3

I created a simple Finder Sync (FinderSync) extension (appex) and it comes by default with App Sandbox ON (in .entitlements com.apple.security.app-sandbox true).

Everything works fine but I need to access a specific folder on the macOS via this extension and I cannot do that with the Sandbox on.

I disabled the sandbox but the extension is not loaded anymore in Finder. Any thoughts on this? Any workarounds?

StefanS
  • 1,089
  • 1
  • 11
  • 38
  • 1
    Do you see your plugin in System Preferences -> Extensions? If so, any Console messages when you try to enable your plugin? – dejuknow Jul 26 '17 at 19:28
  • @dejuknow https://stackoverflow.com/a/31265260/1889814 used this, it gets installed iff the sandbox option in entitlements is enabled. If it's not enabled, the plugin doesn't _run_ / gets attached to the Finder process. (tried to relaunch Finder multiple times, only works with sandbox on). http://imgur.com/a/ij3ER – StefanS Jul 27 '17 at 06:22
  • And it disappears from System Preferences -> Extensions when I stop it from XCode. – StefanS Jul 27 '17 at 06:29
  • 1
    iirc, Finder Sync extensions must be sandboxed. I believe you'll see an error message in Console if it's not sandboxed. You need to use a temporary entitlement to access files outside the sandbox (which means you can't submit your app to the App Store). See https://stackoverflow.com/questions/30276155/read-and-write-access-for-findersync-extension-in-a-sandboxed-environment/30407454#comment48974331_30407454. – dejuknow Jul 28 '17 at 01:19
  • 1
    @dejuknow is this documented somewhere? i don't want to send it to the app store. You can post this as your answer to my question. – StefanS Jul 28 '17 at 06:18

1 Answers1

4

Finder Sync extensions must be sandboxed. I couldn't find this requirement explicitly documented anywhere, but the following error appears in your system log if it's not sandboxed:

pkd[255]: ignoring mis-configured plug-in at /Applications/Liferay\ Sync.app/Contents/PlugIns/LiferayFinderSync.appex: plug-ins must be sandboxed

If you need to access a folder outside your application's container, you can use temporary exception entitlements like "com.apple.security.temporary-exception.files.home-relative-path.read-only". Note that apps submitted to the Mac App Store using these entitlements will likely be rejected.

dejuknow
  • 1,541
  • 2
  • 14
  • 30
  • important note, if you find yourself killing Finder too often to get the plugin loaded, don't. fix the permissions. – StefanS Sep 15 '17 at 12:12