"deny file-read-data" in NSOpenPanel when reading selected file
| Originator: | edwardaux72 | ||
| Number: | rdar://12704726 | Date Originated: | 15/11/2012 |
| Status: | Open | Resolved: | |
| Product: | Mac OS X SDK | Product Version: | |
| Classification: | Reproducible: | Yes |
Summary: When a user clicks on a file in NSOpenPanel, a callback is made to the delegate's panelSelectionDidChange: method. If the delegate wants to react to the currently selected file by opening the file and reading the contents, it is unable to do so when operating within the sandbox because, at this stage, the file hasn't been flagged as "user-selected". Any attempt to open the URL that is passed to panelSelectionDidChange: results in a "deny file-read-data" error being logged in the system log, and a nil file handle being returned. A very common example of this would be for the application to update the status of the NSOpenPanel's accessory panel based on the contents of the currently selected file. Steps to Reproduce: * Create a Mac OS X application with an NSOpenPanel - make sure it has a valid NSOpenPanel delegate that implements panelSelectionDidChange: - add some code that tries to open the passed NSURL eg. [NSFileHandle fileHandleForReadingAtPath:] - log result of trying to open the file * Run the application and open the NSOpenPanel * Single click on a file in the NSOpenPanel * Observe that application reacts to panelSelectionDidChange: event * Observe that application attempts to read contents of file * Observe that application receives a nil NSFileHandle and an entry is logged into the system log saying "deny file-read-data /Users/xxxxx/yourfile.txt" Expected Results: A valid file handle is returned and the application can read the contents of the file (after all, it has been explicitly selected by the user) Actual Results: A nil file handle is returned. Regression: N/A Notes: Unsure whether a new entitlement would need to be added, or if it should be attached to the com.apple.security.files.user-selected.read-write entitlement.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Working as designed
Heard back from Apple today. Apparently, this won't be fixed.
This behaves correctly. We even documented this behavior in 10.8.
You could make an argument that if the delegate method was called, the user has selected a file, which constitutes a user action eligible for sandbox extension, but that would open up a pretty big hole for malicious apps.