so Ive been tearing my hair out with this...
I have a main app, and a helper app. both are sandboxed and are sharing data using App Groups. I talk to the helper app by way of NSXPCConnection. I have the helper app set up as a login item using SMLoginItemSetEnabled. the helper app runs as a daemon when the user has it activated.
this all works well. the problem is with the security scoped bookmarks.
The helper app needs to access system files. when i need to grant access to new locations, this is done by the main app, by way of NSXPCConnection opening the helper and opening an NSOpenPanel using this class: (https://github.com/leighmcculloch/AppSandboxFileAccess) this all seems to work also....
the class tells me that file access has been granted, however I also receive a sandboxd violation in Console.
Sandbox: com.my.app.helper deny file-read-data
i have the correct entitlements in the helper app:
com.apple.security.files.user-selected.read-write
com.apple.security.files.bookmarks.app-scope
I also read someone had issues when accessing the bookmarks on a background thread, so I tried wrapping all calls related to bookmarks in:
dispatch_sync(dispatch_get_main_queue(), ^{ });
still no joy. any help is much appreciated.
**the sandbox is areal nightmare to work with.... all my app does is delete some system files without user intervention. such a simple task before the sandbox.... now i need to deal with loginItems, XPC.... so many headaches. :(
my particular problem was actually much simpler.... I had all my calls to bookmarks wrapped like this:
once i removed the calls from the main dispatch block and moved it to a dispatch queue, everything started working? I don't know why, but nevertheless i am extremely happy its now working.