Mac OS App: How to resolve alias and read original file within sandbox

Question

My mac os app get a NSURL of alias by user interaction (drag & drop), so the app have the permission to read the alias file, but it doesn't have permission to read the origianl file within app sandbox (Mac OS X 10.7/8).

I resolve the alias by

NSData* bookmark = [NSURL bookmarkDataWithContentsOfURL:aliasURL error:nil];
origURL = [NSURL URLByResolvingBookmarkData:bookmark
                                    options:NSURLBookmarkResolutionWithoutUI
                              relativeToURL:nil
                        bookmarkDataIsStale:nil
                                      error:&error];

When I try to read origURL file, I get the error: The file couldn’t be opened because you don’t have permission to view it.

I aslo tried call the start/stopAccessingSecurityScopedResource on the origURL but no help.

I also tried resolving bookmark data with NSURLBookmarkResolutionWithSecurityScope option, but get "The file couldn’t be opened because it isn’t in the correct format." error from URLByResolvingBookmarkData method.

So, How do it? Thanks.

Answer 1

I haven't tried this, but I think I might have an idea what's happening. The way OS X punches through the sandbox with drag-and-drop is by granting the app the files are dropped onto access to the dropped files until the app quits. This works using the plain NSString file paths on the pasteboard, so it does not rely on the security scoping mechanism.

Your app probably has access to the alias file, but only that file, not the one to which it refers. The sandbox hole-punching mechanism probably doesn't follow the alias and grant access to the underlying file. If you can get the path of the file to which the alias points (and I'm not sure that's possible), you can get around the sandboxing by prompting the user to select that file in an NSOpenPanel. That's another way of punching through the sandbox, using what Apple calls the "Power Box".

For more information on how to do this, check out the answer I wrote here: https://stackoverflow.com/a/11786156/105717. It links to another answer, then adds some helpful niceties to make what's happening clearer to the user.

Answer 2

Maybe, just maybe my similar situation and solution will help:

Have you definitely got the entitlement "com.apple.security.files.bookmarks.app-scope" set to "yes" in your entitlements file?

"The file couldn’t be opened because it isn’t in the correct format." I was getting this same error when trying to resolve the bookmark, that turned out to be the fact that the file was locked in Finder (do a 'get info' on the file and check the 'locked' box is off) so the security data was never generated in the first place.

Hope there's something in there to help!

Todd.