Cannot create app-scoped bookmark for read-only files

Originator:schiffey
Number:rdar://11540942 Date Originated:May 26, 2012
Status:Open Resolved:No
Product:Mac OS X Product Version:10.7.4
Classification:Security Reproducible:Always
 
Summary:
Creating a app-scoped read-only bookmark with
-bookmarkDataWithOptions:includingResourceValuesForKeys:relativeToURL:error:
requires write-access to bookmarked file.

Steps to Reproduce:
1. Create app with App Sandboxing and "com.apple.security.files.user-selected.read-only" and "com.apple.security.files.bookmarks.app-scope" entitlements.
2. In app, present Open Files dialog to user.
3. When user selects file, get URL and call:
   bookmark = [url bookmarkDataWithOptions:(NSURLBookmarkCreationPreferFileIDResolution |
											NSURLBookmarkCreationWithSecurityScope | 
											NSURLBookmarkCreationSecurityScopeAllowOnlyReadAccess)
			includingResourceValuesForKeys:[NSArray array]
							 relativeToURL:nil
									 error:&error];


Expected Results:
Bookmark is created with read-only access to bookmarked file.

Actual Results:
sandboxd denies "file-write-data" to bookmarked file and doesn't create bookmark (== nil)

Regression:

Notes:
If app's sandbox file access entitlement is changed to "com.apple.security.files.user-selected.read-write", then call to
create bookmark succeeds.

Comments

Duplicated as 12849962

By greg.spiers at Dec. 10, 2012, 10:38 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!