Login/Register
NSTask from sandboxed helper app fails with "Could not set sandbox profile data"
Asked Answered
macosnstaskappstore-sandbox
A

0

6

I’m working on a Mac OS app composed of a main app and a helper :

Backup.app/
└── Contents
    ├── Library
    │   └── LoginItems
    │       └── BackupHelper.app
    ├── MacOS
    │   └── Backup

Backup.app: ask the user to select a path and save an app-scoped security bookmark. BackupHelper.app: Backup this path.

both Backup.app and BackupHelper.app are sandboxed.
The backupHelper app is registered to start at login using SMLoginItemSetEnabled.

When BackupHelper.app needs to access the bookmark saved by Backup.app,
I want it to call Backup.app (with some parameters) to get the final NSURL (the one with the applesecurityscope parameter)

One I try to start Backup.app using NSTask, It terminates with NSTaskTerminationReasonUncaughtSignal and I got this stacktrace :

Process:         Backup [18095]
Path:            /Applications/Backup.app/Contents/MacOS/Backup
Identifier:      Backup
Version:         1.0 (1)
Code Type:       X86-64 (Native)
Parent Process:  BackupHelper [18093]
Responsible:     BackupHelper [18093]
User ID:         501

Date/Time:       2013-11-04 10:23:06.016 +0100
OS Version:      Mac OS X 10.9 (13A603)
Report Version:  11
Anonymous UUID:  84A150C3-31C4-BE29-AAC9-338910633B1C

Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes: 0x0000000000000001, 0x0000000000000000

Application Specific Information:
Could not set sandbox profile data: Operation not permitted (1)

Application Specific Signatures:
SYSCALL_SET_PROFILE

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libxpc.dylib                       0x00007fff9079c5a1 _xpc_runtime_init_once + 2482
1   libdispatch.dylib                  0x00007fff8e59c2ad _dispatch_client_callout + 8
2   libdispatch.dylib                  0x00007fff8e59c21c dispatch_once_f + 79

When I try to start Backup.app directly it works fine and when I try to start another app with the same NSTask it works as well. Do you have any idea why it's not working specifically with Backup.app ?

Thanks !

Adamo answered 4/11, 2013 at 9:56 Comment(4)
My app is sandboxed and runs (bundled) sub-processes using posix_spawn() talking to them over a text-based protocol. If you try and run one of these sub-processes on their own from the command line you get the same error. This relates to lack of a sandboxed environment on the command line. Perhaps you need to be using XPC?Aun
As I understand, XPC requires Backup.app to be started, in my case that might not be the case. I read somewhere that posix_spawn() is not working well with sandboxed apps and the AppStore, any thoughts on this ? (I'll still try with it, thanks). Could it be an issue with the app signature ? (as it works for other apps than Backup.app)Adamo
The reason I am using posix_spawn() is because that functionality is implemented in a cross-platform C++ library, and if it was Objective-C I would probably use NSTask. I haven't had a problem with it, per-se, as it works just fine, but it's surprising that these bundled sub-process executable then become unusable from the command line. I'm sure it's related to your issue and it might be the app signature that's causing the issue.Aun
Does anyone have an update on this ? I am running against the same issue of "Could not set sandbox profile data: Operation not permitted (1)". Any pointer very welcome.Confucianism

© 2022 - 2024 — McMap. All rights reserved.