Mac app sandboxing and forkpty() - objective-c

I'm looking to sandbox an app to comply with the March 1st sandboxing requirement of the Mac App Store. My app includes a built-in terminal emulator which utilizes a forkpty() call to launch processes in a pseudo-tty environment. Unfortunately, this call fails under the sandbox with the error "Operation not permitted", although the fork() call works just fine. Presumably the forkpty() call requires read/write access to the /dev/ directory to create a pseudo-tty (according to the man page). I've tried adding a temporary sandboxing entitlement (com.apple.security.temporary-exception.files.absolute-path.read-write) with read/write access to /, and I now can indeed read and write files anywhere on the file system, but the forkpty() call still fails with the same error. Does anyone know how I might get forkpty() to work under the sandbox?
My app is a programming text editor with a built-in terminal emulator and file browser, so it essentially needs to have access to the entire file system. Apart from the forkpty() problem, this temporary entitlement seems to do what I need. But will Apple accept an app with such a loosely defined temporary exception entitlement?
Thanks in advance guys. I really hope I can get this sandboxing up and running so I continue to distribute my app through the App Store.

It is impossible to implement a useful terminal emulator in a sandboxed application -- even after you add entitlements for the PTY devices, the shell ends up in the same sandbox as the app, preventing it from doing very much.

Related

Debugdiag not working with Windows store apps

Trying "monitor for leaks" with any windows store app (including the built-in apps) using debugdiag2 update 2 fails.
I get a "Failed to monitor for leaks in .... Please make sure that everyone has read and execute permissions for ...leaktest.dll" message.
I've changed the permissions as indicated and followed the suggestion at:
Troubleshooting native memory leaks in Windows Store applications using DebugDiag and LeakTrack
But no luck.
Works fine for non store apps.
Anyone have this working?

How to program a sandboxed application in Yosemite

I was trying to program a simple TODO app for Yosemite with sandboxing. Apple has its tutorials for the same but they are not very elaborate. I wanted to know sandbox APIs like sandbox_init() and APIs for console logs (heard sandboxed apps use some special APIs). Could someone please point me to some open source app with sandboxing on Yosemite, so that I could see the APIs that it is using.
You don't need to use sandbox_init() etc. in order to create a sandboxed app.
Roughly, you need to understand:
Use the APIs to find well known directories and don't assume that /Users/username/Documents is the Documents folder, for example.
The app has no access to user files and must gain access via NSOpenPanel.
If the app wants to retain access it has already gained then it needs to create and store bookmark URLs, which can be reloaded during a later invocation.
If the sandboxed app spawns a child process, then that child process needs it's own set of entitlements.
Once you understand that it's normally just a case of setting Use Sandbox in the app capabilities and you're off.

Apps that do not perform as advertised by the developer will be rejected when sandbox mode

My app is rejected by
2.3 Apps that do not perform as advertised by the developer will be rejected
It said that the file copied into "~/Library/Fonts" failed.
It works when test by myself, I find that it will get permission fail when using the sandbox mode, did Apple reviewer will accept this feedback?
thanks
Apps must work in the sandbox no exceptions allowed.
A sandboxed application cannot write to ~/Library/Fonts.
Either store the font in the app bundle and use it from there, or put up a standard file dialog asking the user to grant permission to write to ~/Library/Fonts by selecting it.
If you get stuck doing either of those ask a specific question on them showing what you've tried. Such a question is unlikely to be seen as off topic.
HTH

"The device does not recognize this host message when running app on the device" [duplicate]

I'm trying to profile my application using Instruments on the device itself. Specifically, I'm trying to do time profiling.
Unfortunately, I just can't get it to work. Here's the situation:
1) If I run instruments with the app signed using the developer profile on the simulator, it works.
2) If I run instruments with the app signed using the distribution profile on the simulator, it works.
3) If I run instruments with the app signed using the distribution profile on the device (which is the default case for profiling since the scheme is set to use the release build) then Xcode complains about that there's no valid provisioning profile. That seems reasonable.
4) If I run instruments with the app signed using the developer profile on the device, then Xcode transfers the app, but then states that it's "Finished running" immediately. The app isn't run, and in most cases there's no error message.
Sometimes, just sometimes, there's a message from the Organiser stating that device does not recognise host - E800001C.
5) Running the app directly using the developer profile works fine - I can debug as expected.
Summary - I can't run an app on a device through Instruments using a debug build - it stops before it's had a chance to start. There are no error messages - nothing at all in the debug console.
Help?
Thanks,
Tim
I've solved this. It hadn't occurred to me to check the console inside the organizer. It said:
: entitlement 'keychain-access-groups' has value not permitted by a provisioning profile
After a bit of Googling I discovered that deleting the app from the device would solve my issue. Now I can profile.
So easy when you know how. Hope that helps someone else.
Tim
First of all app can be executed on simulator without signing it. Now apple has provided us the developer profile to test the app on devices.
Distribution profiles are created for submitting the app to the apple store or when application has to be distributed to the employee within the enterprise.
If want to do profiling on device do it with developer one. It should work.

How to test a cocoa touch app for the case when the network fails while downloading a file?

My iOS application, among its features, download files from a specific server. This downloading occurs entirely in the background, while the user is working on the app. When a download is complete, the resource associated with the file appears on the app screen.
My users report some misbehavior about missing resources that I could not reproduce. Some side information leads me to suspect that the problem is caused by the download of the resource's file to be aborted mid-way. Then the app has a partially downloaded file that never gets completed.
To confirm the hypothesis, to make sure any fix works, and to test for such random network vanishing under my feet, I would like to simulate the loss of the network on my test environment: the test server is web sharing on my development Mac, the test device is the iOS simulator running on the same Mac.
Is there a more convenient way to do that, than manually turning web sharing off on a breakpoint?
Depending on how you're downloading your file, one possible option would be to set the callback delegate to null halfway through the download. It would still download the data, but your application would simply stop receiving callbacks. Although, I don't know if that's how the application would function if it truly dropped the connection.
Another option would be to temporarily point the download request at some random file on an external web server, then halfway though just disconnect your computer from the internet. I've done that to test network connectivity issues and it usually works. The interesting problem in your case is that you're downloading from your own computer, so disconnecting won't help. This would just be so you can determine the order of callbacks within the application when this happens, (does it make any callbacks at all? In what order?) so that you can simulate that behavior when actually pointed to your test server.
Combine both options together, I guess, to get the best solution.