means that the file must be uploaded before it can be moved to the recycle bin (which can also result in the file being stored in the cloud recycle bin). I want to implement: directly interrupt this upload process and then do not complete the upload. How can I achieve this? Please help me. Thank you

On macOS 26.1 (25B78) I can't give Full Disk Access to sshd-keygen-wrapper. Now my Jenkins jobs do not work because they do not have the permission to execute the necessary scripts. Until macOS 26.1 everything worked fine. I restarted the machine several times and tried to give access from Settings -> Privacy & Security -> Full Disk Access but it just does not work. I tried logging with ssh on the machine and executing a script but again nothing happened.

I have a SwiftUI-based universal app which creates a file that it stores in documentsDirectory. On iOS/iPadOS, this file is stored in the application's Documents directory and is accessible via the Files app. On MacCatalyst, this operation does the same thing — it creates the file and stores it in ~/Library/Containers/<app directory>/Data/Documents. However what I want is for the document to be stored in ~/Documents, so that it is easily accessible to the user. How can I do that? I'd like it to occur without (for example) having to show a SaveFile panel...

I am trying to port my sandboxed macOS app completely over to iOS using a Catalyst target and SwiftUI. There appears to be an issue when trying to drag to the Finder in Catalyst (and in SwiftUI in General). For some reason, the Finder will not accept multiple file drops, only a single file. On my macOS (non-Catalyst AppKit target), I overcame this by dropping multiple files to a UTType of .folder, and the OS accepted the folder. This workaround is not available for iOS because .folder is a macOS-only option. I have a test app to illustrate the issue. Hopefully someone can help. Download Test App

A user of one of my apps reported that since the update to macOS 26.1 they are no longer able to scan Macintosh HD: the app used to work, but now always reports that Macintosh HD contains a single empty file named .nofollow, or rather the path is resolved to /.nofollow. Initially I thought this could be related to resolving the file from the saved bookmark data, but even restarting the app and selecting Macintosh HD in an open panel (without resolving the bookmark data) produces the same result. The user tried another app of mine with the same issue, but said that they were able to scan Macintosh HD in other App Store apps. I never heard of this issue before and my apps have been on the App Store for many years, but it looks like I might be doing something wrong, or the APIs that I use are somehow broken. In all my apps I currently use getattrlistbulk because I need attributes that are not available as URLResourceKey in all supported operating system versions. What could be the issue? I'm on macOS 26.1 myself and never experienced it.

I try saving the value of NSURLVolumeURLKey when creating a bookmark. When resolving the bookmark later I pass the bookmark data to +resourceValuesForKeys:fromBookmarkData: but always pull out "file:///" which is wrong. In contrast the value for NSURLVolumeURLForRemountingKey is properly saved and restored using the same method.

I'm new to swift and iOS development. I'm trying to create a file provider extension for my app. I have able to use createItem, modifyItem, fetchContents functions. But when I try to add a GarageBand file or a big size mp3 file(18 Mb) I can see multiple upload is happening. I checked the FruitBasket project where they are doing chunked upload when file size is more than 100 Mb. How do I fix this to only one upload? I'm getting suggestions like I have to do debounce upload but that seems not a proper solutions.

I just saw another post regarding bookmarks on iOS where an Apple engineer made the following statement: [quote='855165022, DTS Engineer, /thread/797469?answerId=855165022#855165022'] macOS is better at enforcing the "right" behavior, so code that works there will generally work on iOS. [/quote] So I went back to my macOS code to double-check. Sure enough, the following statement: let bookmark = try url.bookmarkData(options: .withSecurityScope) fails 100% of the time. I had seen earlier statements from other DTS Engineers recommending that any use of a URL be bracketed by start/stopAccessingSecurityScopedResource. And that makes a lot of sense. If "start" returns true, then call stop. But if start returns false, then it isn't needed, so don't call stop. No harm, no foul. But what's confusing is this other, directly-related API where a security-scoped bookmark cannot be created under any circumstances because of the URL itself, some specific way the URL was initially created, and/or manipulated? So, what I'm asking is if someone could elaborate on what would cause a failure to create a security-scoped bookmark? What kinds of URLs are valid for creation of security-scoped bookmarks? Are there operations on a URL that will then cause a failure to create a security-scoped bookmark? Is it allowed to pass the URL and/or bookmark back and forth between Objective-C and Swift? I'm developing a new macOS app for release in the Mac App Store. I'm initially getting my URL from an NSOpenPanel. Then I store it in a SQLite database. I may access the URL again, after a restart, or after a year. I have a login item that also needs to read the database and access the URL. I have additional complications as well, but they don't really matter. Before I get to any of that, I get a whole volume URL from an NSOpen panel in Swift, then, almost immediately, attempt to create a security-scoped bookmark. I cannot. I've tried many different combinations of options and flows of operation, but obviously not all. I think this started happening with macOS 26, but that doesn't really matter. If this is new behaviour in macOS 26, then I must live with it. My particular use requires a URL to a whole volume. Because of this, I don't actually seem to need a security-scoped bookmark at all. So I think I might simply get lucky for now. But this still bothers me. I don't really like being lucky. I'd rather be right. I have other apps in development where this could be a bigger problem. It seems like I will need completely separate URL handling logic based on the type of URL the user selects. And what of document-scoped URLs? This experience seems to strongly indicate that security-scoped URLs should only ever be document-scoped. I think in some of my debugging efforts I tried document-scoped URLs. They didn't fix the problem, but they seemed to make the entire process more straightforward and transparent. Can a single metadata-hosting file host multiple security-scoped bookmarks? Or should I have a separate one for each bookmark? But the essence of my question is that this is supposed to be simple operation that, in certain cases, is a guaranteed failure. There are a mind-bogglingly large number of potential options and logic flows. Does there exist a set of options and logic flows for which the user can select a URL, any URL, with the explicit intent to persist it, and that my app can save, share with helper apps, and have it all work normally after restart?

I'm having a problem on macOS 26 that has not happened on previous macOS versions. When I call guard url.startAccessingSecurityScopedResource() else { return } try url.bookmarkData(options: [.withSecurityScope]) with url being "file:///", I get an error Error Domain=NSCocoaErrorDomain Code=256 "File descriptor doesn't match the real path." Given that Google returns 0 results on this error, I suppose this is a macOS 26 novelty. (The bookmark data created before upgrading to 26 resolve well). Does anyone already met this or have an idea on how to get around it? The app is a file manager, so having bookmarked access to "/" is crucial.

With the RC version of macOS 26, an issue persists when you try to create a bookmark with security scope for the root folder "/". This leads to an error "The file couldn’t be opened.". However, you can create bookmark for /Applications, /System, /Users... This is quite annoying for one of my app because a user can create a cartography of his disk usage, and the access to the root folder "/" is the only way to do so! Is there a workaround? PS: reported the issue with ID FB20186406 let openPanel = NSOpenPanel() openPanel.canChooseDirectories = true openPanel.canChooseFiles = false openPanel.beginSheetModal(for: self.view.window!) { (result) in guard result == .OK, let folderURL = openPanel.url else { return } openPanel.close() do { let data = try folderURL.bookmarkData(options: .withSecurityScope, includingResourceValuesForKeys: nil, relativeTo: nil) print("Bookmark data was created for \(folderURL.path)") } catch (let error) { print("Error creating bookmark for \(folderURL.path), with error: \(error.localizedDescription)") } }

We use File Provider Extension in our main app, and it is working fine. We always call "NSFileProviderManager.add(_:completionHandler:)" function to start the extension, and "NSFileProviderManager.disconnect(reason:options:completionHandler:)" to temporarily quit the extension with the reason which will be shown in the Finder at the top of the FP domain folder. But sometimes, when the main app calls the above functions, the following issue cases occur, and the extension does not start/stop: The completionHandler function doesn't get called (As we noticed, we waited for 2 minutes. Then, we restarted the main app.) One of the following errors returned: i) "The application cannot be used right now", ii) "Couldn't communicate with the helper application", iii) "No valid file provider found with identifier" Here, the important thing is that restarting the main app once or twice clears the issue, and the extension starts. But it is frustrating to restart the app each time we get this issue. We want to know the following things: Why and when do the above issues occur? Why do they occur only sometimes, and how does the app restart clear the issue? How do we resolve them without restarting the main app? This has become a critical issue, so a detailed explanation would be greatly appreciated. TIA.

When running the currently latest version of macOS (26.1) on a machine with ARM CPU (I could not reproduce the issue with Intel-Based machines) Finder Sync extensions do not work any more in general. Steps to reproduce the problem: In Xcode create a new macOS App project with default settings (in my case I chose XIB for the UI and Objective-C as language, and disabled testing, but that should not make any difference) In Xcode add a new target / "Finder Sync Extension" to the project with default settings, this adds a new Finder Sync Extension with example code to the app. Run the application and open Finder and navigate to "/Users/Shared/MySyncExtension Documents" In the system settings ("Login Items & Extensions") enable the extension (Listed as "File Provider"). On systems where it is working, in the context menu of that folder an entry "Example Menu Item" will appear. On systems where it does not work it is missing. Some findings: Adding the *.appex with "pluginkit -a" registers the extension as expected, it is then visible in the system settings, removing it with "pluginkit -r" is also reflected in the system settings. "pluginkit -m -i " returns the extension on systems where it is working (assuming it is registered while this command is executed), on systems wehre it is not working, nothing is returned, regardless of the registration state. When enabling the extension in the system settings nothing more happens, there is no process started for the extension (unlike as on systems where it is working), and thus no context menu entries and no badges are displayed in Finder. Restarting Finder or the system does not help. Any ideas what I could be missing here?

I have an iOS app that allows user to select a folder (from Files). I want to bookmark that folder and later on (perhaps on a different launch of the app) access the contents of it. Is that scenario supported or not? Can't make it work for some reason (e.g. I'm getting no error from the call to create a bookmark, from a call to resolve the bookmark, the folder URL is not stale, but... startAccessingSecurityScopedResource() is returning false.