I'm experimenting with full-disk access and can't make it working. Here is list of steps I did:
Sandbox is turned ON. In fact the entitlements file looks like:
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
I created archive of the app and tried to distribute it using boths Developer ID or Development methods
I placed the binary of my app to /Applications folder
I went to System Preferences -> Security & Privacy -> Privacy -> Full Disk Access and added access to my app in /Applications folder
Of course I'm NOT attached to the app with Xcode
I'm testing it in Xcode 11 and on Catalina. It's dummy app, opening NSOpenPanel to let user select archives to decompress and tries to decompress it in the same directory.
In fact it's not about NSOpenPanel, the question is:
What is necessary to do to make sandboxed app using full-disk access?
Any hints? Am I doing anything wrong?
Here is solution found for iTerm2 (it is worth read how solution was found). It just adds this to application plist:
<key>NSSystemAdministrationUsageDescription</key>
<string>I want to read all your files</string>
Documentation is a bit fuzzy.
Sadly this solution doesn't work for launchctld daemons (this is what I need). I think daemons are an exception since the do not see UI at all.
But for regular applications it should work like a charm (didn't test it yet).
Related
I have an app that needs to store video files in it's own container folder in iCloud Drive. I have tried suggestions from most forums and I still couldn't resolve this issue.
These are the things I did to setup a cloud container for my app -
Added iCloud capability. Selected 'iCloud Documents' for Services and selected the appropriate iCloud container that I had created through my developer account.
Added the following entry in Info.plist
<key>NSUbiquitousContainers</key>
<dict>
<key>iCloud.com.TeamName.AppName</key>
<dict>
<key>NSUbiquitousContainerIsDocumentScopePublic</key>
<true/>
<key>NSUbiquitousContainerName</key>
<string>AppName</string>
<key>NSUbiquitousContainerSupportedFolderLevels</key>
<string>Any</string>
</dict>
</dict>
These are the values in the entitlement file
<key>com.apple.developer.icloud-container-identifiers</key>
<array>
<string>iCloud.com.TeamName.AppName</string>
</array>
<key>com.apple.developer.icloud-services</key>
<array>
<string>CloudDocuments</string>
</array>
<key>com.apple.developer.ubiquity-container-identifiers</key>
<array>
<string>iCloud.com.TeamName.AppName</string>
</array>
Have tried with new bundle identifiers and cloud containers.
Have tried updating the Version and the Build value
The app folder is created at '/Users/{user}/Library/Mobile\ Documents/iCloud~com~TeamName~AppName/Documents' and I can see the files I've written to it.
I can find these files at iCloud -> Manage Storage -> AppName on my iPhone too.
Will 'NSUbiquitousContainerIsDocumentScopePublic' be accepted as true only when an app is released on the Appstore? Or it's just that I'm missing something here?
Same here, I followed every tip I could find here and on other websites, but still the folder / files are not showing up visibly.
Problem: ubiquitous container works, files can be read and written, but are not showing up in macOS Finder, nor in the Files app on iOS devices.
macOS 11.5, iOS 14.7, Xcode 12.5.1
I have tried:
everything stated here: https://developer.apple.com/library/archive/documentation/General/Conceptual/ExtensibilityPG/FileProvider.html
everything stated here: https://developer.apple.com/library/archive/qa/qa1893/_index.html
every variation of info.plist values for NSUbiquitousContainers (eg. both the container id and my bundle id)
every variation of info.plist values for NSUbiquitousContainerIsDocumentScopePublic
every variation of info.plist values for NSUbiquitousContainerName
every variation of info.plist values for NSUbiquitousContainerSupportedFolderLevels
creating new containers
changing the apps' version and build numbers, including only increasing CFBundleShortVersionString.
changing the apps' bundle identifier
deleting and reinstalling the app
reboots of used devices
switching off/on iCloud drive for the user on all devices
It is driving me crazy. Who can help?
When I try to upload my iOS + apple watch app to iTunes using Application Loader, I get the error message
ERROR ITMS-90595: "Unsupported Key. The Info.plist of bundle Watchless.app/Watch/WatchlessWatchApp.app/PlugIns/WatchlessWatchApp Extension.appex may not contain the UIRequiredDeviceCapabilities key."
Info.plist contains
<key>UIRequiredDeviceCapabilities</key>
<array>
<string>healthkit</string>
</array>
which I think is absolutely necessary because both, watch app and iOS app depend heavily on HealthKit.
The entry is generated when I turn on the HealthKit capability of the watch extension target.
I am running out of ideas what to change.
Using XCode 7.2, Application Loader 3.4
UIRequiredDeviceCapabilities are just your way of saying "I don't want to be installed on device without this functionality".
Removing this will not affect your Watch extension using HealthKit.
Just remove the UIRequiredDeviceCapabilities from the plist in your extension and it should be fine.
I have an OS X/iOS App that uses the old style ubiquitous container id TEAMID.com.companyname.product, and is built using NSDocument on OS X and UIDocument on iOS.
File opening has been working fine on OS X 10.8, 10.9 and 10.10 using the built in NSDocumentController openDocument: panel. In 10.10 this panel was extended by Apple to permit iCloud Drive access. At the top of the panel the selector titled “iCloud Library” shows “Appname - iCloud” and “iCloud Drive” as options.
Selecting the former gives access to documents in the App ubiquity container, and the later shows available iCloud Drive folders.
In 10.11 El Capitan, selecting “Appname - iCloud” - the view doesn’t change (you see the top level view of iCloud Drive Folders). There is no warning message. Selecting the Appname under iCloud in the sidebar has the same result.
Given the nature of the application (the data is private and isn’t designed to be read by any other application) it isn’t ideal to make the ubiquity folder public - so I would prefer not to go down that path.
A work around is to search for the appropriate file type (kind) in the request panel and select Search: This Mac - this works fine, as do saved URLs from previous opens. So App sandboxing isn’t causing the problem.
Obviously I would like the 10.10 behaviour to continue - but it isn't obvious how to achieve this or if it is a bug. It may be that Apple assume all apps built using NSDocument would wish to make their App containers public.
It does appear that this issue is a bug in OS X 10.11, and the standard NSDocument file open/save/move panel fails to be coerced into the old behaviour. However a reasonably simple solution is to provide two new application menu items:
Open iCloud listing all available documents in the (private) ubiquity container,
Move to iCloud using [NSDocument moveDocumentToUbiquityContainer:].
You need to make the apps iCloud container Public by adding the following to your info.plist file.
<key>NSUbiquitousContainers</key>
<dict>
<key>HHWT75NS6T.au.com.ossh.appName</key>
<dict>
<key>NSUbiquitousContainerIsDocumentScopePublic</key>
<true/>
<key>NSUbiquitousContainerSupportedFolderLevels</key>
<string>None</string>
</dict>
</dict>
I want to miniaturize the Finder in my app, so I use ScriptingBridge to control the Finder.
But, when my app is in the sandbox, it fails to run.
I added com.apple.security.scripting-targets in the sandbox entitlements. Here is the code
<key>com.apple.security.scripting-targets</key>
<key>com.apple.finder</key>
<array>
<string>com.apple.finder.compose</string>
</array>
Finder does not have any scripting access groups. You could add the temporary exception com.apple.security.temporary-exception.apple-events as documented here.
To find scripting targets see here: How can I know the Apple Event Access Groups used by an application?
If you'd like to distribute your app in App Store, however, you're out of luck. By scripting Finder, your app will not pass the review into the App Store.
My application is sandboxed. I added an item to the Services menu and when I try to select that menu item in another application, my application is not loaded and the service doesn't work.
The icon of my application appears in the Dock panel and disappears immediately. When I turn off sandboxing, everything is alright. I think I need to add some rows in Entitlements.plist but I don't know what.
Does anyone have any ideas?
Add the key like this in your entitlement:
<key>com.apple.security.temporary-exception.apple-events</key>
<array>
<string>com.apple.itunes</string>
</array>
NOTE: This one means I want to send Apple events to iTunes, so you can get more information here: App Sandbox Temporary Exception Entitlements