Re: Getting the location of the Library
On 23 Jun 2013, at 23:09, Kyle Sluder k...@ksluder.com wrote: On Jun 23, 2013, at 1:49 PM, Pax 45rpmli...@googlemail.com wrote: Just a quickie, I hope! I'm writing a sandboxed application that uses plugins. The plugin directories that I want to load from are '/Library/Application Support/MyApp' and '~/Library/Application Support/MyApp'. You do not have access to these locations from within a sandboxed app. The recommended way forward is to use a container migration manifest to move files in these locations into your container. It is then your app's responsibility for presenting a user interface for managing these files. An alternative is to request a temporary entitlement for the directories you wish to access, and then use getpwuid to find the user's home directory. You cannot consider this a permanent solution, and should consider offering the migration approach as an alternative (perhaps as an in-app process hiding behind a confirmation dialog). Plus if this is for the app store, chances you won't be approved with such a temporary entitlement. Apple's point of view — and one that I agree with here — is that the Library is something your users need not know or care about. Instead provide a means for (un)installing plug-ins from within your app itself, and do so by placing them inside your sandbox. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Getting the location of the Library
Are you sure about this? Because my sandboxed app seems to be able to load plugins from the root library application support folder without difficulty. In addition, I can't see how it breaches the sandbox to load plugins from anywhere - no files are being modified (just code loaded from the plugin), and the plugin is subject to my application's sandbox privileges (and thus unable to do anything bad). Surely, therefore, an application should be able to load a plugin from anywhere? Regards, Pascal On 23 Jun 2013, at 23:09, Kyle Sluder k...@ksluder.com wrote: On Jun 23, 2013, at 1:49 PM, Pax 45rpmli...@googlemail.com wrote: Just a quickie, I hope! I'm writing a sandboxed application that uses plugins. The plugin directories that I want to load from are '/Library/Application Support/MyApp' and '~/Library/Application Support/MyApp'. You do not have access to these locations from within a sandboxed app. The recommended way forward is to use a container migration manifest to move files in these locations into your container. It is then your app's responsibility for presenting a user interface for managing these files. An alternative is to request a temporary entitlement for the directories you wish to access, and then use getpwuid to find the user's home directory. You cannot consider this a permanent solution, and should consider offering the migration approach as an alternative (perhaps as an in-app process hiding behind a confirmation dialog). --Kyle Sluder ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Getting the location of the Library
On Jun 24, 2013, at 2:00 AM, Pax 45rpmli...@googlemail.com wrote: I can't see how it breaches the sandbox to load plugins from anywhere - no files are being modified (just code loaded from the plugin), and the plugin is subject to my application's sandbox privileges (and thus unable to do anything bad). Surely, therefore, an application should be able to load a plugin from anywhere? A sandboxed application isn't allowed to read any user data from outside the sandbox without additional entitlements or user confirmation. It would be hard for the sandbox enforcer to distinguish reading a plugin from ~/Library from reading the user's address book from ~/Library, and the latter is one of the threats that the sandbox is supposed to stop. -- Greg Parker gpar...@apple.com Runtime Wrangler ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Getting the location of the Library
On Mon, Jun 24, 2013, at 02:00 AM, Pax wrote: Are you sure about this? Because my sandboxed app seems to be able to load plugins from the root library application support folder without difficulty. By root library application support folder, are you referring to /Library (as opposed to ~/Library)? If so, that's a less-dangerous operation, because user data isn't supposed to be in /Library. That said, I don't know what Apple's official guidelines are, but I'd still consider migrating your app's stuff inside your container. --Kyle Sluder ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Getting the location of the Library
Just a quickie, I hope! I'm writing a sandboxed application that uses plugins. The plugin directories that I want to load from are '/Library/Application Support/MyApp' and '~/Library/Application Support/MyApp'. I don't really care if '~/Library/Containers/com.myapp/Data/Library/Application Support/MyApp' is included or not - since it's not a location that the users of my app are likely to think of when adding or removing plugins. The code I am using to get the location of the Library is: NSSearchPathForDirectoriesInDomains(NSLibraryDirectory, NSAllDomainsMask - NSSystemDomainMask, YES); This returns '/Library' and '~/Library/Containers/com.myapp/Data/Library' - which is not entirely what I'm after. How can I get '~/Library' as well? Am I just going to have to work this out for myself, or is there a ready made function that I can use to get this for me? Thanks for any help that you can provide. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Getting the location of the Library
On 23 Jun 2013, at 1:49 PM, Pax 45rpmli...@googlemail.com wrote: The code I am using to get the location of the Library is: NSSearchPathForDirectoriesInDomains(NSLibraryDirectory, NSAllDomainsMask - NSSystemDomainMask, YES); I haven't tested anything, but just looking at this line, I am inclined to guess the subtraction is your problem. If your intent is to choose all domains except for the system domain, you'll need to XOR the value, not subtract it, i.e. (NSAllDomainsMask ^ NSSystemDomainMask). b -- Ben Kennedy, chief magician Zygoat Creative Technical Services http://www.zygoat.ca ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Getting the location of the Library
On 23 Jun 2013, at 2:32 PM, Ben Kennedy b...@zygoat.ca wrote: I haven't tested anything, but just looking at this line, I am inclined to guess the subtraction is your problem. If your intent is to choose all domains except for the system domain, you'll need to XOR the value, not subtract it, i.e. (NSAllDomainsMask ^ NSSystemDomainMask). I'm sorry -- this is not helpful advice; given the values in question, both the subtraction and the xor yield the same result. I should have realized this. Instead I'll submit a replacement suggestion: what happens if you ask for NSApplicationSupportDirectory instead of NSLibraryDirectory? From the description of your problem, this sounds like more what you're actually after. b -- Ben Kennedy, chief magician Zygoat Creative Technical Services http://www.zygoat.ca ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Getting the location of the Library
On Jun 23, 2013, at 1:49 PM, Pax 45rpmli...@googlemail.com wrote: Just a quickie, I hope! I'm writing a sandboxed application that uses plugins. The plugin directories that I want to load from are '/Library/Application Support/MyApp' and '~/Library/Application Support/MyApp'. You do not have access to these locations from within a sandboxed app. The recommended way forward is to use a container migration manifest to move files in these locations into your container. It is then your app's responsibility for presenting a user interface for managing these files. An alternative is to request a temporary entitlement for the directories you wish to access, and then use getpwuid to find the user's home directory. You cannot consider this a permanent solution, and should consider offering the migration approach as an alternative (perhaps as an in-app process hiding behind a confirmation dialog). --Kyle Sluder ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
