On 3 Oct 2012, at 19:48, Sean McBride <s...@rogue-research.com> wrote:
> On Wed, 3 Oct 2012 11:38:10 -0700, Quincey Morris said: > >> If an item is in your sandbox, you don't need the bookmark at all (for >> security reasons, anyway). If the item is *not* in your sandbox, then >> you're going to have to ask the user for access -- possibly thousands of >> times. > > Which is of course ridiculous. Can you imagine Final Cut Pro or Xcode doing > such a thing when opening their old documents? Notice Apple hasn't sandboxed > those applications? > > My solution for now is: > > <!-- Allows full access to filesystem, due to numerous difficulties with App > Sandbox. <rdar://11616142> --> > <key>com.apple.security.temporary-exception.files.absolute-path.read-write</key> > <array> > <string>/</string> > <string>/Volumes/</string> > </array> > > You still get some benefit from the sandbox (protection against network, USB, > camera being compromised), but have full file system access. > > If you care about App Store (I don't), they may not allow this. They almost certainly won't allow it. A combo of pleading, explaining, and being well-established might help you out though. Ideally your entitlement would be read-only for most apps. Sadly though due to a bug you need write access to a file in order to generate a read-only security-scoped bookmark to it at present. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
