i wrote a sandboxed app which deals with USB drives under Yosemite (10.10). When the app is done with its stuff i want to offer the user an option to eject the device.
Under Yosemite thats not a problem, i successfully used
DADiskUnmount()
and
[NSWorkspace unmountAndEjectDeviceAtURL:error:]
But under Mavericks (10.9) both methodes won't work. I double checked my whole code and i'm pretty confident there are no SDK conflicts.
I get the following error message
Sandbox denied authorizing right 'system.volume.external.unmount' by client <MyApp>
I got all USB related entitlements, use security-scoped bookmarks (with startAccessingSecurityScopedResource and without), repaired disk permissions on the test device, used different kinds of USB devices to test, checked if there are open files on the device and tried kDADiskUnmountOptionForce.
The
system.volume.external.(adopt|encode|mount|rename|unmount)
authorization right only appears on 10.8 and 10.9. source:link
Is there a way to grant my app this right ?
It would be nice if someone could help me with this!
Aperture uses the sandbox "big red button" (
com.apple.security.temporary-exception.sbpl) to dosystem.volume.external.mount/unmount.From Aperture's entitlements file:
<key>com.apple.security.temporary-exception.sbpl</key> <string> (begin (allow authorization-right-obtain (right-name "system.volume.external.mount")) (allow authorization-right-obtain (right-name "system.volume.external.unmount")) (deny network-outbound (with no-log) (regex #"^/private/tmp/launch-")) (allow file-ioctl (literal "/dev/ptmx") (literal "/dev/null") (literal "/dev/tty") (regex #"^/dev/ttys")) (allow file-search) (allow ipc-posix-sem) (allow system-fsctl)) </string>No idea whether Apple will allow this in the MAS though.