CFUserNotification triggers mach-lookup sandbox violation
| Originator: | Carter | ||
| Number: | rdar://10980808 | Date Originated: | Sun, 04 Mar 2012 19:54:22 GMT |
| Status: | Open | Resolved: | |
| Product: | Mac OS X | Product Version: | 10.7.3/11D50b |
| Classification: | Other Bug | Reproducible: | Always |
Summary: Attempting to display a CFUserNotification from a sandboxed process triggers a violation. The API performs a mach-lookup of "com.apple.UNCUserNotification", and when that is denied, it simply prints the notification instead of displaying a window. Adding a temporary mach-lookup exception for "com.apple.UNCUserNotification" fixes the problem. Steps to Reproduce: Attempt to display a CFUserNotification in a sandboxed process. The scenario in which I encountered this was a sandboxed app using a helper tool that inherited the app's sandbox. The helper tool has no UI, and uses CFUserNotification to interact with the user. Expected Results: No sandbox violation and no required temporary exceptions. Actual Results: A sandbox violation like this: sandboxd: ([42347]) CFUserNotificationTest(42347) deny mach-lookup com.apple.UNCUserNotification A temporary exception is required for CFUserNotification to work. Regression: Processes that are not sandboxed do not have this problem. --- OpenRadar note: You can download my sample project here: http://c.zcr.me/kRcv+
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!