In FileProvider framework based app, is it mandatory to make the host-app sandboxed? I think, no, as Google Drive app is non-sandboxed. But when removing sandboxing from my hostApp, even though mount is visible in Finder but extesnion is not being launched and Finder shows a error message saying "MyApp encountered an error. Items may be out of date." And when I add app-sanboxing, then things work fine.
Can someone please help how can we remove sandboxing of hostApp and still make it work. Is there any specific entitlement we need to add, or any whitelisting needed for our Developer Team Id?
First up, terminology. When talking about app extensions on our platforms:
- The container app is the app in which the extension is embedded.
- The host app is the app using the extension’s services. For some extension types, like a share extension, that’s obvious. For others, we say that the host app is the system itself.
Now, back to sandboxing…
macOS app extensions must have App Sandbox enabled [1]. If you distribute the container app via the Mac App Store then it must be sandboxed, just like any other Mac App Store app. If you distribute the container app directly, you have the option to sandbox it or not.
extesnion is not being launched and Finder shows a error message
I’m not sure what’s going on there, but I recommend that you retest this on a ‘clean’ machine, that is, one that’s never seen your product before. It’s possible that this is being caused by state cached on your development machine.
I usually do this sort of testing in a VM, where I can restore to a clean snapshot between each test.
Finally, you should consider sandboxing your app even if in the direct distribution case. I talk about that more in The Case for Sandboxing a Directly Distributed App.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] On iOS and its child platforms, you don’t have to do anything special because all third-party code is sandboxed on those platforms.