macOS sandbox preventing games from creating save files.

[Ozymandias42]

the itch.io sandbox option does what it's supposed to do. It stops applications from accessing the system in ways not wanted by the user. Sadly this also sometimes means, the app cannot access the folders with the save-data or even create save-data.

Another problem arises through denied read permissions, which sometimes makes it impossible to navigate to folders form within the game where saving would be allowed.

[fasterthanlime]

What game in particular are you experiencing this with?

Here's the current policy file for the macOS sandbox: https://github.com/itchio/itch/blob/v23/appsrc/constants/sandbox-policies/macos-template.ts

[Ozymandias42]

Multiple games. I kinda had it with Autonauts a few versions ago and Strive for Power has it too along with a few others. Thx for the profile, I'll take a look at it. Maybe I see where the problem lies. I've written sandbox profiles myself in the past so I should be able to read it^^

[Ozymandias42]

yep. The problem is quite clear. There's no access to $HOME, which is where these apps try to save their files and create their folders to by default. and since they do not always implement a way to change the file-destination your stuck.
Also imho blanko access to /dev is too much. at most you need access to tty, urandom and null in my experience. Maybe also to dtracehelper but that's about it and that's for applications like skype and discord. blanko access to /bin with blanko (allow process-exec) is also dangerous as it'd allow apps to start a shell.

[fasterthanlime]

There's no access to $HOME

That's the annoying bit - the sandbox is supposed to prevent access to $HOME (except the folders the game absolutely needs to function), because we don't want games to steal personal data. (Exceptions for trusted developers is on my roadmap but those wouldn't be subjected to the sandbox at all).

I was hoping all games would save to ~/Library/Application Support subfolders instead of ~ directly, but I guess that's not true for the ones you tried :(

---

As for /dev - I'm not right this moment into a big "sandbox" phase, so it probably won't be fixed for another few weeks (optimistically) in the absence of a pull request,

As for /bin, I'm not overly worried about it since the shells it would start would have the same sandbox constraints, if I'm correct? so it still shouldn't be able to escape - at least that's my understanding of macOS sandboxing, do correct me if I'm wrong.

[Ozymandias42]

well you could use access to sh and /usr/bin to start osascript and use that to gain access to the System Event Interface over applescript (osascript) with which you could start another sh without restrictions. That's actually a known exploit: https://www.coresecurity.com/content/apple-osx-sandbox-bypass
I would think, though that it has been fixed since. Maybe I'll look into it tomorrow.

What would you propose I do about those specific games? Write external sandbox profiles outside of itch? luckily those are free2play titles.

[fasterthanlime]

well you could use access to sh and /usr/bin to start osascript and use that to gain access to the System Event Interface over applescript (osascript) with which you could start another sh without restrictions. That's actually a known exploit: https://www.coresecurity.com/content/apple-osx-sandbox-bypass
I would think, though that it has been fixed since. Maybe I'll look into it tomorrow.

Ah I see, unfortunately that sounds more like a bug on the Apple sandbox side than ours - as in, I'm sure if the osascript binary (if it's a binary) can open some port and send some data, they could do it without access to the osascript binary, so preventing that will not really close the hole.

What would you propose I do about those specific games? Write external sandbox profiles outside of itch? luckily those are free2play titles.

For the end-user, the app should (it doesn't yet) allow disabling the sandbox for specific games, so that would solve your issue

A fix for everyone would be for those games to write to ~/Library/Application Support