App affected by sandbox

Code Signing General
Maskerize OP
Created Mar ’16
Replies 10
Boosts 0
Views 1k
Participants 2

Maybe it is a rare question but sandboxing is affecting my app functionality. By activating the sandbox and signing the .entitlement, i am able to distribute it in the Mac Store however when i check if the app works correctly (executing), it does not let me (any user) browse inside the computer (from the app) to get, for example, a picture's link which will be later used. The rest of the app works correctly.


I have tried with many of the Entitlement keys that are suggested but nothing changes.

I have to point out that i am using Unity3d engine with Monodevelop.


Does anyone know how to sandbox but without affecting the browsing functionality?


Thanks in advance

Replies  10
Boosts  0
Views  1k
Participants  2
bob133 OP
Mar ’16
Accepted Answer

With App Sandbox, you can't have a custom file browser. Use the NSOpenPanel or NSSavePanel classes instead. For a sandboxed app, they actually run in separate, more priveleged processes that are able to dynamically grant access to the specific URLs the user selects. A more thorough description of how all this works is available here: App Sandbox Design Guide

0
Maskerize OP
Mar ’16

First of all thanks for the answer.


I have read that documentation before but it didn't fully solved my case. The point is that the first version of the app worked and it was released in mid 2014 so i guess that i also used Sandbox and i think it was not until the last part of the year 2015, when i updated the app and it started to go wrong. It may be weird but it is true. That is reason why i am confused.

0
bob133 OP
Mar ’16

So you've had it in the store for a while and it worked until recently? That could happen for a variety of reasons, including changes to OS X, changes to Unity, or even something you might have done. At any rate, stuff like that isn't supposed to happen (unless, of course, you were accidentally taking advantage of some security loophole that has since been closed). You might want to file a bug report, but if your app was able to do some sort of unrestricted file browsing in the past, I highly doubt that they would offer help getting it back.

0
Maskerize OP
Mar ’16

Thanks again.

I will file a bug report hoping that i could get more information. If not, i will use the Developer Technical Support.

If i get some interesting information i will post it here.

0
bob133 OP
Mar ’16

Cool. Sorry I don't have any specific advice to offer. 🙂


So…was it a custom file-browsing system done entirely within the app? Technically, that should have never been possible under App Sandbox…

0
Maskerize OP
Apr ’16

Yes, i used Unity classes, the typical ones such as Directory or Path plus the GUI buttons that are offered. What i am surpised is that Unity, being a really portable engine in terms of app distribution, has this defect when it comes to sandboxing. I thought that when a user chooses Mac OS X as platform in Unity it will automatically translate the required thing so it gets something compatible with NSOpenPanel or NSSavePanel.

0
bob133 OP
Apr ’16

Yes, I agree with you that it's a reasonable assumption. Was the version of Unity you used in the past the same one that you're using now? That would help you figure out if it's a change in Unity that's causing the change. You might also want to pull an older version of your app (the one that used to work) out of your backup or SCM repository and test it on the current OS X—that would help determine if it's a change in OS X.

0
Maskerize OP
Apr ’16

Good point. I am going to download a past version of Unity.

0
Maskerize OP
Apr ’16

None of both approaches worked so i guess that it is the OS X. I will mark the first answer as correct.

Thanks a lot bob133

0
bob133 OP
Apr ’16

Glad to help where I can. Good luck with your continued work! 🙂

0
App affected by sandbox
First post date Last post date
 
 
Q