Read and write permission for user selected folder in Mac OS app?

Question

I am developing MAC OS app which have functionality to create file on the behalf of your. First user select folder for storing file (One time at start of app) and then user can select type and name of the file user want to create on selected folder (Folder selected on start of the app) using apple script. I am able to create file when i add below temporary-exception in entitlement file but its not able to app apple review team but works in sandboxing.

Guideline 2.4.5(i) - Performance We've determined that one or more temporary entitlement exceptions requested for this app are not appropriate and will not be granted:

com.apple.security.temporary-exception.files.home-relative-path.read-write
/FolderName/

I found :

Enabling App Sandbox - Allows apps to write executable files.

And

Enabling User-Selected File Access - Xcode provides a pop-up menu, in the Summary tab of the target editor, with choices to enable read-only or read/write access to files and folders that the user explicitly selects. When you enable user-selected file access, you gain programmatic access to files and folders that the user opens using an NSOpenPanel object, and files the user saves using an NSSavePanel object.

Using below code for creating file :

let str = "Super long string here"
let filename = getDocumentsDirectory().appendingPathComponent("/xyz/output.txt")

do {
    try str.write(to: filename, atomically: true, encoding: String.Encoding.utf8)
} catch {
    // failed to write file – bad permissions, bad filename, missing permissions, or more likely it can't be converted to the encoding
}

Also tried adding com.apple.security.files.user-selected.read-write in entitlement file for an NSOpenPanel object :

<key>com.apple.security.files.user-selected.read-write</key>
<true/>

Is there any way to get pass apple review team to approve Mac App with read and write permission to user selected folder ?

Answer 1

Here is my Answer How to do implement and persist Read and write permission of user selected folder in Mac OS app?

GitHub Example Project link

First :

Add user-selected and bookmarks.app permissions in entitlement file :

<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>

Then i created class for all bookmark related function required for storeing, loading ... etc bookmarks app.

import Foundation
import Cocoa

var bookmarks = [URL: Data]()

func openFolderSelection() -> URL?
{
    let openPanel = NSOpenPanel()
    openPanel.allowsMultipleSelection = false
    openPanel.canChooseDirectories = true
    openPanel.canCreateDirectories = true
    openPanel.canChooseFiles = false
    openPanel.begin
        { (result) -> Void in
            if result.rawValue == NSApplication.ModalResponse.OK.rawValue
            {
                let url = openPanel.url
                storeFolderInBookmark(url: url!)
            }
    }
    return openPanel.url
}

func saveBookmarksData()
{
    let path = getBookmarkPath()
    NSKeyedArchiver.archiveRootObject(bookmarks, toFile: path)
}

func storeFolderInBookmark(url: URL)
{
    do
    {
        let data = try url.bookmarkData(options: NSURL.BookmarkCreationOptions.withSecurityScope, includingResourceValuesForKeys: nil, relativeTo: nil)
        bookmarks[url] = data
    }
    catch
    {
        Swift.print ("Error storing bookmarks")
    }

}

func getBookmarkPath() -> String
{
    var url = FileManager.default.urls(for: .documentDirectory, in: .userDomainMask)[0] as URL
    url = url.appendingPathComponent("Bookmarks.dict")
    return url.path
}

func loadBookmarks()
{
    let path = getBookmarkPath()
    bookmarks = NSKeyedUnarchiver.unarchiveObject(withFile: path) as! [URL: Data]
    for bookmark in bookmarks
    {
        restoreBookmark(bookmark)
    }
}



func restoreBookmark(_ bookmark: (key: URL, value: Data))
{
    let restoredUrl: URL?
    var isStale = false

    Swift.print ("Restoring \(bookmark.key)")
    do
    {
        restoredUrl = try URL.init(resolvingBookmarkData: bookmark.value, options: NSURL.BookmarkResolutionOptions.withSecurityScope, relativeTo: nil, bookmarkDataIsStale: &isStale)
    }
    catch
    {
        Swift.print ("Error restoring bookmarks")
        restoredUrl = nil
    }

    if let url = restoredUrl
    {
        if isStale
        {
            Swift.print ("URL is stale")
        }
        else
        {
            if !url.startAccessingSecurityScopedResource()
            {
                Swift.print ("Couldn't access: \(url.path)")
            }
        }
    }

}

Then open folder selection using NSOpenPanel so the user can select which folders to give you access to. The NSOpenPanel must be stored as a bookmark and saved to disk. Then your app will have the same level of access as it did when the user selected the folder.

To open NSOpenPanel :

let selectedURL = openFolderSelection()
saveBookmarksData()

and to load existing bookmark after app close :

loadBookmarks()

Thats it. I Hope it will help someone.

Answer 2

Add user-selected and bookmarks.app permissions in entitlement file :

<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>

Then open folder selection using NSOpenPanel so the user can select which folders to give you access to. The NSOpenPanel must be stored as a bookmark and saved to disk. Then your app will have the same level of access as it did when the user selected the folder.

Answer 3

Since 'unarchiveObject(withFile:)' was deprecated in macOS 10.14, created a new answer in case someone has a similar question.

So after setting this in plist,

<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>

Create a BookMark class like below:

import Foundation

@objcMembers final class BookMarks: NSObject, NSSecureCoding {
    struct Keys {
        static let data = "data"
    }
    
    var data: [URL:Data] = [URL: Data]()
    
    static var supportsSecureCoding: Bool = true
    
    required init?(coder: NSCoder) {
        self.data = coder.decodeObject(of: [NSDictionary.self, NSData.self, NSURL.self], forKey: Keys.data) as? [URL: Data] ?? [:]
    }
    
    required init(data: [URL: Data]) {
        self.data = data
    }
    
    func encode(with coder: NSCoder) {
        coder.encode(data, forKey: Keys.data)
    }
    
    func store(url: URL) {
        do {
            let bookmark = try url.bookmarkData(options: NSURL.BookmarkCreationOptions.withSecurityScope, includingResourceValuesForKeys: nil, relativeTo: nil)
            data[url] = bookmark
        } catch {
            print("Error storing bookmarks")
        }
    }
    
    func dump() {
        let path = Self.path()
        do {
            try NSKeyedArchiver.archivedData(withRootObject: self, requiringSecureCoding: true).write(to: path)
        } catch {
            print("Error dumping bookmarks")
        }
    }
    
    static func path() -> URL {
        var url = FileManager.default.urls(for: .documentDirectory, in: .userDomainMask)[0] as URL
        url = url.appendingPathComponent("Bookmarks.dict")
        return url
    }
    
    static func restore() -> BookMarks? {
        let path = Self.path()
        let nsdata = NSData(contentsOf: path)
        
        guard nsdata != nil else { return nil }
        
        do {
            let bookmarks = try NSKeyedUnarchiver.unarchivedObject(ofClass: Self.self, from: nsdata! as Data)
            for bookmark in bookmarks?.data ?? [:] {
                Self.restore(bookmark)
            }
            return bookmarks
        } catch {
            // print(error.localizedDescription)
            print("Error loading bookmarks")
            return nil
        }
    }
    
    static func restore(_ bookmark: (key: URL, value: Data)) {
        let restoredUrl: URL?
        var isStale = false
        
        print("Restoring \(bookmark.key)")
        do {
            restoredUrl = try URL.init(resolvingBookmarkData: bookmark.value, options: NSURL.BookmarkResolutionOptions.withSecurityScope, relativeTo: nil, bookmarkDataIsStale: &isStale)
        } catch {
            print("Error restoring bookmarks")
            restoredUrl = nil
        }
        
        if let url = restoredUrl {
            if isStale {
                print("URL is stale")
            } else {
                if !url.startAccessingSecurityScopedResource() {
                    print("Couldn't access: \(url.path)")
                }
            }
        }
    }
}

Then using it:

1. loading

let bookmarks = BookMarks.restore() ?? BookMarks(data: [:])

2. adding

bookmarks.store(url: someUrl)

3. saving

bookmarks.dump()

Answer 4

Swift 5 with Xcode 14.2 - Jan-2023 :- below code works fine in my macOS app: Keep below code in a class and follow instructions given after the code:

    private static let BOOKMARK_KEY = "bookmark"

// Check permission is granted or not
public static func isPermissionGranted() -> Bool {
    
    if let data = UserDefaults.standard.data(forKey: BOOKMARK_KEY) {
        var bookmarkDataIsStale: ObjCBool = false

        do {
            let url = try (NSURL(resolvingBookmarkData: data, options: [.withoutUI, .withSecurityScope], relativeTo: nil, bookmarkDataIsStale: &bookmarkDataIsStale) as URL)
            if bookmarkDataIsStale.boolValue {
                NSLog("WARNING stale security bookmark")
                return false
            }
            return url.startAccessingSecurityScopedResource()
        } catch {
            print(error.localizedDescription)
            return false
        }
    }
    
    return false
    
} // isPermissionGranted

static func selectFolder(folderPicked: () -> Void) {
    
    let folderChooserPoint = CGPoint(x: 0, y: 0)
    let folderChooserSize = CGSize(width: 450, height: 400)
    let folderChooserRectangle = CGRect(origin: folderChooserPoint, size: folderChooserSize)
    let folderPicker = NSOpenPanel(contentRect: folderChooserRectangle, styleMask: .utilityWindow, backing: .buffered, defer: true)

    let homePath = "/Users/\(NSUserName())"
    folderPicker.directoryURL = NSURL.fileURL(withPath: homePath, isDirectory: true)
    
    folderPicker.canChooseDirectories = true
    folderPicker.canChooseFiles = false
    folderPicker.allowsMultipleSelection = false
    folderPicker.canDownloadUbiquitousContents = false
    folderPicker.canResolveUbiquitousConflicts = false
    
    folderPicker.begin { response in
        
        if response == .OK {
            let url = folderPicker.urls
            NSLog("\(url)")
            
            // Save Url Bookmark
            if let mUrl = folderPicker.url {
                storeFolderInBookmark(url: mUrl)
            }
            
        }
    }
    
}

private static func storeFolderInBookmark(url: URL) { // mark 1
    do {
        let data = try url.bookmarkData(options: NSURL.BookmarkCreationOptions.withSecurityScope, includingResourceValuesForKeys: nil, relativeTo: nil)
        UserDefaults.standard.set(data, forKey: BOOKMARK_KEY)
    } catch {
        NSLog("Error storing bookmarks")
    }
}

How to Use:

isPermissionGranted() - this function is to check user has granted directory permission or not. If it returns true then use directory/file operation read/write. If it returns false then use call selectFolder() function

selectFolder() - if isPermissionGranted() returns false then call this function to take permission from user. user will just need to click on as home directory will choose automatically.

storeFolderInBookmark() - Just keep it in the code you don't need to modify it, it will save url as bookmark for future use

Hope this will help & save lots of time. Thanks.

Answer 5

I found the best and working answer here - reusing security scoped bookmark

Super simple, easy to understand and does the job pretty well.

The solution was :-

var userDefault = NSUserDefaults.standardUserDefaults()
var folderPath: NSURL? {
    didSet {
        do {
            let bookmark = try folderPath?.bookmarkDataWithOptions(.SecurityScopeAllowOnlyReadAccess, includingResourceValuesForKeys: nil, relativeToURL: nil)
            userDefault.setObject(bookmark, forKey: "bookmark")
        } catch let error as NSError {
            print("Set Bookmark Fails: \(error.description)")
        }
    }
}

func applicationDidFinishLaunching(aNotification: NSNotification) {
    if let bookmarkData = userDefault.objectForKey("bookmark") as? NSData {
        do {
            let url = try NSURL.init(byResolvingBookmarkData: bookmarkData, options: .WithoutUI, relativeToURL: nil, bookmarkDataIsStale: nil)
            url.startAccessingSecurityScopedResource()
        } catch let error as NSError {
            print("Bookmark Access Fails: \(error.description)")
        }
    }
}

Answer 6

Updated to Swift 5 (Thanks Jay!)

var folderPath: URL? {
    didSet {
        do {
            let bookmark = try folderPath?.bookmarkData(options: .securityScopeAllowOnlyReadAccess, includingResourceValuesForKeys: nil, relativeTo: nil)
            UserDefaults.standard.set(bookmark, forKey: "bookmark")
        } catch let error as NSError {
            print("Set Bookmark Fails: \(error.description)")
        }
    }
}

 func applicationDidFinishLaunching(_ aNotification: Notification) {
        if let bookmarkData = UserDefaults.standard.object(forKey: "bookmark") as? Data {
            do {
                var bookmarkIsStale = false
                let url = try URL.init(resolvingBookmarkData: bookmarkData as Data, options: .withSecurityScope, relativeTo: nil, bookmarkDataIsStale: &bookmarkIsStale)
                url.startAccessingSecurityScopedResource()
            } catch let error as NSError {
                print("Bookmark Access Fails: \(error.description)")
            }
        }
    }