how to perform xcrun with sandbox

Question

skyfox OP

Created Mar ’17

Replies 5

Boosts 0

Views 6.6k

Participants 3

i have a mac app,like simpholders app,to find and manager simulator's sandbox and go

use NSTask exe command:

/usr/bin/xcrun

will show error

xcrun: error: cannot be used within an App Sandbox.

Boost

Answer 1

DTS Engineer OP

Apple

Mar ’17

There’s two parts to this:

Getting
```
xcrun
```
to work from within the App Sandboxing
Getting useful stuff done with that

For the first point, see my response here.

With regards the second point, the above should be sufficient to run simple Xcode tools within the App Sandbox (something like

GetFileInfo

, say) but I suspect that you’re going to run into problems if you do anything complex. Specifically,

simctl

is just the front end to a significant amount of simulator infrastructure, and I think it’s unlikely that you’ll be able to use that infrastructure inside the App Sandbox.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

skyfox OP

Mar ’17

In fact, i have read https://forums.developer.apple.com/message/89866#89866 before ask question,

but i cant understand

The solution is to ask your user to select their preferred version of Xcode and then run ibtool from within that.  You may run into other problems down the pike, but this will be enough to ibtool actually launching.

can you provice more detail information about it ?

i want to perform

"xcrun simctl list -j devices" get developer device list like simpholders app.

why https://itunes.apple.com/cn/app/sbfolder/id1080942642?mt=12 can do it?

have any other method?

im now using

key: com.apple.security.temporary-exception.files.home-relative-path.read-write

value:/Library/Developer/CoreSimulator/Devices/

in xx.entitlements,but this will be reject by appstore review

0

Answer 3

DTS Engineer OP

Apple

Mar ’17

In fact, i have read … before ask question

Cool.

btw It’s generally worth mentioning that sort of contextual information your your post.

can you provice more detail information about it ?

Sure:

Bring up an open panel asking the user to select their preferred version of Xcode
When it completes, make and save a security scoped bookmark for that URL so that your app can continue to access it after a quit and relaunch
Take the user’s chosen Xcode, append the relative path to
```
simctl
```
, and then launch it directly

why … can do it?

Sorry, but I’m not in a position to reverse engineer other developer’s apps on your behalf.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 4

skyfox OP

Mar ’17

oh,i know the scoped bookmark,

Although I'm not to prepare use this way.

but thanks your reply!

0

Answer 5

DTS Engineer OP

Apple

May ’22

looks like things changed.

Gonna drop a link to my On File System Permissions post here. The App Sandbox section lists three entitlements that gate file system access, and I believe that the first one, the default allowlist, is what enables to you run simctl from that location.

As to the fact that simctl works from within a sandbox, yeah, that surprises me as well. *shrug* I have some theory as to why, but my management gets grumpy when I speculate (-:

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0