在Mac App Store上销售的沙盒应用程序可以访问系统文件夹吗？ [英] Can a sandboxed app sold on the Mac App Store access system folders?

问题描述

通过Mac App Store销售的应用程序是否可以访问系统文件夹？

Is it possible for an app sold thru the Mac App Store to access system folders?

我的意思是：我的应用程序需要读取沙盒区域之外的目录的内容，让我们说 / Library / StartupItems 并且如果用户想要可能删除那里的文件。

I mean this: my app needs to read the contents of directories that are outside the sandbox area, lets say something like /Library/StartupItems and possibly delete a file there if the user wants.

沙箱应用程序可以访问系统文件夹和删除文件吗？如果它不能删除，至少可以读取？

Is it possible for a sandboxed app to access system folders and delete files there? If it cannot delete, can it at least read?

如果我想在Mac App Store上销售，我必须启用沙盒吗？

Do I have to enable sandbox if I want to sell on the Mac App Store?

我随机尝试了一个目录：

I have tried a directory at random doing this:

  NSString *path = @"/Library/StartupItems";
  NSArray *dirFiles = [[NSFileManager defaultManager] contentsOfDirectoryAtPath:path error:nil];

我可以得到目录列表。如果应用程序被标记为沙箱，我该如何阅读？

and I can get the directory listing. How can I be reading that if the app is marked as sandboxed? I don't get it.

推荐答案

否，通过Mac App Store销售的OS X应用程序无法以您的方式访问资源描述。

No, OS X Applications sold through the Mac App Store cannot access resources in the way you've described. It's also required that all apps are sandboxed and codesigned with a valid Mac Developer Program Certificate.

至于能够读取 / Library / StartupItems

As for being able to read /Library/StartupItems (which is deprecated) when your app is marked as "sandboxed"; it's not just a matter of having the option checked. You also have to ensure "Use Entitlements file" is selected and the application is properly codesigned. Once you've done that you can check to verify it's properly sandboxed in Terminal by using:

codesign -dvvv --entitlements :- Some.app/Contents/MacOS/Executable

此外，还有一些目录， 世界可读可以读取：

In addition, there are certain directories where files that are "world readable" can be read:

/bin
/sbin
/usr/bin
/usr/lib
/usr/sbin
/usr/share
/System

为了允许OS X应用程序与您的（早期）示例的文件系统交互，应用程序需要使用提升的权限，通常使用授权服务 - 应用程式沙箱不允许。请查看标题为确定您的应用程序是否适合沙盒，它应该回答您可能有的任何其他问题。

In order to allow an OS X application to interact with the file system like your (earlier) example the application would need to use elevated privileges typically using Authorization Services — which App Sandbox disallows. Take a look at the section titled "Determine Whether Your App Is Suitable for Sandboxing", and it should answer any other concerns you might have.

沙盒在很多方面都很好，但同时也非常严格。如果你的应用程序需要做的事情不在允许的范围内，你可以选择不通过Mac App Store销售，而不使用沙盒。一些开发人员还创建其应用程序的两个不同版本（Mac App Store版本和非Mac App Store）。如果你的应用程序依赖于它的容器外面的许多东西，你一定会考虑/衡量沙盒的优点和缺点。

Sandboxing is good in a lot of ways, but also very restrictive at the same time. If your app needs to do things that are not within the scope of what is allowable you can choose to not sell through the Mac App Store and not use Sandboxing. Some developers also create two different versions of their app (Mac App Store version and non-Mac App Store). If your app relies on going outside it's container for much of anything you'll definitely want to consider/weigh the pros and cons of Sandboxing.

• 应用程式沙箱指南


• 文件系统编程指南


• 授权服务C参考

• App Sandbox Guide
• File System Programming Guide
• Authorization Services C Reference

这篇关于在Mac App Store上销售的沙盒应用程序可以访问系统文件夹吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！