Remove Sandboxing

Question

I have another question dealing with app sandboxing. So I need access to the users' home directory and at the same time the app should be able to shut down the Mac. This requires to not using sandboxing.

My problem is that I don't know how to remove sandboxing and being able to submit the app to the Mac App Store. I think that the archives are sandboxed because I had turned it on once..

How to remove sandboxing from the archives properly?

Thanks for your help!

Is your question how to remove sandboxing from an app on a user's machine, or how to remove sandboxing via settings in Xcode and build a new app for distribution? — sbooth, Aug 10 '11 at 22:41
@sbooth how to remove sandboxing via settings in Xcode and build a new app for distribution - Yes, exactly :) Hope that now somebody is able to help me. I don't want to hack a machine, I just want to get my app in the app store ;) — user610246, Aug 10 '11 at 22:55
Since this question was asked, Apple have added a rule requiring all apps in their App Stores to be sandboxed. Turning off sandboxing is no longer an option for any app you want to ship in either of Apple's App Stores. — Peter Hosey, Dec 24 '12 at 01:54

score 50 · Answer 1 · answered Jan 15 '20 at 13:37

50

On Xcode 11, you can turn off Sandboxing by removing it from the Signing & Capabilities tab:

answered Jan 15 '20 at 13:37

Eric

16,003
15
87
139

score 10 · Answer 2 · answered Aug 10 '11 at 23:57

10

If I understand what you are asking correctly, you'll need to remove the entitlements.plist from your project and make sure that the Summary view of your target in Xcode has sandboxing turned off:

No sandboxing or entitlements

answered Aug 10 '11 at 23:57

sbooth

16,646
2
55
81

Thanks, but my problem is that I am trying to receive the content of the [USER]/Documents directory: `[[NSFileManager defaultManager] contentsOfDirectoryAtPath:[NSHomeDirectory() stringByAppendingPathComponent:@"/Documents/"] error:NULL];` but this returns nil on the review machine. On mine it works fine. So exactly this line causes problems and I thought that it is not enough to disable sandboxing or you could tell me what I am doing wrong. – user610246 Aug 11 '11 at 08:02
2

@user610246: What you're doing wrong is forging paths. You can't just make up any path you want and have access to it when you're sandboxed; one of the key features of sandboxing is that it limits your access to only your container plus whatever the user has explicitly handed you (via an Open or Save panel or drag-and-drop). You need to ask the file manager for the correct URL to the Documents directory, which, for a sandboxed app, is inside the container directory. – Peter Hosey Dec 24 '12 at 01:53

spud · Answer 3 · 2015-07-02T20:45:30.150

6

As Derek Wade pointed out, you can make an App like GarageBand X (which behaves obnoxiously with third party plugins like Amplitube due to Sandboxing) NOT run in a sandbox by editing the binary itself with a HEX editor like HexFiend. Look for:

<key>com.apple.security.app-sandbox</key>

Immediately following that bit you'll see the true tag, which as suggested I switched to 'fals' (no extra bytes) and now GarageBand will happily interact with third party VST plugins. Huzzah.

edited Jul 02 '15 at 20:45

answered May 26 '15 at 03:56

spud

61
1
6

And then you need to re-sign a hacked executable using an adhoc identity to solve the signature-check on the Application binary (not the bundle) https://apple.stackexchange.com/questions/64408/can-you-disable-a-code-signature-check – BaseZen Feb 19 '18 at 17:40
@BaseZen Easier: Remove the signature from the binary, and then either turn off or allow the app through Gatekeeper. https://github.com/tvi/stripcodesig – Wowfunhappy Apr 30 '20 at 00:22

score 4 · Answer 4 · answered Oct 28 '14 at 03:05

4

I found if you go into the .app package, under Contents/MacOS, there should be a binary file that matches the name of your app. Copy that file to your desktop. Edit the desktop copy of the file with TextEdit. You should find within the file, the text representation (xml) of the Entitlements for the app. Find the Sandbox entitlement flag (usually set to <true/>) and change it to <false/>. You will have to unlock the file when editing. Save the file (located on the desktop). Rename the original file in the .app package (i.e. append .old to the filename). Copy the desktop file back to the .app Package location (you may have to authorize it). This should remove the sandboxing.

answered Oct 28 '14 at 03:05

Derek Wade

697
8
11

2

Do you know what are the consequences of having an application with a modified binary and therefore invalid signature? – Stepan Vavra Jun 06 '15 at 17:38
if necessary, you can resign the app. – Derek Wade Oct 24 '19 at 07:47
i found that this gave me the error message: "You do not have permission to open the application “app name”. – pgee70 Nov 08 '21 at 01:12

score -3 · Answer 5 · answered Aug 10 '11 at 21:59

-3

You cannot remove Sandbox if the user ran you application via Sandbox.
That's the whole point - don't you think ?

answered Aug 10 '11 at 21:59

Mark Segal

5,427
4
31
69

2

I am preparing a new binary and I think there is it possible to remove the sandbox?? Or am I totally wrong? – user610246 Aug 10 '11 at 22:01
But the user (the review team) restores his Mac every time after using it. Is it also not possible then? Or when building it on another machine (which runs Mac OS X Snow Leopard)? – user610246 Aug 10 '11 at 22:16
As I previously said - In no way, unless you find a bug in the sandbox program (which you should instantly report) - you cannot leave it. – Mark Segal Aug 10 '11 at 22:39

Remove Sandboxing

5 Answers5

Linked