I'm experimenting with full-disk access and can't make it working. Here is list of steps I did:
Sandbox is turned ON. In fact the entitlements file looks like:
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
I created archive of the app and tried to distribute it using boths Developer ID or Development methods
I placed the binary of my app to /Applications folder
I went to System Preferences -> Security & Privacy -> Privacy -> Full Disk Access and added access to my app in /Applications folder
Of course I'm NOT attached to the app with Xcode
I'm testing it in Xcode 11 and on Catalina. It's dummy app, opening NSOpenPanel to let user select archives to decompress and tries to decompress it in the same directory.
In fact it's not about NSOpenPanel, the question is:
What is necessary to do to make sandboxed app using full-disk access?
Any hints? Am I doing anything wrong?
Here is solution found for iTerm2 (it is worth read how solution was found). It just adds this to application plist:
<key>NSSystemAdministrationUsageDescription</key>
<string>I want to read all your files</string>
Documentation is a bit fuzzy.
Sadly this solution doesn't work for launchctld daemons (this is what I need). I think daemons are an exception since the do not see UI at all.
But for regular applications it should work like a charm (didn't test it yet).
I have an OS X/iOS App that uses the old style ubiquitous container id TEAMID.com.companyname.product, and is built using NSDocument on OS X and UIDocument on iOS.
File opening has been working fine on OS X 10.8, 10.9 and 10.10 using the built in NSDocumentController openDocument: panel. In 10.10 this panel was extended by Apple to permit iCloud Drive access. At the top of the panel the selector titled “iCloud Library” shows “Appname - iCloud” and “iCloud Drive” as options.
Selecting the former gives access to documents in the App ubiquity container, and the later shows available iCloud Drive folders.
In 10.11 El Capitan, selecting “Appname - iCloud” - the view doesn’t change (you see the top level view of iCloud Drive Folders). There is no warning message. Selecting the Appname under iCloud in the sidebar has the same result.
Given the nature of the application (the data is private and isn’t designed to be read by any other application) it isn’t ideal to make the ubiquity folder public - so I would prefer not to go down that path.
A work around is to search for the appropriate file type (kind) in the request panel and select Search: This Mac - this works fine, as do saved URLs from previous opens. So App sandboxing isn’t causing the problem.
Obviously I would like the 10.10 behaviour to continue - but it isn't obvious how to achieve this or if it is a bug. It may be that Apple assume all apps built using NSDocument would wish to make their App containers public.
It does appear that this issue is a bug in OS X 10.11, and the standard NSDocument file open/save/move panel fails to be coerced into the old behaviour. However a reasonably simple solution is to provide two new application menu items:
Open iCloud listing all available documents in the (private) ubiquity container,
Move to iCloud using [NSDocument moveDocumentToUbiquityContainer:].
You need to make the apps iCloud container Public by adding the following to your info.plist file.
<key>NSUbiquitousContainers</key>
<dict>
<key>HHWT75NS6T.au.com.ossh.appName</key>
<dict>
<key>NSUbiquitousContainerIsDocumentScopePublic</key>
<true/>
<key>NSUbiquitousContainerSupportedFolderLevels</key>
<string>None</string>
</dict>
</dict>
I keep getting this error when I try to submit my app to the store using Xcode:
ERROR ITMS-90475: "Invalid Bundle. iPad Multitasking support requires launch storyboard in bundle 'com.companyname.appname.'"
Anyone know what this error really means?
This is because you need to specify how your app is supposed to handle multitasking on iPad.
If you don't want to handle multitasking right now, you can simply disable it by going to the "General" tab of your target:
I solved the problem in this way, see here:
If you must opt out of Slide Over and Split View, do so explicitly by adding the UIRequiresFullScreen key to your Xcode project’s Info.plist file and apply the Boolean value YES.
You need to add a Launch Screen (Xcode > File > New).
Under iOS > User Interface you select "Launch Screen" to add it to the project.
For the iPad you need to support all 4 orientations.
Select in Xcode your target file, and under the General Tab, go to the "App icons and Launch Images".
Here you select the Launch Screen file you created.
When you launch the app you'll see the launch (bitmap) images are not used, but the Launch Screen Storyboard.
You can either do it as André showed or directly add:
<key>UIRequiresFullScreen</key>
<true/>
On your .plist file.
If you are using Cordova, you might want to use the cordova-ios-requires-fullscreen plugin (see How to disable iOS9 multitasking through Ionic/Cordova?)
Update: you can also use the cordova-plugin-ipad-multitasking, which seems to also prevent another issue (ITMS-90474)
Update: this should now be fixed using Cordova tools 5.4 without the need for these plugins.
In Xcode 14.2, setting the launch storyboard should be as simple as selecting the required storyboard as Launch Screen File in the "General" settings for the target. This not only avoids spelling mistakes, it also ensures that the storyboard is included in the bundle. However, I found that uploading to the App Store failed as per the OP if support for multiple windows is included (that is, if requires full screen is not checked).
If the storyboard has been configured in this way then the problem may be because the name of the storyboard includes a .storyboard extension, which it's not supposed to (see also post by Muhammad Ibrahim). This can be fixed without checking the box for requires full screen:
In Xcode, go to your build target and select the General tab.
In the section "App Icons and Launch Screen", check if a Storyboard file is selected and if it has a .storyboard extension.
If so -> tap the name of the storyboard to edit it, take off the .storyboard extension and press return.
That's it! The name of the storyboard will no longer show, but the problem will be fixed.
IF you ONLY want to set RequiresFullScreen For iPhone, and support iPad Multitasking, try this:
<key>UILaunchStoryboardName~ipad</key>
<string>LaunchScreenIPad.storyboard</string>
<key>UIRequiresFullScreen</key>
<true/>
<key>UIRequiresFullScreen~ipad</key>
<false/>
LaunchScreenIPad.storyboard is the name of LaunchScreen for iPad.
iPhone will still use Launch Images Source pictures.
Apple Document Ref: Creating Platform- and Device-Specific Keys
If you want to support split views in iPad, in your info.plist file, set just "LaunchScreen" as the value for key "UILaunchStoryboardName", instead of "LaunchScreen.Storyboard" and you need to support all 4 orientations for iPad.
I want to miniaturize the Finder in my app, so I use ScriptingBridge to control the Finder.
But, when my app is in the sandbox, it fails to run.
I added com.apple.security.scripting-targets in the sandbox entitlements. Here is the code
<key>com.apple.security.scripting-targets</key>
<key>com.apple.finder</key>
<array>
<string>com.apple.finder.compose</string>
</array>
Finder does not have any scripting access groups. You could add the temporary exception com.apple.security.temporary-exception.apple-events as documented here.
To find scripting targets see here: How can I know the Apple Event Access Groups used by an application?
If you'd like to distribute your app in App Store, however, you're out of luck. By scripting Finder, your app will not pass the review into the App Store.
In my cocoa app I have the entitlement com.apple.security.files.bookmarks.app-scope added to my .entitlement
When I submit this app to the mac app store, I was asked to add entitlement. I click on the "entitlement" drop down, I just couldn't find this entitlement:
am I missing something here? or this entitlement doesn't need to be added when submitting app?
You don't need to declare the use of this entitlement when submitting to the App Store. You may no longer even need to include it in your app at all for bookmarks to work, but I don't know that always works and including it is harmless.