Helper bundles cannot access data owned by the application's main bundle

Number:rdar://10257540 Date Originated:10-Oct-2011
Status:Duplicate of 9887517 Resolved:
Product:Mac OS X Product Version:10.7.1
Classification:Serious Bug Reproducible:Always
10-Oct-2011 11:03 AM Sasmito Adibowo:

When a sandboxed application has a helper program that is started via SMLoginItemSetEnabled() then the helper bundle must also be sandboxed. The problem is that the helper application is then run under it's own sandbox and thus cannot access data or run helper binaries that are owned by the main application bundle. 

Steps to Reproduce:

1. Create a sandboxed application
2. Create a helper application bundle and store it inside the "Contents/Library/LoginItems" directory within the main application bundle, as described in <>.
3. Code the main application to write a data file in its "Application Support" folder.
4. Access the data file created by Step 3 from the helper application bundle.

Expected Results:

The helper application bundle should be able to access data files in the main application's container sandbox. In addition, it should be able to run helper executables owned by the main application and in the context of the main application's sandbox without having to be a child process of the main application.

Actual Results:

The helper application bundle is run within its own sandbox with no relation to the owner application. Essentially, the helper application becomes an independent application, unrelated to the main application.




We had to drop some features because of this and the mandatory sandboxing deadline of 1-Nov-2011



Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!