问题
so Ive been tearing my hair out with this...
I have a main app, and a helper app. both are sandboxed and are sharing data using App Groups. I talk to the helper app by way of NSXPCConnection. I have the helper app set up as a login item using SMLoginItemSetEnabled. the helper app runs as a daemon when the user has it activated.
this all works well. the problem is with the security scoped bookmarks.
The helper app needs to access system files. when i need to grant access to new locations, this is done by the main app, by way of NSXPCConnection opening the helper and opening an NSOpenPanel using this class: (https://github.com/leighmcculloch/AppSandboxFileAccess) this all seems to work also....
the class tells me that file access has been granted, however I also receive a sandboxd violation in Console.
Sandbox: com.my.app.helper deny file-read-data
i have the correct entitlements in the helper app:
com.apple.security.files.user-selected.read-write
com.apple.security.files.bookmarks.app-scope
I also read someone had issues when accessing the bookmarks on a background thread, so I tried wrapping all calls related to bookmarks in:
dispatch_sync(dispatch_get_main_queue(), ^{ });
still no joy. any help is much appreciated.
**the sandbox is areal nightmare to work with.... all my app does is delete some system files without user intervention. such a simple task before the sandbox.... now i need to deal with loginItems, XPC.... so many headaches. :(
回答1:
I had a similar task in my app, and this answer solved it for me. You essentially have the parent app resolve the bookmark and access its security scope, and then pass a plain NSURL to the XPC service. I have my XPC service call in turn call a completion block that stops accessing the security scope. The Apple Dev Forum link in that answer gives a more detailed explanation.
回答2:
my particular problem was actually much simpler.... I had all my calls to bookmarks wrapped like this:
dispatch_sync(dispatch_get_main_queue(), ^{ });
once i removed the calls from the main dispatch block and moved it to a dispatch queue, everything started working? I don't know why, but nevertheless i am extremely happy its now working.
dispatch_queue_t queue = dispatch_queue_create(WorkerQueue, NULL);
dispatch_sync(queue, ^{ });
来源:https://stackoverflow.com/questions/27288760/helper-app-sandboxing-and-security-scoped-bookmarks