12

I have a simple Cocoa image preview app. The user selects a file using an NSOpenPanel and the app generates a preview image using the Quick Look API.

I'd like to move the preview generation into a separate XPC service. Without app sandboxing everything works fine, but after enabling app sandboxing for the parent app and the XPC service, the XPC service is denied read access to the user selected file.

The parent app is allowed to read the file (because it was selected through an NSOpenPanel).

How do I transfer the "file read" permissions for the user-selected file from the parent app to the XPC process so that the XPC process can read the file to generate the preview?

My XPC service requests file-read access via its entitlements and I added the following key to the XPC Service Info.plist, but that did not help:

JoinExistingSession = YES
Mark
  • 6,647
  • 1
  • 45
  • 88

1 Answers1

12

I'm not 100% sure but I think Apple recommends passing an NSFileHandle to the XPC process in this case. That way, the XPC process can access the file's contents but does not need to know the file's URL.

Edit: This thread in the Apple Developer Forums is helpful. The recommendation is to create a normal (not security-scoped) bookmark for the URL of the file. This bookmark can then be passed to the XPC process and accessed by it.

Ole Begemann
  • 135,006
  • 31
  • 278
  • 256
  • 3
    Thanks! Solution was to create a security scoped bookmark, create an NSURL out of that, then take the url and create a **normal** bookmark to send to the XPC service. – Mark Jul 06 '12 at 12:37
  • 2
    I can also confirm this worked: request for the file URL in main process, store security scoped bookmark data for it there, then send non-scoped bookmark data to XPC process and create a file URL there. Importantly also directory file URLs worked such that you get access to subdirectories and files under the directory for whom bookmark data was sent. – mz2 Aug 11 '15 at 21:54
  • 1
    This solution that worked up until now seems to have now been broken by OSX 10.11.12, at least for executing programs. – mz2 Dec 14 '15 at 14:28
  • @Ole Begemann, the Apple Dev Forum link is broken now I think :( – Mikeumus Sep 09 '20 at 19:45