On my Mac OS X application released on the App Store, I want to be able to use a Jack OS X audio device as an input but the device does not appear in the list returned by portaudio. When checking the logs in the console I see:
31/01/2014 10:11:35.000 kernel[0]: Sandbox: MyApp(xxx) deny network-outbound /private/tmp/jack_default_501_0
Is there some extra permission I should add to my entitlements file to be able to access this device properly? This device properly appears/works when using testing my app without the sandbox enabled.
Related
When I disabled SIP via recovery mode, the kext could be loaded by kextload, anyway, when system restart, kext will not be loaded by kext manager like it supposed to be in Mojave and lower.
If I enabled SIP and load the kext (the kext is full functional with 10.14 -), it will show following message
Kext rejected due to system policy: <OSKext 0x7ff02df0b450 [0x7fff89d4aba0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/...
BTW, In Catalina, how user to allow a kext ? I know in 10.13, it will show on the General of Security & Privacy, in 10.14, I was using Kextdrop, anyway, kextdrop won't work with Catalina.
Found out I just need sign the kext and notarize the kext in order to get system to load it
I'm using the following App Sandbox Temporary Exception Entitlements in my Mac app.
com.apple.security.temporary-exception.apple-events com.apple.iTunes
com.apple.security.temporary-exception.files.home-relative-path.read-write /Music/iTunes/iTunes Media/
If I build my app in OS X 10.9.4 with enabling App Sandbox, and run it in OS X 10.8.5, my app reports App Sandbox is enabled in activity monitor. But get an error which I coded.
If I build my app in OS X 10.8.5 with enabling App Sandbox, and run it in OS X 10.8.5, my app reports App Sandbox is not enabled in activity monitor. Then my app runs without any error.
I can't understand why this kind of phenomenon occur. I don't touch any code in 10.9.4 and 10.8.5. Please help me!
Do I need provide two version which is App Sandbox enabled one and not enabled App Sandbox for my app?
Also, Apple rejects "temporary-exception" used app. Is that true?
I'm not joind with Apple Developer Program, but if my app have possibility to delivered in Mac App Store, I will join with Apple Developer Program.
I am developing a Mac application that uses an Asus Xtion Pro Live camera. I activate Sandboxing and set the com.apple.security.device.usb entitlement to YES.
After doing so, the app is not able to detect the camera anymore.
Could not open "1d27/0601#253/5": Failed to open the file!
Does anyone know how to set an entitlement to enable detection of the Asus Xtion Pro Live?
Thanks!
The above problem was solved adding an entitlement:
com.apple.security.temporary-exception.files.absolute-path.read-write
for the file (found using the mac console):
/private/tmp/XnCore.Mutex.HostProtocolMutex1d27_0601#250_6.key
The problem now is that Mac Sandboxing does not allow IPC System V Semaphores.
27/06/14 12:17:50,000 kernel[0]: Sandbox: MyApp(69513) deny ipc-sysv-sem
Does anyone know how to use IPC System V Semaphores in Mac Sandboxed apps?
Thanks!
what about com.apple.security.device.camera? All available entitlement in the reference.
I understand that sandbox was introduced in Mac OS X Lion (10.7) but temporary exception entitlements, specifically com.apple.security.temporary-exception.files.home-relative-path.read-write, were introduced in a later 10.7.x update (which one?)
Similarly security scoped bookmarks were introduced in 10.7.3.
My Mac app (not currently sandboxed) is a document based app that creates documents that have references to pictures on users' mac. Once a user uses some pictures in his document we simply save the path (for eg. /Users/myname/Desktop/pic.jpg) of used picture in that document. When a user quits the app and reopens the saved document, our app can simply get access to the picture using the path from the document. Since our app is not sandboxed this works on all versions 10.6.x, 10.7.x, and 10.8.x
We would now like to sandbox our app and ensure that it continues to work on all versions (10.6.x, 10.7.x, and 10.8.x) of Mac OS X. To achieve this, we will
Ask for a temporary exception entitlement, specifically com.apple.security.temporary-exception.files.absolute-path.read-write and this will enable random file access for 10.7.3 onwards. But what do we do for 10.7, 10.7.1, and 10.7.2?
Beyond 10.7.3 we will start using security scoped bookmarks.
We've observed that when attaching a device to Windows, all USB messages come and go as expected. However under Mac OS X, a device returning the same data as the last message will be 'swallowed' and not passed on to the calling App. On our device, we've taken to toggling a bit on every message we send back to ensure that these duplicates are not summarily deleted by the OS. The device is NOT a mouse/keyboard however is using HID.
Have others had similar experiences?
Why does Mac OS X do this?
Is there a way for the Mac OS X app to turn this 'de-duplication feature' off?