Requesting temporary entitlement exceptions

Code Signing Entitlements
andrey_v OP
Created Oct ’20
Replies 5
Boosts 1
Views 1.7k
Participants 3
Hi everyone!

My macOS app was rejected. The reason:

The following temporary entitlement exceptions requested for this app are not appropriate and will not be granted:

com.apple.security.temporary-exception.apple-events com.apple.terminal

com.apple.security.temporary-exception.apple-events com.apple.finder

We understand this may prevent the app from being approved for the Mac App Store. We encourage you to investigate other ways of implementing the desired functionality.

My app should run shell command in the Terminal, reveal a folder in the Finder and open a file in the TextEdit.
I achieved with functionality with executing NSAppleScript.
I have already added

  • App Sandbox entitlements: YES

  • entitlement com.apple.security.files.user-selected.read-only: 1

  • entitlements com.apple.security.temporary-exception.apple-events (mentioned above)

  • NSAppleEventsUsageDescription

But I have no idea how should I request these entitlements.
I searched for any documentation but didn't find anything.

What should I do to pass a review?
Or is there any other way to achieve desired functionality?

Thx
Replies  5
Boosts  1
Views  1.7k
Participants  3
DTS Engineer OP
Apple
Oct ’20
My experience is that App Review takes a very dim view of folks using temporary exception entitlements, especially when they do things, like script the Finder, which can result in a complete sandbox escape.

Let’s look at what you’re trying to do:

My app should run shell command in the Terminal

This won’t be possible in a Mac App Store app. Can you explain more about what shell script you’re trying to run, because there may be an alternative approach that is compatible with the Mac App Store.

reveal a folder in the Finder

You can do that with activateFileViewerSelecting(_:).

open a file in the TextEdit.

You can that with NSWorkspace. Indeed, it offers a lot of different ways to do it, so many that the hardest problem is figuring out the best one to use (-:

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
andrey_v OP
Oct ’20
Thank you for this advice! I've already updated my code.

More about running shell script..
There is a tool for automating beta deployments and releases called fastlane. To run build command you have to open Terminal, change directory to that which contains a config file of current project and run fastlane build command.
It's very slow and routine. If you have several projects and each one contains several configs, you have to remember them all.. ooh!
So my app provides a button for each config file and each build command in it, to help user forget paths and commands and just click a button to run fastlane build command. Thats all..

Can it be approved or I have to find any other way to provide this functionality?
0
DTS Engineer OP
Apple
Oct ’20

Can it be approved or I have to find any other way to provide this
functionality?

This is tricky. I suspect that the fastlane tool won’t work if you run it directly from your app, whereupon in inherits the app’s sandbox. Thus scripting Terminal may be your only option (with the consequent App Review entanglements).

If this feature is critical to your app then your best option would be to distribute it outside of the Mac App Store.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
andrey_v OP
Oct ’20
Thank you for the detailed explanations. They are very helpful!
0
dkalachniuk OP
Mar ’21
hi andrey_v have find a way how to put your app to the appstore? I have absolutely the same problem
0
Requesting temporary entitlement exceptions
First post date Last post date
 
 
Q