My goal is to create an editor which will be able to run code in many
languages
This isn’t really a feasible goal in a sandboxed app. To explain why I’m going to reference a bunch of terminology from my On File System Permissions post. I recommend that you read this before going on.
Also, the following discussion is about simply executing the tool in question. Whether the tool will work in a sandboxed environment is an entirely different kettle of fish. I can’t speak for non-Apple languages, but I’m certain that the swift
tool was not written with this is mind.
The sticking point here relates to sandbox extensions. Imagine that you want to run Brainf*** code [1]. Needless to say, that’s not installed by default, so the user has installed in themselves in a directory of their choosing. Your sandboxed app cannot access that directory; in order to do anything in that directory the user must first grant you access using, say, the open panel. However, the sandbox extension issued by the open panel is either a read extension (com.apple.security.files.user-selected.read-only
) or a read/write extension (com.apple.security.files.user-selected.read-write
). Neither of these will let you execute code from that directory. For that you’d need an execute extension, and the OS simply has no support for this.
There are two ways around this, but neither is particularly great:
-
The first is to require the user to place the language in a directory that’s on the sandbox’s built-in allowlist. This list isn’t well documented and it’s quite restricted. It does not, for example, include the locations used by the most common package management systems on macOS.
-
The second is to statically extend your sandbox using file access temporary exceptions but those tend to cause App Review entanglements (I don’t work for App Review and thus can’t give you definitive answer about their policies).
You’re not the first developer to hit this problem and we have a bug on file requesting a better solution for yet (r. 77725959), but I can’t promise that it’ll be fixed any time soon )-:
Now, you should be able to get this working for Swift because:
-
The swift
tool typically ships as part of Xcode.
-
Xcode is typically installed within /Applications
.
-
/Applications
is on the App Sandbox allow list.
However, if any of these assumptions fails then you won’t be able to run the swift
tool. For example, I install my (many) copies of Xcode in ~/XcodeZone
, and you can’t get access to those.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] Hey, for once the stars are warranted!