Accessing data in Library folder for Sandbox

Beatrix_Willius · May 8, 2019, 6:29am

I need to access for the MAS version of my app some folders in the user’s Library folder. One of those is the Thunderbird folder /Users/beatrixwillius\ 1/Library/Thunderbird. But how do I do this? SpecialFolder.Library points to

and not

Do I just parent up?

Michel_Bujardet · May 8, 2019, 6:44am

A sandboxed app is severely limited in terms of accessing system folders. You may indeed try to go down the tree, but don’t be surprised if the sandbox prevents you from accessing the user’s library.

The simplest way to authorize the app to access such folders would be to use an open file dialog and instruct the user to select his library.

Otherwise, you need to get authorization to do so. Sam Rowlands who is most knowledgeable about that will probably chime in with more details.

Beatrix_Willius · May 8, 2019, 7:04am

I have requested access to the folders I need. You just can’t talk to them directly because the path is different. As long as we don’t have true ACL based access to the folders my approach should work. I just did a test with the sandboxed app and everything worked fine.

Sam_Rowlands · May 8, 2019, 12:52pm

Youll need the entitlement to access a relative path. Which you may not be granted approval for when you try to distribute on the App Store.

A fall back is to show a select folder dialog; and set its default path to be that of what you want; just make sure that you tell the user why using the dialogs prompt.

You may wnna try going down from specialfolder.usershome (or something of that nature).

In my experience; the App Sandbox doesnt limit you from exploring the drive; but getting the contents of files it does. However I havent done extensive testing with an APFS filing system.

Beatrix_Willius · May 8, 2019, 1:01pm

All the SpecialFolder variations won’t work because they point to the container and not the “real” path. APFS shouldn’t make a difference. In my experience the folderitems are nil that you can’t access when you don’t have full disk access. Do I need full disk access when the app is sandboxed? Doing more testing on §$%& Mojave is a good idea.

Beatrix_Willius · May 8, 2019, 1:20pm

What works fine on High Sierra fails on Mojave. Back to the drawing board.

Tim_Parnell · May 8, 2019, 4:09pm

By everything worked fine do you mean you were able to break out of your container?

Beatrix_Willius · May 9, 2019, 8:27am

@Tim Parnell: yes, on High Sierra I was able to access the files I need. However, on Mojave I could see the files but it wasn’t possible to read the binary files. I have given up for now.

Sam_Rowlands · May 9, 2019, 11:53pm

[quote=435641:@Beatrix Willius]

@Tim Parnell: yes, on High Sierra I was able to access the files I need. However, on Mojave I could see the files but it wasn’t possible to read the binary files. I have given up for now.[/quote]
Have you tried the trick of showing a select folder dialog and setting to be to the folder you want to open? If so, it seems like Mojave may have locked those files down, preventing any third party access

Beatrix_Willius · May 10, 2019, 7:12am

@Sam Rowlands: I have postponed any tests. The app is going to the MAS with IMAP and without any mail client.