Real Software Forums

Sandboxing and unix binaries
Page 2 of 2

Author:  rowlands [ Thu Jan 24, 2013 1:40 am ]
Post subject:  Re: Sandboxing and unix binaries

Have you submitted the application to Apple, was it approved?

This is getting to be a bit of a mess because the Sandboxing guide suggests that all 'Helper Applications' need to be Sandboxed individually (although you can use the inherit entitlement), yet when a "Helper Application" is Sandboxed, the RS shell class cannot be used. In fact you can't even use the application in the Terminal. Then only two ways I know how to do this conforming to Apple's guidelines are to either use NSTask (which is limited in capabilities) or to use XPC (which is a whole different ball game).

While my app that relies on 'Helper Apps' isn't ready to be Sandboxed, I've only done some tests and can confirm that if the 'Helper App' isn't Sandboxed then it works as expected, otherwise the only way to execute the helper app is to use NSTask (I've not even gone into XPC in much detail).

Author:  atarikid [ Fri Jan 25, 2013 8:48 am ]
Post subject:  Re: Sandboxing and unix binaries

rowlands wrote:
Have you submitted the application to Apple, was it approved?

I also want to know this.

But I think Unix Binaries could well be an exception. There are AppStore apps that have include Unix Binaries (for example Mplayer) in the main .app resources and that binary is not sandboxed.
Also, when you download an unix binary that is not sandboxed, it still can be opened in Mac OSX 10.8 without needing to 'open' it with the right-click menu. This could imply that unix binaries do not need to be sandboxed.

My guess is only .app (packages) helper apps needs to be sandboxed.

Author:  rowlands [ Mon Jan 28, 2013 6:47 am ]
Post subject:  Re: Sandboxing and unix binaries

After examining an app on the App Store that uses Unix/Console helper applications, I can confirm that they are indeed Sandboxed.

Which sends us right back to square one.

Author:  atarikid [ Fri Feb 01, 2013 3:22 am ]
Post subject:  Re: Sandboxing and unix binaries


When you are using help files (unix binaries or other app) and you want your app sandboxed there is only one way to this now:
Using NSTaskMBS and AppWrapper (does NOT work when you use RB Package Maker Studio !!)

The RB Shell does not work atm . I asked Joe to look at it but he is too busy atm which is understandable. Maybe it gets 'fixed' in the near future.
But for know you have to use NSTaskMBS

Below an example how to do it.

Put the following in a thread (otherwise it will lock your app completely)

dim tFile as folderitem = .. path to helper app
dim mResponder as NSFileHandleMBS
dim mtask as NSTaskMBS
dim pipe as new NSPipeMBS
dim errpipe as new NSPipeMBS
mtask = new NSTaskMBS
mtask.setStandardError errpipe
mtask.setStandardOutput pipe
mtask.LaunchPath = tFile.UnixpathMBS
mResponder = errpipe.fileHandleForReading
// read the output with mResponder.availableData
loop until not mtask.isRunning

Now I know the app.doevent(500) is awkward and you normally should avoid this. But in this case it IS needed or your app will lockup too. This seems to be the case when using NSPipe . If you do not reading the help app output you can leave the app.doevent behind.
Also, a lower value will also result in lockings. You need at least 500 !!

Page 2 of 2 All times are UTC - 5 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group