I have an app that is currently available on the Mac App Store that I am
updating to support the new sandboxing requirements.
In order to provide a more convenient and integrated user experience, my app
coordinates the optional installation of export plug-ins for Aperture, iPhoto
and Lightroom, as well as a command-line tool for more advanced users.
Currently, the installation and removal mechanism for these plug-ins
essentially boils down to the use of NSFileManager functions and the invocation
of /bin/cp and /bin/rm via AuthorizationExecuteWithPrivileges(), all from
within the application's process space (i.e., no helper apps).
As for the functionality of these integration plug-ins: when invoked by their
respective parent applications, they use NSWorkspace, NSRunningApplication,
Apple Events and Launch Services to locate, launch and/or send information to
my application.
There are two major issues that arise when enabling the sandbox and assigning
entitlements:
1) Loss of access to specific directories outside of my app's container
hierarchy (e.g., ~/Library/Application Support/Aperture/Plug-Ins/Export/,
/usr/local/bin/). I realize that I can ask for a temporary exception via the
com.apple.security.temporary-exception.files.absolute-path.read-write
entitlement, but this falls short as a proper solution because:
(a) it is only "temporary" and may be revoked in some future release.
(b) the directory list for this entitlement is a fixed, embedded and
code-signed part of my executable. However, my app treats these third-party
integrations themselves as its own kind of plug-in, and technically anybody can
author additional ones and make them available for use by my app. If my app is
sandboxed, then the installation/removal of those integrations will also not
work because their needed directories will not be included in my
com.apple.security.temporary-exception.files.absolute-path.read-write
entitlement.
How do I resolve issues (a) and (b)?
2) Because the third-party integration plug-ins utilize Apple Events for
communicating with my app, I am currently at the mercy of the hosting
application's sandbox entitlements. Currently, none of the applications
involved (Aperture, iPhoto, Lightroom and my own command line tool) are taking
advantage of sandboxing. But when they do, the following issues will arise:
(a) Apple Event use may/may not be allowed. I have to assume that
(eventually) they will not be allowed; therefore, what mechanism for
communicating from the plug-in to my application should be used in place of
Apple Events?
(b) If the host apps become sandboxed themselves, how will my app know
that (for example) the Aperture integration plug-in should now be installed in
~/Library/Containers/com.apple.Aperture/Data/Library/Application
Support/Aperture/Plug-Ins/Export/ instead of ~/Library/Application
Support/Aperture/Plug-Ins/Export/ ?
Are there any suggestions for me to mitigate issue 2?
I also foresee a general problem to any application that supports the
installation and use of plug-ins, where the location of its plug-in directory
changes after it becomes sandboxed because the root location for locating the
plug-ins directory has changed from $HOME (~/) to $CFFIXED_USER_HOME
(~/Library/Containers/<bundle-identifier>/Data/). How is Apple going to solve
this? And will there be a sandbox-sanctioned way of accessing other
application's plug-in directories?
Clarence_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
