On Jul 23, 2015, at 07:32 , SevenBits <sevenbitst...@gmail.com> wrote: > > What I meant was that apps which are not based on NSDocument do not, > according to Apple, automatically get behavior which is compatible with the > sandbox. Apple says that if we choose to go this route, you have to > co-ordinate access to the file manually using the NSFileCoordinator API and > its friends.
Yes, but it’s nothing to do with sandboxing. NSDocument uses file coordination whether the app is sandboxed or not, and if you’re using files that are shared between applications, you should use file coordination too. > That's a bit counter to my expectations. Nevertheless, I'll try these > suggestions. Mine too. I think I assumed that there were “magic” NSURL objects that contained security permissions, so that you had to use *those* NSURL objects to access files outside your app container. Instead, I’m guessing based on the information in that thread, there are special “umbrella" NSURL objects that throw an access “shadow", as long as they are present in your app’s environment, that allows access to files using *any* path or URL to the file. That includes access from your own XPC processes. That would explain why the NSURL given to an XPC process has to be a plain one. You’re not handing off security control to the XPC process (and in fact you can’t), you’re just letting it access the file under your own security umbrella. I’d assume a consequence of this is that you could pass a path to the XPC process instead of a NSURL, and access would work just as well. > Just to be sure: sandboxed apps still receive full access to files that the > user opens, correct? So if a user drags a file onto my app or opens it from > the Open dialog, my app is able to access it, correct? Yes. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
