Open Radar

 
Our open source framework iMediaBrowser needs to be able to discover and display thumbnails and metadata for various kinds of media files (images, audio, video, links, etc). Once the user selects media files in the browser and starts dragging them to the host application, the app needs to have access to the media files themselves. When using the Powerbox or when dragging a file from the Finder, this already works in a sandboxed application, because a hole is punched into the sandbox for that particular file. 

We need an officially sanctioned way for our framework (from a privileged XPC service) to punch those same holes into the sandbox, for those files that the user chose to drag from the iMediaBrowser UI into the host app UI. 

We currently propose to do this by creating document relative security scoped bookmarks inside a privileged XPC service. The bookmark data gets sent to the host app over the XPC connection. The host app can then resolve the bookmark, thus punching a hole into the sandbox, and access the file itself. 

If this approach is not officially sanctioned, then please provide an official API to achieve the same effect - i.e. punch holes into the sandbox for file that do not get dragged from the Finder, but from another location (in this case the media browser UI).