I want to use setxattr/getxattr from a Finder Sync Extension on OSX 10.12.6, but the calls fail with errno==1, which is EPERM. Finder sync extensions run in a sandbox, so I guess I need to request permissions. No amount of googling and documentation browsing uncovered information so far. The files I want to access are owned by myself, and setting attributes with the xattr command line utility succeeds and produces the expected result.
So the question is: Which permissions/entitlements do I need to give the sandbox, or is this possible at all?
I basically want to store the sync status in the extended attributes (clean, modified, syncing) and select the correct badge for requestBadgeIdentifierForURL based on that. A lower priority non-sandboxed process goes over files and updates the attributes.
The alternative would be to use a separate database to store sync status and I'm going to use that if the xattr doesn't work out.
Edit: Added entitlements file
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
<true/>
<key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key>
<true/>
<key>com.apple.security.files.downloads.read-write</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
</dict>
</plist>
The original entitlements file that comes with the sample is just
<key>com.apple.security.files.user-selected.read-only</key>
which didn't work either.
I added a test project to GitHub https://github.com/JensRestemeier/SyncExtensionTest
