Sandboxing problem: can't access iPhoto photos if "Copy To Library" unchecked
| Originator: | haikusw | ||
| Number: | rdar://10612246 | Date Originated: | 12/20/2011 |
| Status: | Open | Resolved: | |
| Product: | Mac OS X SDK | Product Version: | 10.7 |
| Classification: | Reproducible: | Always |
Summary: Trying to adopt Application Sandboxing for Mac Application Store app that works with a user's photos in iPhoto. The sandbox flag for accessing a users' Pictures folder works well to let us access "AlbumData.xml" inside the iPhoto library. HOWEVER, if the user has unchecked the "Copy items to the iPhoto Library" checkbox in the Advanced tab of iPhoto preferences, and the actual photos are outside the Pictures folder, we are unable to access the pictures. GAME OVER NOTE: this will also apply to any app trying to access files referenced by iTunes' "iTunes Music Library.xml" file if users have opted to NOT copy their music files to the Music folder. Steps to Reproduce: - Write an application that reads the AlbumData.xml file and then opens a picture using the path for an entry. - remove all photos from iPhoto - Uncheck "Copy items to the iPhoto Library" preference in the Advanced section of the iPhoto preferences. - put a picture onto the desktop - Be careful that this picture does not have a non-destructive rotate applied (e.g., this happens (at least) if you open the picture in preview and rotate it and then save it as JPEG but check the "Rotate without modifying contents" checkbox). If you do iPhoto will consider it modified and save a copy in the iPhoto Library and it'll work. - drag a picture from the desktop onto iPhoto to add it to the library. - confirm that the picture didn't get auto-modified and copied to the iPhoto library by selecting the picture in iPhoto and then from the File Menu chose "Review in Finder >" and note that "Modified File" is disabled. - Run your program and note that it gets a sandbox violation trying to access the picture. Expected Results: Well, honestly, this is how I expected it to break. Sandboxing is not the solution we want (see Wil Shipley's blog post on this: http://blog.wilshipley.com/2011/11/real-security-in-mac-os-x-requires.html). But more importantly, this is going to be a problem for every application that wants to integrate with iTunes and/or iPhoto which both offer the option to save files outside of the Music or Pictures folders for which there are sandbox entitlement keys. Actual Results: Regression: Notes:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!