On Jun 3, 2013, at 09:58 , "Sean McBride" <s...@rogue-research.com> wrote:
> NSTemporaryDirectory() is an old path-based API. Perhaps the newer URL-based > APIs (URLForDirectory:inDomain:appropriateForURL:create:error:) might return > a more appropriate temp directory... In this document: https://developer.apple.com/library/mac/#documentation/Security/Conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html (which was updated this year, so it shouldn't out-of-date, I'd hope), under the heading "Container Directories and File System Access", there's list of places a sandboxed app can access: > When you adopt App Sandbox, your application has access to the following > locations: > > • The app container directory. Upon first launch, the operating system > creates a special directory for use by your app—and only by your app—called a > container. Each user on a system gets an individual container for your app, > within their home directory; your app has unfettered read/write access to the > container for the user who ran it. > […] > • Temporary directories, command-line tool directories, and specific > world-readable locations. A sandboxed app has varying degrees of access to > files in certain other well-defined locations. and then, under the heading "Powerbox and File System Access Outside of Your Container": > In addition [to locations made available via Powerbox], the system > automatically permits a sandboxed app to: > > […] > • Read and write files in directories created by calling NSTemporaryDirectory. > > Note: The /tmp directory is not accessible from sandboxed apps. You must use > the NSTemporaryDirectory function to obtain a temporary location for your > app’s temporary files. That seems to answer your comment (NSTemporaryDirectory() does seem to be the right API) and Kyle's last comment (sandboxing doesn't intrinsically disable file writing -- it merely restricts places where files can be written without entitlements to a few known locations). The deeper question is whether a spotlight worker process is running in an *app* sandbox at all, or whether it has some other kind of security context. Under the circumstances, I'd suggest that the OP should use a TSI to find out why NSTemporaryDirectory() doesn't work. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com