4

My mac os app get a NSURL of alias by user interaction (drag & drop), so the app have the permission to read the alias file, but it doesn't have permission to read the origianl file within app sandbox (Mac OS X 10.7/8).

I resolve the alias by 

NSData* bookmark = [NSURL bookmarkDataWithContentsOfURL:aliasURL error:nil];
origURL = [NSURL URLByResolvingBookmarkData:bookmark
                                    options:NSURLBookmarkResolutionWithoutUI
                              relativeToURL:nil
                        bookmarkDataIsStale:nil
                                      error:&error];

When I try to read origURL file, I get the error: The file couldn’t be opened because you don’t have permission to view it.

I aslo tried call the start/stopAccessingSecurityScopedResource on the origURL but no help.

I also tried resolving bookmark data with NSURLBookmarkResolutionWithSecurityScope option, but get "The file couldn’t be opened because it isn’t in the correct format." error from URLByResolvingBookmarkData method.

So, How do it? Thanks.

kliu
  • 687
  • 1
  • 9
  • 17
  • Was the original `NSURL` created with a security scope in the first place? If you have the code that generates the original alias URL it would be helpful to see it. From what app(s) do the URLs originate? – Dov Oct 16 '12 at 17:46
  • The alias file is created by Finder. I get the URL of alias file from NSPasteboard(NSDraggingInfo), `aliasURL = [NSURL URLFromPasteboard:pb]` – kliu Oct 17 '12 at 07:11
  • 2
    Since OS X 10.10 there is a new `+ URLByResolvingAliasFileAtURL:options:error:`. It states however that the `NSURLBookmarkResolutionWithSecurityScope` option is **not** supported. So, still no access _through_ an alias. – user362515 Oct 23 '15 at 11:43

2 Answers2

3

I haven't tried this, but I think I might have an idea what's happening. The way OS X punches through the sandbox with drag-and-drop is by granting the app the files are dropped onto access to the dropped files until the app quits. This works using the plain NSString file paths on the pasteboard, so it does not rely on the security scoping mechanism.

Your app probably has access to the alias file, but only that file, not the one to which it refers. The sandbox hole-punching mechanism probably doesn't follow the alias and grant access to the underlying file. If you can get the path of the file to which the alias points (and I'm not sure that's possible), you can get around the sandboxing by prompting the user to select that file in an NSOpenPanel. That's another way of punching through the sandbox, using what Apple calls the "Power Box".

For more information on how to do this, check out the answer I wrote here: https://stackoverflow.com/a/11786156/105717. It links to another answer, then adds some helpful niceties to make what's happening clearer to the user.

Community
  • 1
  • 1
Dov
  • 15,530
  • 13
  • 76
  • 177
  • It is worth noting that selecting an alias in a `NSOpenPanel` also works, because the destination path is returned, the one the alias points to. – user362515 Oct 23 '15 at 11:55
0

Maybe, just maybe my similar situation and solution will help:

Have you definitely got the entitlement "com.apple.security.files.bookmarks.app-scope" set to "yes" in your entitlements file?

"The file couldn’t be opened because it isn’t in the correct format." I was getting this same error when trying to resolve the bookmark, that turned out to be the fact that the file was locked in Finder (do a 'get info' on the file and check the 'locked' box is off) so the security data was never generated in the first place.

Hope there's something in there to help!

Todd.

Todd
  • 1,770
  • 1
  • 17
  • 42
  • Thanks, but I have set the "com.apple.security.files.bookmarks.app-scope" to YES, and the locked box of file is always off. – kliu Oct 14 '12 at 23:22