NSFileManager and sandboxing

Question

Created Aug ’15

Replies 4

Boosts 0

Participants 2

In my app which I've almost finished writing, I'm presenting a list of all sub-folders in the user's home folder in an NSOutlineView and I'm loading the selected folder into an NSTableView. From there the user can do things similar to the Finder.

I'm now reading up on sandboxing and I see no mention of the user's Documents folder as an entitlement.

What is the best way to allow the user to see everything in their home folder by default? If they click a button on the toolbar to choose another folder, then I'm sure that will give the app all the permission it needs (based on what I've read), but as for presenting the entire user's home folder by default, I have no idea.

Answered by DTS Engineer in 44599022

What is the best way to allow the user to see everything in their home folder by default?

There is no way to do that (because it would largely undermine the whole point of the app sandbox). You will have to rework your UI to ask the user to choose the root of the directory hierarchy that they want to browse with your app. This represents explicit consent by the user for your app to access items within that hierarchy.

Once the user has done this you can use a security-scope bookmark to retain access to that hierarchy between launches of your app.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Aug ’15

Accepted Answer

What is the best way to allow the user to see everything in their home folder by default?

There is no way to do that (because it would largely undermine the whole point of the app sandbox). You will have to rework your UI to ask the user to choose the root of the directory hierarchy that they want to browse with your app. This represents explicit consent by the user for your app to access items within that hierarchy.

Once the user has done this you can use a security-scope bookmark to retain access to that hierarchy between launches of your app.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

mfearby OP

Aug ’15

I wonder how applications like Forklift do this? It's distributed through the App Store, so presumably it's sandboxed. By default it shows you all your folders in your home folder without forcing you to show a file/open panel.

0

Answer 3

DTS Engineer OP

Apple

Aug ’15

See this post for my thoughts on this.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 4

mfearby OP

Aug ’15

The only entitlements I can see for Forklift are com.apple.application-identifier and com.apple.developer.team-identifier. Most other sandboxed apps on my system have at least a dozen other entries so I guess Forklift have been using a special exemption for some time. I'll do the best I can and submit a support case if I can't get something to work, I suppose.

0