I have some of my app when codesigned (using AppWrapper 4 @Sam_Rowlands ), if sandoxed they wont launch!
I don’t know how to understand the problem. That apps uses sqlite and cubesql plugins and (I think) starts connecting to the database the app quits without error.
Simply when I launch it, jumps and close. If I don’t sandbox the app, it works!
I don’t have idea how is possible, I keep updated the plugins, my os, xojo… Can someone helps me how to understand something about that problem?
Where is your database kept. The App Sandbox piles on even more restrictions of what files and API your app can access without user interaction.
It’s one of the reasons why my latest App isn’t in the App Store because then it wouldn’t be able to receive the messages from the system that it needs to do its job.
If the app looks for an expected external file at startup and doesn’t handle it being missing properly, it will generate an exception.
A sandboxed app does not ‘get’ the same specialfolders as a non-sandboxed app, and cannot access all the places you might expect.
Instead, it gets a folder created for it in Library/Containers
Here you can see that it contains a shortcut to real desktop, real downloads, but private documents and other folders.
So if you copy a file or resource to ‘normal’ applicationdata, a sandboxed app will be looking in another place
There is ‘your apps’ folder, and then there is ‘the general one’
This is (I feel sure) the difference between specialfolder.applicationdata
(available to this user only, and private for sandboxed)
and specialfolder.sharedapplicationdata
(which SHOULD be the Library/Application Support folder) , but which you may need to request permissions to access.
Have a look at the console messages, most of the time there is an entry with a short message why your app won’t start. May be something with codesigning, entitlements etc.
Why does your app try to read boot-args from nvram? If this is not really neccessary, to operate your software, remove this feature - as it looks like it is violating Apples Sandbox rules. Or find an entitlement that grants your app the rights to do that…
This is intentionally - Sandbox is ment to restrict apps from system calls etc.
Next step is to identify which part of your software is making this call - if you are using plugins, you may ask their creator. I guess the plugin will be an older one, as sandboxing is really no new feature…
Can you point where your app attempts to read the boot arguments of the nvram? That’s very odd.
You can try to put message boxes in a temporary build (code-signed) in your app’s open event (and other relevant ones) like “Block 1”, “Block 2”, etc., to find the method which does this weird call.
I could have suggested the use of System.DebugLog, but the Console app is so unreliable since Mac OS 10.13…
To be exact, I specify that my app worked fine as sandboxed until one month ago! I don’t changed anything except two bug fix (vary simple and that have nothing complicated, two math calculation inside the app).
Ok.
Do you have a copy of the source from 2 months ago?
If so, does that still run sandboxed?
if so, then compare the code to see what has actually changed
I think the only plugin used is CubeSqlServer. But today I’ll try to use an older version if available. Now I’ll check (in few hours) if in other projects I have the same issue and I’ll post news here.
Now, after many tries and searches… I have no solution but seems something in the codesign. As said in that thread
So I ask some help to @Sam_Rowlands . Tried with plugins used one month ago, but the result is the same.
Sandbox: gamed(2110) deny(1) file-read-data /Users/sergio/Library/Mobile Documents/com~apple~CloudDocs/Lavoro/Lavori Realbasic/COMPILATI/Mac/Gest-L - Website (UB)/Gest-L.app
Sandbox: Gest-L(31430) deny(1) nvram-get boot-args
Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing={<TCCDProcess: identifier=com.system-i.gestl, pid=31430, auid=504, euid=504, binary_path=/Users/sergio/Library/Mobile Documents/com~apple~CloudDocs/Lavoro/Lavori Realbasic/COMPILATI/Mac/Gest-L - Website (UB)/Gest-L.app/Contents/MacOS/Gest-L>}, requesting={<TCCDProcess: identifier=com.apple.appleeventsd, pid=519, auid=55, euid=55, binary_path=/System/Library/CoreServices/appleeventsd>},
For completing all informations, on my old macbook pro (10.14) I uninstalled all dipendencies of my app (I usually use AppCleaner), and after that the application is opening without any problem. But I can’t ask to my users to uninstall (and lose all saved data) and reinstall.
Sam, may be something around “Reset app permissions” flag? Seems nothing changes with that flagged or not…
