'xattr' command not working inside sandbox app

核能气质少年 提交于 2019-12-12 20:08:34

问题


We were working on an IDE for a long time and it has com.apple.security.app-sandbox mode. User can download requisite SDK from internet (out of the box) and use in our IDE for development. Prior to use those SDK file we many time noticed files have quarantine attributes (com.apple.quarantine). Such files were forbidden to use inside a sandbox app in El Capitan due to it's tighter restriction policies. To overcome such blocker we decides to run a bash script prior to use those SDK files inside our IDE:

#!/bin/bash
SDKPATH=$1
xattr -d -r com.apple.quarantine "$1"

To run this smoothly we added this following entitlement in our app:

<key>com.apple.security.scripting-targets</key>
<dict>
   <key>com.apple.Terminal</key>
   <array/>
</dict>

From an installed app, this never worked in El Cap. Finally we found this particular entitlement usage can only make the bash script working properly:

<key>com.apple.security.temporary-exception.apple-events</key>
<array>
    <key>com.apple.terminal</key>
</array>

Unfortunately Apple review teams were pretty restrictive to give usage permission to above entitlement.

Is there any other known way or entitlement use that can make us run the 'xattr' command and remove extended attributes from our app?

来源:https://stackoverflow.com/questions/38821844/xattr-command-not-working-inside-sandbox-app

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!