objective c - Launching executable with NSTask - Sandboxing problems? -

-

i have mac osx application launches executable located in /contents/resources. application not intended released on app store , don't have sandbox turned on.

the launch code:

toolpath = [[[nsbundle mainbundle] pathforresource:@"myexecutable" oftype:@""] copy]; task = [[nstask alloc] init]; [task setlaunchpath: toolpath]; pipe = [[nspipe alloc] init]; [task setarguments:[nsarray arraywithobjects:@"-somearg", somevariable, nil]]; file = [[nsfilehandle alloc] initwithfiledescriptor:[pipe filehandleforreading].filedescriptor]; [task setstandardoutput: stderrpipe]; [task launch];

the thing - works fine when running in xcode. works fine when exporting application desktop , running it.

however, if zip application, upload webserver, , download on same computer (or dropbox mac), task no longer launches! no error in system console or anything.

i researched on problem , found osx mark new applicaton "quarantined" special permission right. investigated difference between downloaded app , exported app:

permissions on executable after exporting application xcode:

-rwxr-xr-x  1 username  staff   65724 21 jul 16:31 executablename

at point app works fine , executable launched button inside app.

and after zipping application, uploaded server, downloaded, unzipped, , opening application , accepting "this application downloaded internet" dialogue:

-rwxr-xr-x  1 username  staff   65724 21 jul 16:31 executablename     com.apple.quarantine        26

at point nothing happens when push button in app.

if run xattr -rd com.apple.quarantine on whole app, quarantine notice removed:

-rwxr-xr-x  1 username  staff   65724 21 jul 16:31 executablename

but executable still not being launched!

at point have following permissions on desktop app:

/contents/macos:

-rwxr-xr-x  1 username  staff  407728 21 jul 16:31 appname

/contents/resources:

-rwxr-xr-x  1 username  staff   65724 21 jul 16:31 executablename

and on downloaded app used xattr -rd on:

/contents/macos:

-rwxr-xr-x  1 username  staff  407728 21 jul 16:31 appname

/contents/resources:

-rwxr-xr-x  1 username  staff   65724 21 jul 16:31 executablename

the first app works fine , second 1 never launches executable. heck going on? it's same app, on same computer, same permissions, downloaded 1 doesnt work.

this problem appears across osx versions on different computers.

adding com.apple.security.inherit entitlement helper app solved problem me.

my helper app used crash could not set sandbox profile data: operation not permitted (1) when tried start nstask.

from apple documentation:

if app employs child process created either posix_spawn function or nstask class, can configure child process inherit sandbox of parent. however, using child process not provide security afforded using xpc service.

enable sandbox inheritance, child target must use 2 app sandbox entitlement keys: com.apple.security.app-sandbox , com.apple.security.inherit. if specify other app sandbox entitlement, system aborts child process. can, however, confer other capabilities child process way of icloud , notification entitlements.

main app in xcode project must never have yes value inherit entitlement.

i hope solution helps.


Comments

Post a Comment

Popular posts from this blog

html5 - What is breaking my page when printing? -

-
Image
i have questioner , don't know why when printing it's creating break before first question. live demo (link) i able resolve issue removing fieldset container had wrapped in.. having fieldset element causing of fields grouped together, , since not fit on first page, being pushed second page. removing fieldset element, able firefox print first 2 questions on page 1 identically chrome. it seems not new problem firefox , fieldset not playing nice found old bugzilla ticket 2008 has persisted , still being commented on in 2014 (link) if retaining fieldset important, found solution else came here (link) <script type='text/javascript'> $(window).bind('beforeprint', function(){ $('fieldset').each( function(item) { $(this).replacewith($('<div class="fieldset">' + this.innerhtml + '</div>')); } ) }); $(window).bind(
Read more

c# - must be a non-abstract type with a public parameterless constructor in redis -

-
when save object, got below error must non-abstract type public parameterless constructor in order use parameter 't' in generic type or method 'servicestack.redis.redisclient.store<t>(t) redisclass.getinstnace().store(msg); // error here redisclass.getinstnace().save(); as third party's class, can not edit how save object? could create wrapper around third party object call constructor, store wrapper? e.g. public class mywrapper { public thirdpartyobject thirdpartyinstance { get; set; } public mywrapper() { thirdpartyinstance = new thirdpartyobject("constructors"); } }
Read more

ajax - PHP/JSON Login script (Twitter style) not setting sessions -

-
i'm having trouble getting twitter style login work properly, reason gets stuck at session_register("useremail"); session_register("userpass"); and doesn't redirect after it. if enter wrong account data, works , appropriate error message pops up. this full code: <?php if(empty($_post['email']) || empty($_post['password'])) { die(msg(0,"all fields required")); } if(!(preg_match("/^[\.a-z0-9_\-\+]+[@][a-z0-9_\-]+([.][a-z0-9_\-]+)+[a-z]{1,4}$/", $_post['email']))) die(msg(0,"you haven't provided valid e-mail")); $host="localhost"; $username="root"; $password="x"; $db_name="x"; $tbl_name="x"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select db"); $useremail=$_post['email']; $userpass=
Read more