On 16 Jan 2013, at 03:44, John Nairn <j...@geditcom.com> wrote:
> Thanks. I watched the one on "Seccure Automation Techniques in OS X." Near
> the end it said exactly what I wanted to hear which is that application-run
> scripts that target only themselves have no restrictions. So far it is half
> true in my app. I can run an AppleScript now without troubles. But many of my
> scripts are in python and use ScriptingBridge. I run these python scripts by
> launching an NSTask as follows
>
> 1. set working directory to path for the script (which is in my sandbox)
> 2. set PYTHONPATH to some app-specific folders (all in my sandbox)
> 3. Launch task with command line like
>
> /usr/bin/python (path_to_script)
>
> The task actually starts fine and python launches. The first step in every
> script is to connect to my app using ScriptingBridge with a python line like
>
> _gedit = SBApplication.applicationWithBundleIdentifier_(appID)
>
> but this fails with error message
>
> 2013-01-15 19:26:38.954 Python[44491:1407] warning: failed to get scripting
> definition from
> /Users/nairnj/Library/Developer/Xcode/DerivedData/GEDitCOM_Pro-bimxoxdrzkwdkqgvskiwmvgvydje/Build/Products/Develop/GEDitCOM
> SD.app; it may not be scriptable.
>
> Of course that is not true because the app is scriptable and works fine with
> AppleScript and with python when not sandboxed.
>
> I was thinking my app is just receiving AppleEvents (as generated by python
> and ScriptingBridge), which is supposed to be allowed. But it does not work.
> The video mentions a new 10.8 class called NSUserUnixTask, which sounded
> promising, but its documentation specificlally says "The class is not
> intended to execute scripts built into an application; for that, use one of
> the NSTask... " Well I want to execute built in scripts so I am using NSTask,
> but so far without success.
>
> Has anyone be able to use NSTask to execute a python script to interact only
> with your own sandboxed app using ScriptingBridge?
Trying to script your sandboxed app from an NSTask instance (i.e.: a separate
process) will, I think, be like trying to access it from any other app.
However the NSTask will, IIRC, be launched with the same entitlements as the
host app so there is some logic to thinking that it should be able to access
the app. If this is not the case then it may be necessary to construct a helper
tool to execute your script with an explicit entitlement.
Executing user supplied scripts is troublesome because you don't know in
advance which apps they will target and which entitlements they will require.
In your case you do know what entitlement would be required.
Another approach would be to try and run your scripts within the app rather
than in a separate process (may or may not be possible or advisable depending
on your situation). Link against the Python framework rather than calling the
shell -
/system/library/frameworks/python.framework/versions/2.6/Extras/lib/python/PyObjC
(or similar). This approach may or may not solve the sandbox issue!
You would likely have to run the script in another thread and that might be a
source of problems.
However:
I do something similar with KosmicTask. I load PyObj-C scripts that target the
ScriptingBridge into a small Cocoa task runner. The task runner establishes a
run loop and executes the Python script using PyRun_SimpleFile.
The following gives an idea of how I go about it. In my case I actually load a
py objc helper class that loads the target py script - but that is only because
I need to execute user supplied scripts and so need a very generic solution.
Py_SetProgramName((char *)[[scriptRunner launchPath] UTF8String]);
// set up the basic python environment.
Py_Initialize();
// get path to our python entrypoint
NSString *scriptPath = [[scriptRunner resourcesPath]
stringByAppendingPathComponent:@"MGSPythonScriptExecutor.py"];
// load the main script into the python runtime
FILE *mainFile = fopen([scriptPath UTF8String], "r");
return (PyRun_SimpleFile(mainFile, (char *)[[scriptPath
lastPathComponent] UTF8String]) == 0);
HTH
Jonathan Mitchell
Mugginsoft LLP
================================================
KosmicTask - the Integrated Scripting Environment for OS X.
http://www.mugginsoft.com/KosmicTask
================================================
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
