> On Jan 27, 2016, at 22:08, Graham Cox <graham....@bigpond.com> wrote: > > >> On 28 Jan 2016, at 4:36 PM, Graham Cox <graham....@bigpond.com> wrote: >> >> Why would the OS think an app was sandboxed > > > OK, I think I found the problem. In Build Settings->Code Signing, the “Code > Signing Entitlements” was set to a .entitlements file which is actually > nothing to do with this product. I don’t know where it got that setting from > (I’ve never set it), but it’s wrong. I deleted it and now my app seems to be > happy to write where it wants to and doesn’t create a container. > > I’m supposing that the actual sandboxing entitlements are baked into the code > signature, not just read from a resource file, and that’s where the system > gets its info.
Correct. If you want to see the entitlements a given app was signed with, you can use: codesign -d --entitlements - <yourapp>.app e.g. % codesign -d --entitlements - /Applications/Preview.app Executable=/Applications/Preview.app/Contents/MacOS/Preview ��qq�<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd";> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>com.apple.preview</string> <key>com.apple.developer.maps</key> <true/> <key>com.apple.developer.ubiquity-container-identifiers</key> <array> <string>com.apple.Preview</string> </array> <key>com.apple.private.bookkit</key> <true/> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>com.apple.PreviewLegacySignaturesConversion</string> </array> <key>com.apple.security.device.camera</key> <true/> <key>com.apple.security.files.downloads.read-write</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.print</key> <true/> <key>com.apple.security.temporary-exception.mach-lookup.global-name</key> <array> <string>com.apple.systemuiserver.screencapture</string> </array> <key>keychain-access-groups</key> <array> <string>com.apple.AnnotationKit</string> </array> </dict> </plist> > So Alex, you were right ;) > > —Graham > > > > _______________________________________________ > > Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) > > Please do not post admin requests or moderator comments to the list. > Contact the moderators at cocoa-dev-admins(at)lists.apple.com > > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/cocoa-dev/clarkcox3%40gmail.com > > This email sent to clarkc...@gmail.com _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
