On 17 Oct 2017, at 23:37, Andrew Keller <andrew@...> wrote:
Now I’m curious.
I created the test application as described, and I get the same results (macOS 10.13, Xcode 9). I also see these entries in the system log while the app is sandboxed:
standard 10:19:55.172176 -0400 SandboxedWebView Faulting in NSHTTPCookieStorage singleton
standard 10:19:55.172220 -0400 SandboxedWebView Faulting in CFHTTPCookieStorage singleton
fehler 10:19:55.417821 -0400 appleeventsd <rdar://problem/11489077> A sandboxed application with pid 4372, '"SandboxedWebView"', checked in with appleeventsd, but its code signature could not be read and validated by appleeventsd, and so it cannot receive AppleEvents targeted by name, bundle id, or signature. Install the application in /Applications/ or some other world readable location to resolve this issue. Error=ERROR: #100013 { "NSDescription"="SecCodeCopySigningInformation() returned 100013, -." }
fehler 10:19:55.449646 -0400 sandboxd Sandbox: SandboxedWebView(4372) deny mach-lookup com.apple.nsurlstorage-cache
Sandbox Check by: launchd(1)
Violation: deny mach-lookup com.apple.nsurlstorage-cache
MetaData: {"build":"Mac OS X 10.13 (17A405)","sandbox_checker":"launchd","action":"deny","target":["com.apple.nsurlstorage-cache"],"hardware":"Mac","platform_binary":"no","profile":"unknown","process":"SandboxedWebView","op":"mach-lookup”}
[ lots and lots of text that I can post if wanted ]
"deny mach-lookup com.apple.nsurlstorage-cache” sounds exactly like the OS denying something because the app isn’t provisioned for that capability, but I’m having trouble identifying which provision I need to turn on in Xcode.
Any ideas? Regarding: fehler 10:19:55.449646 -0400 sandboxd Sandbox: SandboxedWebView(4372) deny mach-lookup com.apple.nsurlstorage-cache I added in: SandboxedWebView.enttitlements the following item: com.apple.security.temporary-exception.mach-lookup.global-name = com.apple.nsurlstorage-cache which seems to get rid of this error. But the app does not work any better for this. Regarding: fehler 10:19:55.417821 -0400 appleeventsd <rdar://problem/11489077> A sandboxed application with pid 4372, ‘“SandboxedWebView”’,…. This might go away if you run the app not from Xcode, but as /Applications/SandboxedWebView.app I tried this too, but no change for the better. Herzliche Grüße Gerriet.
Thanks,
- Andrew
Am 17.10.2017 um 3:06 AM schrieb Gerriet M. Denkmann <g@...>:
On 17 Oct 2017, at 10:59, Marco S Hyman <marc@...> wrote:
This said, the porcupine in my home directory seems to be a red herring:
Even without non-Ascii characters in the path to the home directory a sandboxed WkWebView just does nothing, while the non-sandboxed version works as expected. I don’t know if this has anything to do with your issue.
One difference between a sandboxed and non-sandboxed app is that the “home directory” in a sandboxed app is inside the application container, not the current users home directory.
~/ ==> non-sandboxed home directory
~/Library/Containers/com.example.appid/Data/ ==> sandboxed home directory
You will not be able to create/access anything outside of the sandbox container without going through Powerbox or adding appropriate entitlements.
Marc
My Test app is really simple, just one window (with WKWebView), one framework (WebKit.framework) and one method:
#import "AppDelegate.h"
@import WebKit;
@interface AppDelegate ()
@property (weak) IBOutlet NSWindow *window;
@property (strong) IBOutlet WKWebView *webView;
@end
@implementation AppDelegate
- (void)applicationDidFinishLaunching:(NSNotification *)aNotification
{
BOOL sandboxed = ![ NSFileManager.defaultManager isWritableFileAtPath: @"/tmp/" ];
NSString *htmlString = sandboxed ? @"<h1>Sand</h1>" : @"<h1>Water</h1>";
NSLog(@"%s %@ will loadHTMLString: \"%@\" baseURL: nil",__FUNCTION__, self.webView, htmlString);
WKNavigation *a = [ self.webView loadHTMLString: htmlString baseURL: nil ];
NSLog(@"%s loadHTMLString returned %@",__FUNCTION__, a);
}
@end
No access to any files, whether inside or outside of home folder.
Still I have never seen “Sand” in my window.
Gerriet.
|
