I want to miniaturize the Finder in my app, so I use ScriptingBridge to control the Finder.
But, when my app is in the sandbox, it fails to run.
I added com.apple.security.scripting-targets in the sandbox entitlements. Here is the code
<key>com.apple.security.scripting-targets</key>
<key>com.apple.finder</key>
<array>
<string>com.apple.finder.compose</string>
</array>
Finder does not have any scripting access groups. You could add the temporary exception com.apple.security.temporary-exception.apple-events as documented here.
To find scripting targets see here: How can I know the Apple Event Access Groups used by an application?
If you'd like to distribute your app in App Store, however, you're out of luck. By scripting Finder, your app will not pass the review into the App Store.
Related
I'm experimenting with full-disk access and can't make it working. Here is list of steps I did:
Sandbox is turned ON. In fact the entitlements file looks like:
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
I created archive of the app and tried to distribute it using boths Developer ID or Development methods
I placed the binary of my app to /Applications folder
I went to System Preferences -> Security & Privacy -> Privacy -> Full Disk Access and added access to my app in /Applications folder
Of course I'm NOT attached to the app with Xcode
I'm testing it in Xcode 11 and on Catalina. It's dummy app, opening NSOpenPanel to let user select archives to decompress and tries to decompress it in the same directory.
In fact it's not about NSOpenPanel, the question is:
What is necessary to do to make sandboxed app using full-disk access?
Any hints? Am I doing anything wrong?
Here is solution found for iTerm2 (it is worth read how solution was found). It just adds this to application plist:
<key>NSSystemAdministrationUsageDescription</key>
<string>I want to read all your files</string>
Documentation is a bit fuzzy.
Sadly this solution doesn't work for launchctld daemons (this is what I need). I think daemons are an exception since the do not see UI at all.
But for regular applications it should work like a charm (didn't test it yet).
I'm needing to read from a Numbers spreadsheet in an App Store Sandboxed Mac app.
I have it working fine until I enable the Sandbox.
Apples docs say to use the com.apple.security.scripting-targets entitlement however I cannot find any entitlements for Numbers.
I can get it working using
<key>com.apple.security.temporary-exception.apple-events</key>
<array>
<string>com.apple.iWork.Numberss</string>
</array>
but I was reading that App Review will reject apps using the temporary-exception.
Is this a complete non starter, am I missing a way to get the entitlement to work with Numbers or will App Review allow it through with the temporary-exception?
current I am using some applescripts to the commands in mac machine.is apple allow applescripts in reviewing process or I have to look on alternatives but applescripts is working fine as for my requiremnts
Yes. Apple allows AppleScript in the Mac OS app development. You just need to add sandboxing in side your project and list all the app for you are using in AppleScript inside your apps entitlements file.
If you not added any entitlements then it will not allowed by apple. Try your app in sandboxing mode and you can see AppleScript not working because of no entitlements added for app.
Note : Some of the app not allowed to access using AppleScript. You app will be rejected by apple review team
To use AppleScript:
ON App sandbox in project.
Add all entitlements required for AppleScript access.
(Only If you wish to deploy through Mac App Store)
Few things before starting your work I suggests that you should go through this links in order to be sure that after your hard work you get want to want.
Determine Whether Your App Is Suitable for Sandboxing
Enabling App Sandbox
App Sandbox Temporary Exception Entitlements
Apple script doesn't work in Sandbox (As far as I know)
Your app should have a temporary exception (Doc mentions it)
Determine Whether Your App Is Suitable for Sandboxing
Sending Apple events to arbitrary apps With App Sandbox, you can
receive Apple events and respond to Apple events, but you cannot send
Apple events to arbitrary apps.
However, for applications that specifically provide scripting access
groups, you can send appropriate Apple events to those apps if your
app includes a scripting targets entitlement.
For other applications, by using a temporary exception entitlement,
you can enable the sending of Apple events to a list of specific apps
that you specify, as described in Entitlement Key Reference.
Finally, your app can use the subclasses of NSUserScriptTask class to
run user-provided AppleScript scripts out of a special directory,
NSApplicationScriptsDirectory (~/Library/Application
Scripts/code-signing-identifier/). Although your app can read files
within this directory, it cannot write files into this directory; the
user must manually place scripts here. For details, see the
documentation for NSUserScriptTask and WWDC 2012: Secure Automation
Techniques in OS X.
A complimentary
A Strategy for UI Scripting in AppleScript
Scripting from a Sandbox
When I try to upload my iOS + apple watch app to iTunes using Application Loader, I get the error message
ERROR ITMS-90595: "Unsupported Key. The Info.plist of bundle Watchless.app/Watch/WatchlessWatchApp.app/PlugIns/WatchlessWatchApp Extension.appex may not contain the UIRequiredDeviceCapabilities key."
Info.plist contains
<key>UIRequiredDeviceCapabilities</key>
<array>
<string>healthkit</string>
</array>
which I think is absolutely necessary because both, watch app and iOS app depend heavily on HealthKit.
The entry is generated when I turn on the HealthKit capability of the watch extension target.
I am running out of ideas what to change.
Using XCode 7.2, Application Loader 3.4
UIRequiredDeviceCapabilities are just your way of saying "I don't want to be installed on device without this functionality".
Removing this will not affect your Watch extension using HealthKit.
Just remove the UIRequiredDeviceCapabilities from the plist in your extension and it should be fine.
My application is sandboxed. I added an item to the Services menu and when I try to select that menu item in another application, my application is not loaded and the service doesn't work.
The icon of my application appears in the Dock panel and disappears immediately. When I turn off sandboxing, everything is alright. I think I need to add some rows in Entitlements.plist but I don't know what.
Does anyone have any ideas?
Add the key like this in your entitlement:
<key>com.apple.security.temporary-exception.apple-events</key>
<array>
<string>com.apple.itunes</string>
</array>
NOTE: This one means I want to send Apple events to iTunes, so you can get more information here: App Sandbox Temporary Exception Entitlements