How do I let my Mac app access the Terminal through App Sandboxing?

I found it unclear as to what you're asking for here. Does your app currently work un-sandboxed? If so, what is it doing that hits a sandbox violation?

OTOH, if you're just getting started with a new app, can you walk us through a concrete example of how you expect your app and Terminal to work together.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

The app is meant to connect your mac to Cisco network devices, as such, it uses the terminal to access Cisco IOS (not to be confused with iOS). The app does work un-sandboxed, however, after I turn sandboxing on, I get a network error on :

0x7fff89358179 <+1533>: ud2 <Thread 1: EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0

From my understanding, App Sandboxing is designed to prevent access to files that an app doesn't need, such as OneNote accessing your system files. That just doesn't happen. My problem lies in the fact that my app accesses terminal itself, which has access to my whole machine. However, my app is designed so it can't access system files with the terminal.

Edit: I got it to at least run using Sandboxing. now it can't save a connection. How would I give Sandboxing access to the Documents folder?

I'm still kinda confused by the big picture here but, hey, I can at least answer this:

now it can't save a connection. How would I give Sandboxing access to the Documents folder?

There's no way to do this directly. Your sandbox setup can request access to some special folders (like Music) but the Documents directory is not one one of them. The only way to get access to directories like this is to prompt the user for it. You can then use a security-scoped bookmark to remember that access.

So, for example, the first time the user tries to save a connection you might put up the save panel asking them to choose a save location and, from then on, you can continue to save in that location.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Ok, the folder problem is solved, thank you!

Now to help your confusion... What we're trying to do is create something similar to PuTTY for Mac. PuTTY is an open source windows application that people use to access their network devices. The problem with PuTTY isn't functionality, it works just fine. It's not buggy, it doesn't crash, etc. The real problem with PuTTY is that the interface isnt pretty, and we're trying to fix that. Existing mac apps that do the same thing are at this link: http://formac.informer.com/putty

In order to save time and resources, we've opted to using the natve OSX terminal as a platform to access the command line instead of creating our own terminal. The main issue here is that turning on app sandboxing prevents us from accessing the native terminal, whereas if it's off, it works just as intended.

Basically, our app opens terminal and runs a script that automatically types in the credentials of whatever network device you want to configure. Then, you're left at the ">" prompt so you can immediately configure the device.

I hope this helps your confusion so we can get this worked out.

How are you trying to access the terminal exactly? Is it just that you are trying to pop a Terminal window open with an SSH/Telnet connection to a router?

I'm using this to tell terminal to run a spawn script that connects to a device with SSH/Telnet/Screen.

var script: NSTask = NSTask();

script.launchPath = "/usr/bin/osascript";

script.arguments = ["-e", "tell application \"Terminal\"", "-e", " do script \""+NSTemporaryDirectory()+"Script2.sh\"","-e", "end tell"];

script.launch();

Basically, our app opens terminal and runs a script that automatically types in the credentials of whatever network device you want to configure.

This is not compatible with sandboxing. Consider the script your posted later on; if you can tell Terminal to SSH to a particular server, you could tell Terminal to "rm -rf ~", and that's obviously nonsensical for a sandboxed app.

There's no clear way forward here. AFAICT your options are:

• distribute outside of the Mac App Store

• put the terminal emulation code within your app — That's a lot of work.

• file a bug requesting that Terminal support a scripting access group for setting up Telnet and SSH connections — If you do this, please post your bug number, just for the record.

• implement your scripting with NSUserScriptTask — Be aware that App Review has strict rules on how folks can use NSUserScriptTask and a single-purpose app that uses NSUserScriptTask simply to bypass a sandbox restriction is unlikely to be well received.

These options aren't mutually exclusive, so you could explore more than one avenue simultaneously.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Ok I posted a "bug report" requesting access, the bug number is 21876609. Thank you for all your help so far, Eskimo and POM. I really hope we can get this worked out because the Mac App Store is our biggest market to sell the app.