Open Radar

 
10-Oct-2011 11:03 AM Sasmito Adibowo:
Summary:

When a sandboxed application has a helper program that is started via SMLoginItemSetEnabled() then the helper bundle must also be sandboxed. The problem is that the helper application is then run under it's own sandbox and thus cannot access data or run helper binaries that are owned by the main application bundle. 

Steps to Reproduce:

1. Create a sandboxed application
2. Create a helper application bundle and store it inside the "Contents/Library/LoginItems" directory within the main application bundle, as described in <http://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLoginItems.html>.
3. Code the main application to write a data file in its "Application Support" folder.
4. Access the data file created by Step 3 from the helper application bundle.
 

Expected Results:

The helper application bundle should be able to access data files in the main application's container sandbox. In addition, it should be able to run helper executables owned by the main application and in the context of the main application's sandbox without having to be a child process of the main application.

Actual Results:

The helper application bundle is run within its own sandbox with no relation to the owner application. Essentially, the helper application becomes an independent application, unrelated to the main application.

Regression:

N/A

Notes:

We had to drop some features because of this and the mandatory sandboxing deadline of 1-Nov-2011

N/A