On 18 Oct 2017, at 12:21, Jens Alfke <jens@...> wrote:

On Oct 17, 2017, at 9:14 PM, Gerriet M. Denkmann <g@...> wrote:

I would never have guessed that an app which does not use any outgoing connections at all needs this entitlement.

It sounds like the framework is being too eager to check for this entitlement. It’s definitely worth filing a bug report with Apple!

—Jens

The reason that I took all this trouble with sandboxing is:

In iOS 11 this shows a cat:

htmlString = <h1>Cat</h1><img alt=“Cat” src=“cat.gif” />
[wkWebView loadHTMLString: htmlString baseURL: folder containing cat.gif ]

In macOS 12.6 there was no cat, just a blue icon with “?”, probably meaning broken link.
So I thought: iOS is sandboxed, so maybe WkWebView needs sandboxing to show cats.

But now with sandboxing on macOS I still do not see a cat.
Most frustrating.

Gerriet.

On 18 Oct 2017, at 06:21, Andrew Keller <andrew@...> wrote:

"deny mach-lookup com.apple.nsurlstorage-cache” sounds exactly like the OS denying something because the app isn’t provisioned for that capability, but I’m having trouble identifying which provision I need to turn on in Xcode.

I believe URL access requires com.apple.security.files.bookmarks.app-scope entitlement in a sandboxed app.

That one by itself didn’t change the symptoms of the issue.

However, upon clicking on random buttons on the Entitlements screen, it seems that `com.apple.security.network.client` does make the example app work while sandboxed.

I just tried this:
App Sandbox
Network
[checked] Outgoing Connections (Client)

and now it seems to work.

Excellent idea!

I would never have guessed that an app which does not use any outgoing connections at all needs this entitlement.

A million thanks to you!

Gerriet.

On 17 Oct 2017, at 23:37, Andrew Keller <andrew@...> wrote:

Now I’m curious.

I created the test application as described, and I get the same results (macOS 10.13, Xcode 9). I also see these entries in the system log while the app is sandboxed:

standard 10:19:55.172176 -0400 SandboxedWebView Faulting in NSHTTPCookieStorage singleton
standard 10:19:55.172220 -0400 SandboxedWebView Faulting in CFHTTPCookieStorage singleton
fehler 10:19:55.417821 -0400 appleeventsd <rdar://problem/11489077> A sandboxed application with pid 4372, '"SandboxedWebView"', checked in with appleeventsd, but its code signature could not be read and validated by appleeventsd, and so it cannot receive AppleEvents targeted by name, bundle id, or signature. Install the application in /Applications/ or some other world readable location to resolve this issue. Error=ERROR: #100013 { "NSDescription"="SecCodeCopySigningInformation() returned 100013, -." }
fehler 10:19:55.449646 -0400 sandboxd Sandbox: SandboxedWebView(4372) deny mach-lookup com.apple.nsurlstorage-cache
Sandbox Check by: launchd(1)

Violation: deny mach-lookup com.apple.nsurlstorage-cache
MetaData: {"build":"Mac OS X 10.13 (17A405)","sandbox_checker":"launchd","action":"deny","target":["com.apple.nsurlstorage-cache"],"hardware":"Mac","platform_binary":"no","profile":"unknown","process":"SandboxedWebView","op":"mach-lookup”}

[ lots and lots of text that I can post if wanted ]

"deny mach-lookup com.apple.nsurlstorage-cache” sounds exactly like the OS denying something because the app isn’t provisioned for that capability, but I’m having trouble identifying which provision I need to turn on in Xcode.

Any ideas?

Regarding:
fehler 10:19:55.449646 -0400 sandboxd Sandbox: SandboxedWebView(4372) deny mach-lookup com.apple.nsurlstorage-cache

I added in: SandboxedWebView.enttitlements the following item:

com.apple.security.temporary-exception.mach-lookup.global-name = com.apple.nsurlstorage-cache

which seems to get rid of this error. But the app does not work any better for this.


Regarding:
fehler 10:19:55.417821 -0400 appleeventsd <rdar://problem/11489077> A sandboxed application with pid 4372, ‘“SandboxedWebView”’,….

This might go away if you run the app not from Xcode, but as /Applications/SandboxedWebView.app

I tried this too, but no change for the better.


Herzliche Grüße

Gerriet.

Thanks,
- Andrew

Am 17.10.2017 um 3:06 AM schrieb Gerriet M. Denkmann <g@...>:

On 17 Oct 2017, at 10:59, Marco S Hyman <marc@...> wrote:

This said, the porcupine in my home directory seems to be a red herring:
Even without non-Ascii characters in the path to the home directory a sandboxed WkWebView just does nothing, while the non-sandboxed version works as expected.

I don’t know if this has anything to do with your issue.

One difference between a sandboxed and non-sandboxed app is that the “home directory” in a sandboxed app is inside the application container, not the current users home directory.

~/ ==> non-sandboxed home directory
~/Library/Containers/com.example.appid/Data/ ==> sandboxed home directory

You will not be able to create/access anything outside of the sandbox container without going through Powerbox or adding appropriate entitlements.

Marc

My Test app is really simple, just one window (with WKWebView), one framework (WebKit.framework) and one method:

#import "AppDelegate.h"
@import WebKit;

@interface AppDelegate ()
@property (weak) IBOutlet NSWindow *window;
@property (strong) IBOutlet WKWebView *webView;
@end

@implementation AppDelegate

- (void)applicationDidFinishLaunching:(NSNotification *)aNotification
{
BOOL sandboxed = ![ NSFileManager.defaultManager isWritableFileAtPath: @"/tmp/" ];
NSString *htmlString = sandboxed ? @"<h1>Sand</h1>" : @"<h1>Water</h1>";
NSLog(@"%s %@ will loadHTMLString: \"%@\" baseURL: nil",__FUNCTION__, self.webView, htmlString);
WKNavigation *a = [ self.webView loadHTMLString: htmlString baseURL: nil ];
NSLog(@"%s loadHTMLString returned %@",__FUNCTION__, a);
}

@end

No access to any files, whether inside or outside of home folder.
Still I have never seen “Sand” in my window.

Gerriet.

"deny mach-lookup com.apple.nsurlstorage-cache” sounds exactly like the OS denying something because the app isn’t provisioned for that capability, but I’m having trouble identifying which provision I need to turn on in Xcode.

I believe URL access requires com.apple.security.files.bookmarks.app-scope entitlement in a sandboxed app.

That one by itself didn’t change the symptoms of the issue.

However, upon clicking on random buttons on the Entitlements screen, it seems that `com.apple.security.network.client` does make the example app work while sandboxed. I wonder if there is a more specific entitlement that may be more to-the-point, given that this test application does not need to make network calls.

Thanks,
- Andrew

"deny mach-lookup com.apple.nsurlstorage-cache” sounds exactly like the OS denying something because the app isn’t provisioned for that capability, but I’m having trouble identifying which provision I need to turn on in Xcode.

I believe URL access requires com.apple.security.files.bookmarks.app-scope entitlement in a sandboxed app.

Marc

On 17 Oct 2017, at 10:59, Marco S Hyman <marc@...> wrote:

This said, the porcupine in my home directory seems to be a red herring:
Even without non-Ascii characters in the path to the home directory a sandboxed WkWebView just does nothing, while the non-sandboxed version works as expected.

I don’t know if this has anything to do with your issue.

One difference between a sandboxed and non-sandboxed app is that the “home directory” in a sandboxed app is inside the application container, not the current users home directory.

~/ ==> non-sandboxed home directory
~/Library/Containers/com.example.appid/Data/ ==> sandboxed home directory

You will not be able to create/access anything outside of the sandbox container without going through Powerbox or adding appropriate entitlements.

Marc

My Test app is really simple, just one window (with WKWebView), one framework (WebKit.framework) and one method:

#import "AppDelegate.h"
@import WebKit;

@interface AppDelegate ()
@property (weak) IBOutlet NSWindow *window;
@property (strong) IBOutlet WKWebView *webView;
@end

@implementation AppDelegate

- (void)applicationDidFinishLaunching:(NSNotification *)aNotification
{
BOOL sandboxed = ![ NSFileManager.defaultManager isWritableFileAtPath: @"/tmp/" ];
NSString *htmlString = sandboxed ? @"<h1>Sand</h1>" : @"<h1>Water</h1>";
NSLog(@"%s %@ will loadHTMLString: \"%@\" baseURL: nil",__FUNCTION__, self.webView, htmlString);
WKNavigation *a = [ self.webView loadHTMLString: htmlString baseURL: nil ];
NSLog(@"%s loadHTMLString returned %@",__FUNCTION__, a);
}

@end

No access to any files, whether inside or outside of home folder.
Still I have never seen “Sand” in my window.

Gerriet.

This said, the porcupine in my home directory seems to be a red herring:
Even without non-Ascii characters in the path to the home directory a sandboxed WkWebView just does nothing, while the non-sandboxed version works as expected.

I don’t know if this has anything to do with your issue.

One difference between a sandboxed and non-sandboxed app is that the “home directory” in a sandboxed app is inside the application container, not the current users home directory.

~/ ==> non-sandboxed home directory
~/Library/Containers/com.example.appid/Data/ ==> sandboxed home directory

You will not be able to create/access anything outside of the sandbox container without going through Powerbox or adding appropriate entitlements.

Marc

Some further notes:

NSString *porcupine = @"เม่น";
NSData *utf8Data = [ porcupine dataUsingEncoding: NSUTF8StringEncoding ];
NSString *badPorcupine = [ [ NSString alloc ] initWithData: utf8Data encoding: NSASCIIStringEncoding ];
NSLog(@"NSASCIIStringEncoding \"%@\" → \"%@\"", porcupine, badPorcupine);
prints:
NSASCIIStringEncoding “เม่น" → "เม่น"

Please note that the path to the home directory is *not* guaranteed to be Ascii: if anything in ”/Users/username” is a symbolic link then this assumption is no longer valid.
NSLog(@"home \"%@\"", @"~".stringByExpandingTildeInPath);
prints:
home "/Volumes/เม่น/Users/gerriet/Library/Containers/de.mdenkmann.TestViewsMac/Data"

This said, the porcupine in my home directory seems to be a red herring:
Even without non-Ascii characters in the path to the home directory a sandboxed WkWebView just does nothing, while the non-sandboxed version works as expected.

Gerriet.

P.S. macOS 12.6

On 16 Oct 2017, at 18:58, Sandor Szatmari <admin.szatmari.net@...> wrote:

One thing that can cause delegate methods to never be called is if there’s been some sort of exception thrown, one that doesn’t crash the app but causes SDK internals to get all mucked up.

Do you have a catch all Objc exception breakpoint set?

Yes I have, and: No there are no exceptions.

I can imaging if the path to the volume is getting mangled and everything ‘seems’ ok that some call is failing and causing your delegate reference to fail.

Sandor

On Oct 16, 2017, at 07:46, Gerriet M. Denkmann <g@...> wrote:

macOS 12.6

When I start my sandboxed app, I get lots of messages like:

“could not create “/Volumes/เม่น/Users/gerriet/Library/Containers/….”."

Of course there is no disk-partition called “เม่น”.

And when I check “/Volumes/เม่น™/Users/gerriet/Library/Containers/….” all complained about folders have been created.

So far so confusing.


But when I do [ wkWebView loadHTMLString: … ] I see again:

“could not create “/Volumes/เม่น/Users/gerriet/Library/Containers/de.mdenkmann.TestViewsMac/Data/Library/Caches/WebKit/NetworkCache”"

and then nothing happens - no delegate method is ever called and the view remains blank.

Any idea what I am doing wrong?

Gerriet.

P.S. works fine without sandboxing. And WebView works with or without sandboxing.

One thing that can cause delegate methods to never be called is if there’s been some sort of exception thrown, one that doesn’t crash the app but causes SDK internals to get all mucked up. Do you have a catch all Objc exception breakpoint set? I can imaging if the path to the volume is getting mangled and everything ‘seems’ ok that some call is failing and causing your delegate reference to fail.

Sandor

One thing that can cause delegate methods to never be called is if there’s been some sort of exception thrown, one that doesn’t crash the app but causes SDK internals to get all mucked up. Do you have a catch all Objc exception breakpoint set? I can imaging if the path to the volume is getting mangled and everything ‘seems’ ok that some call is failing and causing your delegate reference to fail.

Sandor

macOS 12.6

When I start my sandboxed app, I get lots of messages like:

“could not create “/Volumes/เม่น/Users/gerriet/Library/Containers/….”."

Of course there is no disk-partition called “เม่น”.

And when I check “/Volumes/เม่น™/Users/gerriet/Library/Containers/….” all complained about folders have been created.

So far so confusing.


But when I do [ wkWebView loadHTMLString: … ] I see again:

“could not create “/Volumes/เม่น/Users/gerriet/Library/Containers/de.mdenkmann.TestViewsMac/Data/Library/Caches/WebKit/NetworkCache”"

and then nothing happens - no delegate method is ever called and the view remains blank.

Any idea what I am doing wrong?

Gerriet.

P.S. works fine without sandboxing. And WebView works with or without sandboxing.