Open Radar

 
Summary:

MDQuery's ran in sandboxed applications held no results.

Steps to Reproduce:

Compile a app with the following code and runs as sandboxed

MDQueryRef query = MDQueryCreate(kCFAllocatorDefault,CFSTR("kMDItemContentType == 'com.apple.application-bundle'"),NULL,NULL);
Boolean started = MDQueryExecute(query, kMDQuerySynchronous);
CFIndex count = MDQueryGetResultCount(query);
if (started == true && count == 0)  NSLog(@"Spotlight query yelds zero resuls");


Expected Results:

Be able to find files even if we are unable to read/write them.

Actual Results:

Unable to find files even if we are unable to read/write them, in effect breaking the MDQuery API

Regression:

Notes:

Am unable to find any documentation of MDQuery being deprecated or impacted by sandboxing or any entitlements to help with the case.


09-May-2012 03:13 AM Vlad Alexa:
Additionally the exact sandbox exception is :

5/9/12 3:10:43.149 PM sandboxd: ([2720]) taskgated-helper(2720) deny mach-lookup com.apple.ocspd

This exception persists even if the temporary exception for it exists :

	<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
	<array>
		<string>com.apple.ocspd</string>
	</array>

as instructed in the documentation:

"With App Sandbox, lookup of global Mach services fails unless you configure the mach-lookup.global.name temporary exception entitlement. For each service that you want to enable, add the service as a string value for this entitlement key’s value array."