Symbolic links and sandboxing/powerbox
|Product:||Mac OS X
Data formats that include symbolic links to large original files to avoid the extra space of duplication do not work with sandboxing/powerbox.
Steps to Reproduce:
1) Create an application with a package file format that utilizes symbolic links to reference resources outside the package folder itself.
2) Sandbox the application, granting it the com.apple.security.files.user-selected.read-write entitlement
3) The user adds a reference to an external resource (say a video file) to the document
4) This reference is recorded as a symbolic link within the package file
5) Close and reopen the application
6) Reopen the document
7) Try to access the file pointed to by the symbolic link
The file pointed to can be accessed.
The file pointed to by the symbolic link cannot be opened. A denial shows up in the system log:
Jan 5 11:31:22 fruitbook sandboxd (): Pear Note(22616) deny file-read-data /Users/chad/Desktop/deleteme.mov
Symbolic links were useful tools before sandboxing/powerbox.
There are many applications that allow users to import resource files by reference. These include media managers such as iTunes and Lightroom, website builders like Sandvox, and other apps that utilize large media files such as my app, Pear Note. Users often to prefer to import these files by reference to avoid having duplicate files using up hard drive space. Some apps keep track of these references by storing paths in their own data structures, while others (like Pear Note) utilize symbolic links to point to them.
In this case, the user has indicated his intent to grant access to this document when importing it (which powerbox works for), but that intention is lost when the application is closed. Upon relaunch, the user re-indicates his intention to grant access to the document through powerbox, but has no way to infer access to referenced resources.
So, it appears the only way to get access to referenced resources is com.apple.security.temporary-exception.files.absolute-path.read-only or com.apple.security.temporary-exception.files.absolute-path.read-write .
If you know of a different way to maintain a reference to a file outside the document package file folder that works with sandboxing/powerbox, I'd love to hear it. I'm certainly open to using something other than symbolic links (though previously created documents would all be broken).
Reports posted here will not necessarily be seen by Apple.
All problems should be submitted at bugreport.apple.com before they are posted here.
Please only post information for Radars that you have filed yourself, and please do
not include Apple confidential information in your posts. Thank you!