OSX Sandboxing: security scoped bookmarks for all filesystem access #7208
Comments
|
Commented by: ywwg that there is a fantastic user experience. We can't even load files read-only outside the sandbox? This stackoverflow thread talks about getting an exception: If we are very specific about which folders we want to access, and only access them read-only, that might be enough for the App Store folks. |
|
Commented by: rryan For reference we already got rejected for asking for com.apple.security.temporary-exception.files.absolute-path.read-write on /. |
|
Commented by: rryan Here's a patch to Qt that automatically grabs a bookmark for all QFile's that are opened. I think they have to have been picked by the user via an open dialog though. https://codereview.qt-project.org/#change,40779 We're going to have to come up with some kind of browse technique that's like:
We may also have to either remove all quick links and have the user add them manually one by one. We're also going to have to ask permission for the user's entire library on first run of the sandboxed version. We already ask for the library directory so that's going to be fine but migrating users over is going to be a PITA. |
|
Commented by: ywwg So how about asking for read-only in Users/ |
|
Commented by: rryan We need read-write for Music (for recording) and that's a specific The user can pick an arbitrary library location so getting the Music folder On Tue, Dec 3, 2013 at 11:32 AM, Owen Williams wrote:
|
|
Commented by: kain88-de When and to what folder do we need write access? If it is just the recording feature then we can just ask about that one folder. Then there is also our config folder. With all the other files I can think of we are just reading. |
|
Commented by: rryan You still have to do this for read access too. To support tag writing we On Tue, Dec 3, 2013 at 2:07 PM, Max Linke wrote:
|
|
Commented by: kain88-de Can't we automatically assume the user wants mixxx to read/write in any On Tue, 2013-12-03 at 19:18 +0000, RJ Ryan wrote:
|
|
Commented by: rryan Yea, for new users the solution to this bug would be to make a security bookmark when the user picks their library folder. For all existing users on the Mac App Store, we need to migrate them by doing some annoying "please select the root folder of your drive and hit OK to grant Mixxx permission to use that folder". And any other time Mixxx wants to read a file (e.g. a file referenced by the iTunes library that isn't in the set of folders we already bookmarked) we have to do this as well. |
|
Commented by: kain88-de It is not an option to check which folder is set in the database and So is the UI required by apple or just that we set these bookmarks? On Tue, 2013-12-03 at 20:23 +0000, RJ Ryan wrote:
|
|
Commented by: rryan Yea, the only way to get a security bookmark is if the user explicitly OKs On Tue, Dec 3, 2013 at 3:38 PM, Max Linke wrote:
|
|
Commented by: ywwg So is permission per-file or per-folder? It sounds like it may be whichever the user explicitly allows. Maybe we can detect that the user is accessing files on a mounted device (/Volumes/*) and if so, ask permission to read/write the whole volume. That way they wouldn't be prompted for every single file on a flash drive. Similarly, you mentioned the quick bookmarks being an issue -- we could just ask permission the first time they click on a bookmark. I would love to find out how Serato deals with this situation! |
|
Commented by: rryan Serato is not on the app store :). VDJ and Cross are though. I'm not sure On Tue, Dec 3, 2013 at 4:00 PM, Owen Williams wrote:
|
|
Issue closed with status Fix Released. |
Reported by: rryan
Date: 2013-12-03T15:36:55Z
Status: Fix Released
Importance: High
Launchpad Issue: lp1257340
Tags: mas, osx, sandbox
Whenever we access files we must have permission from the OSX sandbox. To acquire permission from the user and store it we have to implement Security Scoped Bookmarks.
https://developer.apple.com/library/mac/documentation/security/conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html#//apple_ref/doc/uid/TP40011183-CH3-SW16
We need to keep track of paths that we have access to (maybe in SQlite) and when we try to access a resource we don't have access to yet, we have to ask the user for it.
The text was updated successfully, but these errors were encountered: