Path problems when sandboxing

Hi, I have an App that contains a simple launcher script. It starts an embedded Java Application together with an embedded JRE. Like this:

Contents/PlugIns/jre/Contents/Home/bin/java -jar Contents/Resources/Java/myapp-0.6.4-SNAPSHOT.jar

This works fine, until I codesing the App using an entitlements file that enables sandboxing. Like this:

<key>com.apple.security.app-sandbox</key>
        <true/>

After sandboxing has been enabled like this, I get the following error when I try to start the app:

Contents/MacOS/launcher: /Users/alex/Library/Containers/com.myapp/Data/MyApp.app/Contents/MacOS/launcher: No such file or directory

Apparently, this folder exists /Users/alex/Library/Containers/com.myapp/Data, but does not contain a MyApp.app folder.

How can I configure my launcher properly to work with sandboxing?

Up vote post of kerner1000 Down vote post of kerner1000
792 views
Posted by
kerner1000
Reply
Add a Comment

Replies

I recommend against using a script as the main executable of your app. This causes all sorts of weird problems [1]. Rather, build a tiny native executable that to do this work.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] The one I’m specifically aware of relates to TCC, as described in the TCC and Main Executables section of On File System Permissions.

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

I understand. The script is therefore compiled into a mac binary executable. AFAIK, there is no other way to start a Java App than calling ja JRE and passing the runnable jar as a parameter.

Posted by
kerner1000
Up vote reply of kerner1000 Down vote reply of kerner1000
Add a Comment

I’ve been helping kerner1000 out in a different context. We’re still discussing things but I did want to share one factoid: The current working directory for an app launched from the Finder changes when you enable the App Sandbox:

  • For a non-sandboxed app it’s /.

  • For a sandboxed app it’s the root of the app’s container, so ~/Library/Containers/…something…/Data.

As a general rule you should should not rely on the current working directory at launch. This is not something that’s consider to be API. If you want to get your app’s location on disk, use NSBundle [1].

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] If you can’t use Foundation, or you’re not building an app, use _NSGetExecutablePath.

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment