11

How to sandbox quick look plugin on mavericks?

Currently obtaining following error message:

2014-04-14 16:26:50.507 qlmanage[5601:303] *** CFMessagePort: bootstrap_register(): failed 1100 (0x44c) 'Permission denied', port = 0x8b13, name = 'com.apple.tsm.portname'
See /usr/include/servers/bootstrap_defs.h for the error codes.

2014-04-14 16:26:50.512 qlmanage[5601:303] *** CFMessagePort: bootstrap_register(): failed 1100 (0x44c) 'Permission denied', port = 0x3f0f, name = 'com.apple.CFPasteboardClient'
See /usr/include/servers/bootstrap_defs.h for the error codes.

2014-04-14 16:26:50.512 qlmanage[5601:303] Failed to allocate communication port for com.apple.CFPasteboardClient; this is likely due to sandbox restrictions

Following entitlement is defined at Xcode's "Code Signing Entitlements" build setting, still observed above error message:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
    <array>
        <string>com.apple.CFPasteboardClient</string>
        <string>com.apple.tsm.portname</string>
    </array>
</dict>
</plist>
nhgrif
  • 61,578
  • 25
  • 134
  • 173
Lakshmi
  • 176
  • 1
  • 10
  • 1
    Are you trying to debug your .qlgenerator plugin by any chance? I'm trying to debug mine and I'm getting this same error (debugger attaches, but it exits with error: `lsboxd: Denied process 4446(UNKNOWN) access to shared list com.apple.QuickLookDaemon.LSSharedFileList`). Note that my app and plugins aren't signed or sandboxed at all, so I think the error is talking about `qlmanage` being sandboxed, not your app or .qlenerator plugin (in other words, I don't think adding exceptions to your entitlements will make any difference). – NSGod Apr 15 '14 at 17:32
  • Yes, I got those errors while debugging qlgenerator. How to resolve those errors, if not by adding into entitlements? I got that entitlements from one of the posts in apple discussion. – Lakshmi Apr 16 '14 at 17:47
  • I'm getting these same errors. I have no entitlements. I'm not Code Signing. I'm on Xcode 6.2 and OS X 10.10.2, and I can not for the life of me figure out how to make a QuickLook plugin work. The existing answer isn't even remotely helpful... – nhgrif Mar 24 '15 at 01:23
  • any updates here? same issue – Daniel Jan 17 '17 at 05:04

2 Answers2

1

While this doesn't solve the original issue let me add some updates on the current status of standalone QuickLook plugins development in 2019 that could have saved me a lot of time when I reached this answer.

  • The com.apple.tsm.portname error is still there but it doesn't seem to cause issues once the plugin is installed in one of the Library/Quicklook locations. The plugin will work anyway.
  • If you are developing a standalone plugin (not inside an app) you wouldn't even have entitlements, so don't try to mess with those to solve this issue.
  • Debugging with qlmanage -p <file> seems to be completely broken at least in Mojave if you use the kUTTypeHTML data representation (kUTTypeRTF works), nothing is displayed but when you copy the plugin under Library it will work normally...
  • Still impossible to use Swift to implement the generators (the last officially provided motivation points to lack of ABI stability (lol))
Saltama
  • 33
  • 5
-1

Quicklook plugins don't support entitlement.

You can try to modify manually the sandbox profile and try to change the rule.

Sandbox profile for quicklook are in /usr/share/sandbox where you can check the quicklook-satellite.sb and quicklookd.sb profile.

I hope this info can help you.

I had some problem on my outlook 2011 quicklook plugins and I resolved modifing the uicklook-satellite.sb

You can help take a look to this document: FGOUTLOOK2011Manual.pdf.

kenorb
  • 155,785
  • 88
  • 678
  • 743
Francesco Germinara
  • 508
  • 5
  • 8
  • 2
    Would this make it nearly impossible to distribute the plugin as you can't really ask people to modify their `/usr/share/sandbox/` files?? – tbc Sep 10 '14 at 16:37