Symbolic links and sandboxing/powerbox

Originator:chad515
Number:rdar://10649077 Date Originated:1/5/2012
Status:Duplicate Resolved:No
Product:Mac OS X Product Version:10.7.2
Classification:Serious Bug Reproducible:Always
 
Summary:
Data formats that include symbolic links to large original files to avoid the extra space of duplication do not work with sandboxing/powerbox.

Steps to Reproduce:
1) Create an application with a package file format that utilizes symbolic links to reference resources outside the package folder itself.
2) Sandbox the application, granting it the com.apple.security.files.user-selected.read-write entitlement
3) The user adds a reference to an external resource (say a video file) to the document
4) This reference is recorded as a symbolic link within the package file
5) Close and reopen the application
6) Reopen the document
7) Try to access the file pointed to by the symbolic link

Expected Results:
The file pointed to can be accessed.

Actual Results:
The file pointed to by the symbolic link cannot be opened. A denial shows up in the system log:
Jan  5 11:31:22 fruitbook sandboxd[22603] ([22616]): Pear Note(22616) deny file-read-data /Users/chad/Desktop/deleteme.mov

Regression:
Symbolic links were useful tools before sandboxing/powerbox.

Notes:
There are many applications that allow users to import resource files by reference. These include media managers such as iTunes and Lightroom, website builders like Sandvox, and other apps that utilize large media files such as my app, Pear Note. Users often to prefer to import these files by reference to avoid having duplicate files using up hard drive space. Some apps keep track of these references by storing paths in their own data structures, while others (like Pear Note) utilize symbolic links to point to them.

In this case, the user has indicated his intent to grant access to this document when importing it (which powerbox works for), but that intention is lost when the application is closed. Upon relaunch, the user re-indicates his intention to grant access to the document through powerbox, but has no way to infer access to referenced resources.

So, it appears the only way to get access to referenced resources is com.apple.security.temporary-exception.files.absolute-path.read-only or com.apple.security.temporary-exception.files.absolute-path.read-write .

If you know of a different way to maintain a reference to a file outside the document package file folder that works with sandboxing/powerbox, I'd love to hear it. I'm certainly open to using something other than symbolic links (though previously created documents would all be broken).

Comments

Closed as a dup

This bug was just closed as a dup of rdar://8751876


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!