Sandbox entitlements: need support for FSCatalogSearch and searchfs

Originator:tempelmann
Number:rdar://9991647 Date Originated:20-Aug-2011
Status:Open Resolved:
Product:Mac OS X Product Version:10.7.2
Classification:Enhancement Reproducible:n/a
 
20-Aug-2011 07:38 PM Thomas Tempelmann:
I'm selling a utility ("Find Any File") in the App Store that provides functionality similar to the old Sherlock and Find File tools. It basically iterates the directory tree using FSCatalogSearch to find items the user specifies.

Sadly, this doesn't bode well with the restrictive sandbox idea, and so I request to have an entitlement added that allows apps to browse the file system, without the need to acces the actual file data - only the metadata such as file name, dates, size etc.

I know that there's Spotlight, but I sell this tool successfully to all those that are not happy with the limitations Spotlight offers.

Not only I would dislike the fact that I wouldn't soon be able to offer this tool in the App Store any more, I am sure many of its users would also be upset if Apple would not offer it any more, as they're quite unhappy with Spotlight and favor my tool.

Put please don't require every Mac user to get dumbed down just because it's "safer that way" for some, or many.


21-Nov-2011 12:09 AM Thomas Tempelmann:
I've tried the "com.apple.security.temporary-exception.files.absolute-path.read-only" temporary entitlement as shown below.

Turns out that this won't allow me to use FSCatalogSearch. That should be fixed, as it should be allowed just the same as I'm allowed to browse the directories recursively.

In fact, I do not even need to read any file data! All I need is to read the directory contents and their attributes. So, I'd still be able to settle for an even more restrictive entitlement than the one I'm using here.


Here's the entitltlement, asking to get full access to all directories. Which works when I use FSGetCataloginfoBulk, but not with FSCatalogSearch:

	<key>com.apple.security.temporary-exception.files.absolute-path.read-only</key>
	<array>
		<string>//</string>
	</array>

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!