Working with files outside sandbox in Mac App (Accessing Security Scoped Resource)

I was developing an Mac application recently and came across the problem, which was quite interesting and i thought I can share my experience with you guys.

ok, let me directly get it stright. Recently I developed a Mac application for binary resigning, the functionality of the app is to take your ipa files and resign it with different certificates and provision profiles.

I developed this app successfully and tried to publish on app store using app Store connect. But when I try to push the app to App Store, Apple didn’t allow me to publish stating the reason “I am not using App Sandbox in my application”. Problem is my app needs to access resources outside of the sandbox, if I enable sandbox I won’t be able to access system directories like “~/Library/MobileDevice/’Provisioning Profiles”, which is essential for resigning. I did some research and found a solution, which is what I am about to explain below.

1) Enable sand box to your application under signing and capabilities

2) Update your entitlement files

All three items are mandatory. com.apple.security.files.bookmarks.app-scope will allow to bookmark urls outside of the sandbox and com.apple.security.files.user-selected.read-write will allow to read and write files outside of the sand box. using the combination of these three permissions we will be accessing files outside of the sand box.

  • First we will request read and write access for a specific directory
  • Then bookmark that directory and save it to local storage
  • Using startAccessingSecurityScopedResource function we will access system directories out side of sand box.

I wrote a simple code snippet for this solution.

Hope this will be helpful for you guys. Happy Coding 😁!!!

I am a mobile application consultant with 7 years of experience in IT industry .

Leave a Reply

*