I've made my first app and encountered an unexpected (potentially existential) issue.
The Manager app is designed to tag 3rd party "plugins" used by a DAW, storing metadata in a local SQLite database, and move them between Active and Inactive folders. This allows management of the plugin collection - the DAW only uses what's in the Active folder.
Permissions are obtained via security-scoped bookmarks on first launch. The app functions as intended: plugin bundles move correctly and the database tracks everything. No information is written to the plugins themselves. The Problem: When moving plugins using fs.rename() , the MAS sandbox automatically adds the com.apple.quarantine extended attribute to moved files. When the DAW subsequently rebuilds its plugin cache, it interprets quarantined plugins as "corrupt" or potentially malicious and refuses to load them.
Technical Details:
- Moving files with NSFileManager or Node.js fs APIs within sandbox triggers quarantine
- Sandboxed apps cannot call xattr -d com.apple.quarantine or use removexattr()
- The entitlement com.apple.security.files.user-selected.read-write doesn't grant xattr removal rights
- User workaround: run xattr -cr /path/to/plugins in Terminal - not acceptable for professional users
Question: Is there any MAS-compliant way to move files without triggering quarantine, or to remove the quarantine attribute within the sandbox? The hardened-runtime DMG build works perfectly (no sandbox = no quarantine added). Any insight appreciated!
Is there [to] remove the quarantine attribute within the sandbox?
No.
Is there any MAS-compliant way to move files without triggering quarantine … ?
No. Well, no-ish.
The sandbox always quarantines files that you create, and a move is roughly equivalent to ‘create a new name for it here and then remove the old name for it there’.
The only wiggle room I see is com.apple.security.files.user-selected.executable, which allows a sandboxed app to create executables. However:
- I’m not sure whether it’ll actually help you in this case. The behaviour of that entitlement is not well documented, and I’ve never had a need to dig into it in depth. I suspect it’s limited to locations that the user has explicitly selected with the save panel.
- Even if it does, I believe that App Review scrutinises its use very carefully, and it’s not clear whether they’d allow it [1].
IMPORTANT I don’t work for App Review so I can’t make definitive statements about their policies.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"