On Jun 3, 2013, at 09:58 , "Sean McBride" <s...@rogue-research.com> wrote:
> NSTemporaryDirectory() is an old path-based API. Perhaps the newer URL-based
> APIs (URLForDirectory:inDomain:appropriateForURL:create:error:) might return
> a more appropriate temp directory...
In this document:
https://developer.apple.com/library/mac/#documentation/Security/Conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html
(which was updated this year, so it shouldn't out-of-date, I'd hope), under the
heading "Container Directories and File System Access", there's list of places
a sandboxed app can access:
> When you adopt App Sandbox, your application has access to the following
> locations:
>
> • The app container directory. Upon first launch, the operating system
> creates a special directory for use by your app—and only by your app—called a
> container. Each user on a system gets an individual container for your app,
> within their home directory; your app has unfettered read/write access to the
> container for the user who ran it.
> […]
> • Temporary directories, command-line tool directories, and specific
> world-readable locations. A sandboxed app has varying degrees of access to
> files in certain other well-defined locations.
and then, under the heading "Powerbox and File System Access Outside of Your
Container":
> In addition [to locations made available via Powerbox], the system
> automatically permits a sandboxed app to:
>
> […]
> • Read and write files in directories created by calling NSTemporaryDirectory.
>
> Note: The /tmp directory is not accessible from sandboxed apps. You must use
> the NSTemporaryDirectory function to obtain a temporary location for your
> app’s temporary files.
That seems to answer your comment (NSTemporaryDirectory() does seem to be the
right API) and Kyle's last comment (sandboxing doesn't intrinsically disable
file writing -- it merely restricts places where files can be written without
entitlements to a few known locations).
The deeper question is whether a spotlight worker process is running in an
*app* sandbox at all, or whether it has some other kind of security context.
Under the circumstances, I'd suggest that the OP should use a TSI to find out
why NSTemporaryDirectory() doesn't work.
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
