8

I have some problems understanding the new Lion's Sandbox.

I know that Lion includes a trusted daemon process called Powerbox whose job is to present and control open/save dialog boxes on behalf of sandboxed applications.

Like the Code Signing And Application Sandboxing Guide says:

Any time an application running inside a sandbox invokes an NSOpenPanel or NSSavePanel dialog, rather than showing the panels directly, AppKit automatically asks the Powerbox to present the dialog. From a developer perspective, there are no code changes required in terms of how these panels are used; this process is fully transparent.

After the user selects a set of files or directories, the Powerbox uses new functionality in the sandbox kernel module to expand the invoking application's sandbox to allow access to the selected files. By the time the application code queries the panel for the returned URLs or filenames, it already has permission to access those files, and can continue to use the files through almost any API it already uses.

Ok. I did some practical tests using this code:

NSSavePanel *savePanel = [NSSavePanel savePanel];
savePanel.delegate = self;

savePanel.directoryURL = ...;
savePanel.nameFieldStringValue = ...;

[savePanel beginSheetModalForWindow:self.window
                  completionHandler:^(NSInteger returnCode) {
/* the completion handler */
}];

The strange thing is that the NSOpenSavePanelDelegate method's, that are called BEFORE the completion handler, do not have access to files on the filesystem.

Is this correct?

But if so, the delegate's methods like panel:validateURL:error: becomes useless!

Can you help me explaining in more detail the connections between the app and Powerbox?

Community
  • 1
  • 1
Dev
  • 7,027
  • 6
  • 37
  • 65
  • 1
    Why does your `validateURL:` method need access to the file system? The URL of the file in question is passed to the delegate method, what else do you need? – Rob Keniger Jul 27 '11 at 12:55
  • 1
    I would like to analyze, for example, if the specified URL is writable, and, if not, return `NO`. – Dev Jul 27 '11 at 13:05
  • Anyway, you can confirm to me that the `NSOpenSavePanelDelegate`'s methods do not have the access to the filesystem? Only the completion handler can access to the selected file? (The official documentation is lacking, in my opinion.) – Dev Jul 27 '11 at 13:07
  • 2
    I can confirm that you don't have access to the file system in the `panel:validateURL:error:` delegate method. You should log a bug with Apple if you want this changed. – Rob Keniger Jul 27 '11 at 14:21

1 Answers1

9

After contacting Apple, I can confirm what Rob Keniger wrote: NSOpenSavePanelDelegate method's don't have access to the filesystem in sandboxed applications.

Dev
  • 7,027
  • 6
  • 37
  • 65
  • Hello, I've opened a [Technical Support Incident (TSI)](https://developer.apple.com/support/technical/submit/). – Dev Jan 19 '15 at 08:24
  • ah, I see. The last time I used that their response was so useless that I never used that after that. THANKS! By the way, do you know if there is any way to use [NSSavePanel savePanel] on sandboxed apps with storyboard? There is no way to make it work. – Duck Jan 19 '15 at 17:15
  • @Dev Did you get any useful reply to your TSI? We -- and I assume others -- have the same problem. – Sebastian Jan 03 '18 at 13:36
  • @Dev Could you share what the TSI outcome was? That would be awesome! – Tobi Jan 05 '18 at 16:14
  • Oh, it was 7 years ago, unfortunately I have nothing more at my fingertips :) – Dev Jan 07 '18 at 09:55
  • I have filed a Radar, but not very hopeful: https://openradar.appspot.com/radar?id=5004220688236544 – Sindre Sorhus Jan 02 '19 at 10:53