Sandboxing is this restrictive. The developer documents you link to also point out that such entitlements have to be justified, and we cannot justify something that the user can work around with a few lines of script.
Let me try and explain why its important we use sandboxing, as well as why its important we don't request unneeded entitlements. While we won't do anything malicious with your data, we do allow the running of third party plugins, and these plugins run within Growl's namespace. If Growl is nice and tightly sandboxed, those plugins only get access to what apps already send us. If we were to say, request and be granted the ~/ read entitlement as you say we should try, when it wasn't really needed, a malicious plugin could gain access to all your personal data, and send it off someplace (one should still only run plugin's from trusted sources, but we can do our part by keeping the sandbox as tight as can be). As for "This works in cocoa", no, it doesn't. Growl.app cannot read these files regardless of whether we were told to do so by any of our frameworks, a generic GNTP sender using the URL command (we can read remote URL's though), or an applescript. GrowlNotify does allow this, but it reads the data in itself, before sending it off to Growl as a data stream. GrowlNotify, unlike the ApplesScript commands, is executed outside our namespace, and is not sandboxed. On Sep 23, 4:33 am, Red Rock Lobster <[email protected]> wrote: > > "If your app requires access to the user’s home directory in order to > > function, let Apple know about your needs using the Apple bug reporting > > system <https://bugreport.apple.com/>. In addition, be sure to follow the > > guidance regarding entitlements provided on the iTunes > > Connect<https://itunesconnect.apple.com/> > > website." > > http://developer.apple.com/library/mac/#documentation/Security/Concep... -- You received this message because you are subscribed to the Google Groups "Growl Discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/growldiscuss?hl=en.
