I am sandboxing an osx app that uses scripting bridge to access iTunes.
for(iTunesFileTrack* track in fileTracks)
{
//url is nill in sandbox mode but good value in non sandbox mode
NSURL* url = [track location];
NSString* sourceFile = [[track location] path];
if(sourceFile == nil)
{
NSLog(#"Sourcefile for the track %# was nil", track);
continue;
}
}
nil is returned, I am using following entitlements
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.assets.movies.read-write</key>
<true/>
<key>com.apple.security.assets.music.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.scripting-targets</key>
<dict>
<key>com.apple.iTunes</key>
<array>
<string>com.apple.iTunes.device</string>
<string>com.apple.iTunes.library.read</string>
<string>com.apple.iTunes.library.read-write</string>
<string>com.apple.iTunes.playback</string>
<string>com.apple.iTunes.podcast</string>
<string>com.apple.iTunes.user-interface</string>
</array>
</dict>
<key>com.apple.security.temporary-exception.apple-events:before:10.8</key>
<array>
<string>com.apple.itunes</string>
</array>
</dict>
</plist>
The console shows following violation
iTunes[1592]: AppleEvents/sandbox: Returning errAEPrivilegeError/-10004 and denying dispatch of event core/getd from process 'TestiTunesAccess'/0x0-0x4d04d, pid=1789, because it is not entitled to send an AppleEvent to this process.
it works fine in 10.7 and location is returned OK, but in 10.8 and 10.9 because the scripting-target entitlement is active, I can iterate the library but location of track is nil, why is that so ? if I just use temporary exception and remove the part:before10.8 then it works.
But since apple recommends we use scripting target in 10.8+ and not temporary exception entitlements, I am using the recommended ones. any help would be highly appreciated.
I fixed this by adding a temporary exception for iTunes, as shown in this answer.
<key>com.apple.security.temporary-exception.apple-events</key>
<array>
<string>com.apple.iTunes</string>
</array>
Related
I have a shell script which does this:
#!/bin/bash
ls -la "$HOME/Pictures/Photos Library.photoslibrary"
When I run this script in the shell it works fine. If I define a LaunchAgent (under $HOME/Library/LaunchAgents) which executes this script, I get the following error message:
ls: Photos Library.photoslibrary: Operation not permitted
My real script is invoking HashBackup (hb) which results in the same kind of error on all those "protected" folders (pictures, address book, etc...). But I was able to reproduce with a simple ls.
What am I supposed to do to fix this?
This is on macOS 10.14.6.
Thanks
Thanks to Gordon comment, I was able to follow the steps and fix my issue. The steps that actually worked for me are these ones.
For the sake of a more complete solution, here is a small CMake based solution:
main.cpp
#include <iostream>
int main()
{
std::cout << "Wrapper app which is authorized for full disk access so that the shell script can run with the same permission" << std::endl;
return 0;
}
backup_argon.sh
#!/bin/bash
# this is just a test... it should invoke hb instead
ls -la "$HOME/Pictures/Photos Library.photoslibrary"
Info.plist.in
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundleExecutable</key>
<string>${MACOSX_BUNDLE_EXECUTABLE_NAME}</string>
<key>CFBundleIconFile</key>
<string>${MACOSX_BUNDLE_ICON_FILE}</string>
<key>CFBundleIdentifier</key>
<string>${MACOSX_BUNDLE_GUI_IDENTIFIER}</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>${MACOSX_BUNDLE_BUNDLE_NAME}</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>${MACOSX_BUNDLE_SHORT_VERSION_STRING}</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>${MACOSX_BUNDLE_BUNDLE_VERSION}</string>
<key>CSResourcesFileMapped</key>
<true/>
<key>NSHumanReadableCopyright</key>
<string>${MACOSX_BUNDLE_COPYRIGHT}</string>
<key>LSUIElement</key>
<true/>
</dict>
</plist>
CMakeLists.txt
cmake_minimum_required(VERSION 3.19)
set(VERSION 1.0.0)
project(HashBackupLaunchAgent VERSION "${VERSION}")
set(CMAKE_CXX_STANDARD 17)
set(MACOSX_BUNDLE_BUNDLE_NAME "HashBackupLaunchAgent")
set(MACOSX_BUNDLE_GUI_IDENTIFIER "com.pongasoft.HashBackupLaunchAgent")
set(MACOSX_BUNDLE_SHORT_VERSION_STRING "${VERSION}")
set(MACOSX_BUNDLE_BUNDLE_VERSION "${VERSION}")
set(MACOSX_BUNDLE_COPYRIGHT "2021 pongasoft")
add_executable(HashBackupLaunchAgent MACOSX_BUNDLE main.cpp backup_argon.sh)
set_target_properties(HashBackupLaunchAgent PROPERTIES MACOSX_BUNDLE_INFO_PLIST "${CMAKE_CURRENT_LIST_DIR}/Info.plist.in")
set_source_files_properties(backup_argon.sh PROPERTIES MACOSX_PACKAGE_LOCATION MacOS)
Compiling this project will result in an application (HashBackupLaunchAgent.app) which I copied under /Applications.
I then gave Full Disk Access privilege to this app under System Preferences/Security & Privacy/ Privacy
I then have a LaunchAgent with the following definition:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.ypujante.hashbackup.argon.plist</string>
<key>EnvironmentVariables</key>
<dict>
<key>PATH</key>
<string>/bin:/usr/bin:/usr/local/bin</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/Applications/HashBackupLaunchAgent.app/Contents/MacOS/backup_argon.sh</string>
</array>
<key>StandardOutPath</key>
<string>/Users/ypujante/Library/Logs/HashBackup/argon.log</string>
<key>StandardErrorPath</key>
<string>/Users/ypujante/Library/Logs/HashBackup/argon.log</string>
<key>StartCalendarInterval</key>
<array>
<dict>
<key>Hour</key>
<integer>7</integer>
<key>Minute</key>
<integer>30</integer>
</dict>
</array>
</dict>
</plist>
Note how the launch agent definition invokes the script inside the app not the app itself. And it works: the script inherits the full disk access privilege given to the app.
I've used a script in Xcode 8 / iOS 10 to generate an acknowledge section in the settings bundle.
The script producing an Acknowledgements.plist file that gives the error message
The data couldn’t be read because it isn’t in the correct format.
when I try to open it in Xcode. When I open Acknowledgements.plist file with textEdit it looks OK on first sight ...
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PreferenceSpecifiers</key>
<array>
<key>Type</key>
<string>PSGroupSpecifier</string>
<key>FooterText</key>
<string>knobcontrol</string>
<key>Type</key>
<string>PSGroupSpecifier</string>
<key>FooterText</key>
<string>knobcontrol2</string>
</array>
<key>StringsTable</key>
<string>Acknowledgements</string>
</dict>
</plist>
I've tried some of the comments according to the script but could not find what is wrong with the plist - can anybody have a look at the file? I don't have enough reputation to post comments to the script posting.
You are using <key>...</key> value pairs within an <array>.
Make it a <dict> instead:
...
<plist version="1.0">
<dict>
<key>PreferenceSpecifiers</key>
<dict> <- dict, not array
...
</dict> <- dict, not array
<key>StringsTable</key>
<string>Acknowledgements</string>
</dict>
</plist>
This question already has answers here:
How to read plist information (bundle id) from a shell script
(5 answers)
Closed 6 years ago.
I'm trying to find on a Mac computer if the current user has iCloud Documents enabled. I found the plist where this is located (MobileMeAccounts.plist), but I could use some help with creating a script that can identify if it is enabled or not.
I am specifically looking for the following code to be true:
<key>Enabled</key>
<true/>
Here is the plist. If you scroll down you'll see the "MOBILE_DOCUMENTS" with it being enabled:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Accounts</key>
<array>
<dict>
<key>AccountAlternateDSID</key>
<string>99999999</string>
<key>AccountDSID</key>
<string>999999</string>
<key>AccountDescription</key>
<string>iCloud</string>
<key>AccountID</key>
<string>*****#gmail.com</string>
<key>AccountUUID</key>
<string>9999999</string>
<key>DisplayName</key>
<string>User Name</string>
<key>LoggedIn</key>
<true/>
<key>Services</key>
<array>
<dict>
<key>Name</key>
<string>CLOUDDESKTOP</string>
<key>ServiceID</key>
<string>com.apple.Dataclass.CloudDesktop</string>
<key>status</key>
<string>active</string>
</dict>
<dict>
<key>Name</key>
<string>FAMILY</string>
<key>ServiceID</key>
<string>com.apple.Dataclass.Family</string>
<key>showManageFamily</key>
<true/>
</dict>
<dict>
<key>Enabled</key>
<true/>
<key>Name</key>
<string>MOBILE_DOCUMENTS</string>
<key>ServiceID</key>
<string>com.apple.Dataclass.Ubiquity</string>
<key>apsEnv</key>
<string>production</string>
<key>authMechanism</key>
<string>token</string>
<key>url</key>
<string>https://p48-ubiquity.icloud.com:443</string>
<key>wsUrl</key>
<string>https://p48-ubiquityws.icloud.com:443</string>
</dict>
Python includes a module for parsing plists. Probably you'll want some better error checking, but to demonstrate:
$ cat parseplist.py
import plistlib
pl = plistlib.readPlist("the_plist.xml")
print pl['Accounts'][0]['Services'][2]['Enabled']
$ python parseplist.py
True
How to disable NSAppTransportSecurity in my info.plist file?
that is my request
func request(){
let url = NSURL(string: "https://www.widadclub.tk/feed/")
let feedParser = MWFeedParser(feedURL: url)
feedParser.delegate = self
feedParser.parse()
}
To disable totally NSAppTransportSecurity for ALL domains open the plist file with a text editor and add:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<!-- .......................... -->
<!-- Other keys already present -->
<!-- .......................... -->
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
</dict>
</plist>
To add specific exceptions to a list of domains add this instead:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<!-- .......................... -->
<!-- Other keys already present -->
<!-- .......................... -->
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>widadclub.tk</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
</dict>
</plist>
NSIncludesSubdomains is not necessary but permits to access subdomains like wiki.widadclub.tk, blog.widadclub.tk etc.
For a detailed tutorial have a look at this blog post
You can add exceptions to the Info.plist file. Here's what the final dictionary should look like. Note: I added all the exceptions available to you, pick and choose whatever applies to you. For instance, if you don't need a minimum TLS version of 1.1 don't include that key. In the current beta the keys don't have auto completion in the info.plist so I added the strings to the bottom for convenience of copy pasting.
NSAppTransportSecurity
NSExceptionDomains
NSIncludesSubdomains
NSTemporaryExceptionAllowsInsecureHTTPLoads
NSTemporaryExceptionMinimumTLSVersion
NSTemporaryExceptionRequiresForwardSecrecy
I'm working on my first PopClip extension using AppleScript. I'm getting the following error when trying to install the Extension:
**
Cannot Install Extension
The path /Users/myuserdirectoryname/Desktop/ReminderNote.popclipext does no contain a valid PopClip extension.
Reason: No such file: (null)
**
I have narrowed down the problem to my AppleScript info in the Config.plist. Or so I think. When I remove the following from the Config.plist file, the extension loads fine. When I add these two lines, the error returns.
<key>AppleScript File</key>
<string>ReminderNote.applescript</string>
My ReminderNote.popclipext package includes 3 files:
Config.plist,
ReminderNote.applescript,
ReminderNote.png
Here is the full Config.plist, in case that will help.
thanks for any tips or guidance -- jay
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Version</key>
<integer>1</integer>
<key>Extension Name</key>
<string>ReminderNote</string>
<key>Extension Identifier</key>
<string>com.jel.ReminderNote</string>
<key>Extension Description</key>
<string>Create linked Reminder to Evernote using the selected text.</string>
<key>Extension Image File</key>
<string>ReminderNote.png</string>
<key>Actions</key>
<array>
<dict>
<key>Title</key>
<string>Reminder Note</string>
<key>AppleScript File</key>
<string>ReminderNote.applescript</string>
<key>Image File</key>
<string>ReminderNote.png</string>
<key>Long Running</key>
<true/>
</dict>
</array>
</dict>
</plist>
I think this could be some kind of filesystem caching bug within PopClip. Try quitting PopClip and restarting it