NSData -writeToFile: returns FALSE


Carl Hoefs
 

I think I might have an entitlements issue with my in-house macOS app (10.14). It needs to write to the user's ~/Desktop. NSData's -writeToFile: returns FALSE, even if I try to write to /tmp. Heck, even if I try to write to /dev/null.

I have App Sandbox=NO, and com.apple.security.files.user-selected.read-write=YES

Is there another entitlement I'm needing?

-Carl


Steve Christensen
 

I wasn’t clear from your description, but are you calling -writeToFile:options:error:? If so then I would expect that the error might give you at least some clue.

And I haven’t worked on macOS apps in years, but at east as a user I periodically see permissions alerts pop up on my 10.15 iMac asking if an app can write to the desktop, the documents folder, etc. Maybe related to that?

On Dec 10, 2020, at 12:31 PM, Carl Hoefs <newslists@autonomy.caltech.edu> wrote:

I think I might have an entitlements issue with my in-house macOS app (10.14). It needs to write to the user's ~/Desktop. NSData's -writeToFile: returns FALSE, even if I try to write to /tmp. Heck, even if I try to write to /dev/null.

I have App Sandbox=NO, and com.apple.security.files.user-selected.read-write=YES

Is there another entitlement I'm needing?

-Carl


Shane Stanley
 

On 11 Dec 2020, at 7:31 am, Carl Hoefs <newslists@autonomy.caltech.edu> wrote:

Is there another entitlement I'm needing?
Do you have the relevant privacy string in your Info.plist file (NSDesktopFolderUsageDescription)?

--
Shane Stanley <sstanley@myriad-com.com.au>
<www.macosxautomation.com/applescript/apps/>, <latenightsw.com>


Carl Hoefs
 

On Dec 10, 2020, at 3:21 PM, Shane Stanley <sstanley@myriad-com.com.au> wrote:

On 11 Dec 2020, at 7:31 am, Carl Hoefs <newslists@autonomy.caltech.edu> wrote:

Is there another entitlement I'm needing?
Do you have the relevant privacy string in your Info.plist file (NSDesktopFolderUsageDescription)?
Adding NSDesktopFolderUsageDescription forces the addition of a provisioning profile, et al.

Currently my settings are:

Automatically manage signing - No
Team - None
Provisioning Profile - None
Signing certificate - Sign to run locally

-Carl


Carl Hoefs
 

Yes, the NSError object is nil, but the return status from the invocation is FALSE. Since it's nil, I suspect some app environment issue...

-Carl

On Dec 10, 2020, at 3:10 PM, Steve Christensen via groups.io <punster=mac.com@groups.io> wrote:

I wasn’t clear from your description, but are you calling -writeToFile:options:error:? If so then I would expect that the error might give you at least some clue.

And I haven’t worked on macOS apps in years, but at east as a user I periodically see permissions alerts pop up on my 10.15 iMac asking if an app can write to the desktop, the documents folder, etc. Maybe related to that?


On Dec 10, 2020, at 12:31 PM, Carl Hoefs <newslists@autonomy.caltech.edu> wrote:

I think I might have an entitlements issue with my in-house macOS app (10.14). It needs to write to the user's ~/Desktop. NSData's -writeToFile: returns FALSE, even if I try to write to /tmp. Heck, even if I try to write to /dev/null.

I have App Sandbox=NO, and com.apple.security.files.user-selected.read-write=YES

Is there another entitlement I'm needing?

-Carl





Shane Stanley
 

On 11 Dec 2020, at 11:59 am, Carl Hoefs <newslists@autonomy.caltech.edu> wrote:

Adding NSDesktopFolderUsageDescription forces the addition of a provisioning profile, et al.
No it doesn't. It's a simple Info.plist entry.

--
Shane Stanley <sstanley@myriad-com.com.au>
<www.macosxautomation.com/applescript/apps/>, <latenightsw.com>


Carl Hoefs
 

On Dec 10, 2020, at 5:16 PM, Shane Stanley <sstanley@myriad-com.com.au> wrote:

On 11 Dec 2020, at 11:59 am, Carl Hoefs <newslists@autonomy.caltech.edu> wrote:

Adding NSDesktopFolderUsageDescription forces the addition of a provisioning profile, et al.
No it doesn't. It's a simple Info.plist entry.
Ah, yes, you're right. I had added it to the .entitlements file.

I added it to the Info.plist file but no change in behavior...

-Carl


Jon Gotow
 

Just out of curiosity - go to System Preferences > Security & Privacy > Full Disk Access, click on the padlock in the lower left corner to unlock, then drag your app to the list. Does that fix things?

- Jon

On Dec 10, 2020, at 6:54 PM, Carl Hoefs <newslists@autonomy.caltech.edu> wrote:

On Dec 10, 2020, at 5:16 PM, Shane Stanley <sstanley@myriad-com.com.au> wrote:

On 11 Dec 2020, at 11:59 am, Carl Hoefs <newslists@autonomy.caltech.edu> wrote:

Adding NSDesktopFolderUsageDescription forces the addition of a provisioning profile, et al.
No it doesn't. It's a simple Info.plist entry.
Ah, yes, you're right. I had added it to the .entitlements file.

I added it to the Info.plist file but no change in behavior...

-Carl







Carl Hoefs
 

Interesting idea. That worked! I never knew that "Full Disk Access" even existed.

-Carl

On Dec 10, 2020, at 5:58 PM, Jon Gotow <gotow@stclairsoft.com> wrote:

Just out of curiosity - go to System Preferences > Security & Privacy > Full Disk Access, click on the padlock in the lower left corner to unlock, then drag your app to the list. Does that fix things?

- Jon


On Dec 10, 2020, at 6:54 PM, Carl Hoefs <newslists@autonomy.caltech.edu> wrote:

On Dec 10, 2020, at 5:16 PM, Shane Stanley <sstanley@myriad-com.com.au> wrote:

On 11 Dec 2020, at 11:59 am, Carl Hoefs <newslists@autonomy.caltech.edu> wrote:

Adding NSDesktopFolderUsageDescription forces the addition of a provisioning profile, et al.
No it doesn't. It's a simple Info.plist entry.
Ah, yes, you're right. I had added it to the .entitlements file.

I added it to the Info.plist file but no change in behavior...

-Carl


Jon Gotow
 

Yeah, that's part of the TCC (transparency, consent and control) privacy stuff in Mojave and higher. Without Full Disk Access, your app is prevented from accessing some filesystem locations unless it has been explicitly or implicitly allowed by the user. That means that you're given an access right if you use an Open or Save As dialog to prompt the user to select a file or location, or if you ask the system for a temp folder for use by your app (AFAIK, you're not allowed to generically read or write to /tmp because that might allow you to see other applications' temp files). Oh - or if the user implicitly permits access by dragging or double-clicking a file to open it.

Apple has ratcheted up the number of folders that are protected this way in the last few OS releases. Mojave was fairly permissive - it only refused to let you see Contacts, Calendar, Messages, Photos, Mail and Safari folders, I think. Catalina added Desktop, Documents, Downloads, iCloud Drive and removable volumes, which ends up impacting a lot more software.

- Jon

On Dec 10, 2020, at 7:17 PM, Carl Hoefs <newslists@autonomy.caltech.edu> wrote:

Interesting idea. That worked! I never knew that "Full Disk Access" even existed.

-Carl


On Dec 10, 2020, at 5:58 PM, Jon Gotow <gotow@stclairsoft.com> wrote:

Just out of curiosity - go to System Preferences > Security & Privacy > Full Disk Access, click on the padlock in the lower left corner to unlock, then drag your app to the list. Does that fix things?

- Jon


On Dec 10, 2020, at 6:54 PM, Carl Hoefs <newslists@autonomy.caltech.edu> wrote:

On Dec 10, 2020, at 5:16 PM, Shane Stanley <sstanley@myriad-com.com.au> wrote:

On 11 Dec 2020, at 11:59 am, Carl Hoefs <newslists@autonomy.caltech.edu> wrote:

Adding NSDesktopFolderUsageDescription forces the addition of a provisioning profile, et al.
No it doesn't. It's a simple Info.plist entry.
Ah, yes, you're right. I had added it to the .entitlements file.

I added it to the Info.plist file but no change in behavior...

-Carl