My app, Cassius, is happily using an external file (i.e not in ~/Library/Application Support/) to store webView data.
The OSX sandbox is obviously not allowing this. I thus used this GitHub project to ask the user the desired location for the file.
I can create a text file on my desktop using this, successfully going out of the sandbox, but giving a file to my WebView local storage [webPrefs _setLocalStorageDatabasePath:myDirectory]; doesn't work.
In both cases the console report an issue sandboxd: deny file-read-data...
Is there a way for a sandbox'd app to use an external file as a WebView local storage?
Thank you !
Related
I am writing an app which uses CoreData using NSPersistentContainer to save data.
While I am developing the app, I would like to:
examine the data directly
back up the data
see what happens when I change the bundle id
I assume the data is physically stored somewhere, but I’m not sure where to look.
By default NSPersistentContainer stores the database inside app container under directory Libray/Application Support
To locate the full path, in simulator, you can print the applicationSupportDirectory using urls(for:in:) function of the default FileManager:
print(FileManager.default.urls(for: .applicationSupportDirectory, in: .userDomainMask).first?.path ?? "nil")
If you are running your app on an actual device you can download the application container following this answer.
For sandboxed apps the location goes like this:
~/Library/Containers/…/Data/Library/Application Support/…
I have an Android app made with Xamarin Forms that uses ExoPlayer to play both streaming and local videos. When .mp4 files are downloaded by the app, they are saved to internal storage (Environment.SpecialFolder.Personal) and never to an external location such as an SD card.
I want to limit the permissions that the app requires and I do not want to add READ_EXTERNAL_STORAGE or WRITE_EXTERNAL_STORAGE. In other parts of the app I have successfully written and read files to internal storage without adding any external storage permissions.
I am unable to load my .mp4 file into ExoPlayer unless I add <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" /> (or the WRITE version) to AndroidManifest.xml. ExoPlayer will show me a "Permission to access storage was denied" toast and refuse to play the video. I believe that ExoPlayer is testing for the existence of the external storage permission even though I don't believe it is needed, and exiting without actually trying to play the video.
How can I coerce ExoPlayer into playing the video without testing for the external storage permissions?
Sounds like you are making a call to the MaybeRequestReadExternalStoragePermission method. The MaybeRequestReadExternalStoragePermission method is responsible for making sure the App has the permissions to access the external storage. The ExoPlayer doesn't handle this internally but assumes the App developer calls this method if the App need to access content from the external storage.
See the implementation: https://github.com/google/ExoPlayer/blob/000f3f23056aae30a98ac74fb30e484844548b3e/library/core/src/main/java/com/google/android/exoplayer2/util/Util.java#L159
Make sure you don't call the MaybeRequestReadExternalStoragePermission method from your source code (usually this is done in the PlayerActivity class, from the InitializePlayer method). Now you can also remove the <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" /> from the AndroidManifest.xml.
Note that if you do try to access the external storage without having the permissions you app will crash.
I'm working on a cordova application in Visual Studio 2017 and I'm trying to access the filesystem using the file plugin. Unfortunately this does not work when debugging the application using 'Simulate in browser' (using cordova-simulate).
A 'SecurityError: It was determined that certain files are unsafe for access within a Web application, or that too many calls are being made on file resources.' error is raised.
I guess if have to pass '--allow-file-access-from-files' option to chrome, but I don't know how to do this, because chrome is launched automatically in a new window and I cannot find any configuration options in Visual Studio.
Some Chrome Quirks are:
Chrome filesystem is not immediately ready after device ready event. As a workaround you can subscribe to filePluginIsReady event.
Example: javascript window.addEventListener('filePluginIsReady', function(){ console.log('File plugin is ready');}, false); You can use window.isFilePluginReadyRaised function to check whether event was already raised.
window.requestFileSystem TEMPORARY and PERSISTENT filesystem quotas are not limited in Chrome.
To increase persistent storage in Chrome you need to call window.initPersistentFileSystem method. Persistent storage quota is 5 MB by default.
Chrome requires --allow-file-access-from-files run argument to support API via file:/// protocol.
File object will be not changed if you use flag {create:true} when getting an existing Entry.
Form above quirks use basic steps here:
At the time of writing this article, Google Chrome has the only working implementation of the FileSystem API. A dedicated browser UI does not yet exist for file/quota management. To store data on the user's system, may require your app to request quota. However, for testing, Chrome can be run with the --unlimited-quota-for-files flag. Furthermore, if you're building an app or extension for the Chrome Web Store, the unlimitedStorage manifest file permission can be used in place of requesting quota. Eventually, users will receive a permission dialog to grant, deny, or increase storage for an app.
You may need the --allow-file-access-from-files flag if you're debugging your app from file://. Not using these flags will result in a SECURITY_ERR or QUOTA_EXCEEDED_ERR FileError.
I'm making a sandboxed Mac app, and I used NSOpenPanel to get a file URL, and saved it to UserDefaults as a security-scoped bookmark. When I quit and restart the app, I can resolve that blob of Data into a URL again.
The documentation says I should call startAccessingSecurityScopedResource(), and check its return value. (That does return true when I call it.) But if I don't call that, I've still got a resolved URL, and I still appear to have permissions to access it.
What does startAccessingSecurityScopedResource() actually do? Is there anything bad that can happen, if I don't call it?
As long as your app only accesses files in standard locations (Downloads, Music
Movies, Pictures) and you included the required entitlements for programmatic file and folder access in your app, you don't need to store security scoped bookmarks for those locations.
But for other locations that should remain accessible after the app has been restarted, you should store security scoped bookmarks and call startAccessingSecurityScopedResource() before access. If you skip that step, you'll get an exception as soon as you try to access that file.
startAccessingSecurityScopedResource() makes the security scoped bookmark's resource available to your app's sandbox thus granting you access to that resource.
I enabled sandbox and I want to create data by bookmarkDataWithOptions.
If the URL is created by NSPanel that work very well. But, If I obtain URL without using NSOpenPanel, the bookmarkDataWithOptions method always return nil. why?
thank about If I want to set a special folder default can read/write without using NSOpenPanel.
How can i do?
Thanks
The main feature of the Sandbox is security. If an application could read/write an arbitrary folder without user permission, the security would be broken.
The App Sandbox Design Guide states clearly:
• Simulation of user input in Open and Save dialogs:
if your app depends on programmatically manipulating Open or Save dialogs to simulate or alter user input, your app is unsuitable for sandboxing.
The only way to achieve something similar, is to add a read/write entitlement to one of the preset directories (Documents, Pictures, Music, etc…). For further documentation, take a look at this guide.