For example if I have an XML file (exported from another app, so I have no control over the contents) that references images in different folders to the XML file, I am not able to read the images until the user has browsed to them using my app.
I can get around it by making them browse to a higher level folder (even browsing to "/"), but it seems a bit crap to be telling the user "I can't access /path/to/file, can you please browse to it now, so I can open it?"
Are there any better solutions to this? Isn't there some way to show a prompt like "AppX is trying to read from /Users/UserX/FolderX, will you grant permission?"
See my question and answer here: App Sandbox: document-scoped bookmark not resolving; not returning any error
I'm embedding collection-scoped bookmarks into my XML files.
Update
Given the specification that you have no control over the input XML format, the only way to get access for your app to a file specified in the XML is by having the user select that file or one of the file's parent directories in an NSOpenPanel
. If the XML contains multiple file references, you can have the user grant access to a directory that contains all of them.
There is no way around asking permission, since that would defeat the purpose of sandboxing. If your app could get around the user's direct permission, so could malware. Once given access, though, you can create a security-scoped bookmark to each file so you don't need to ask the user for permission multiple times.
Update 2
Answering the question in your comment, you can make the dialog easier for the user with the following:
[openPanel setMessage:@"Click 'OK' to allow access to files contained in the selected directory"];
[openPanel setDirectoryURL:[NSURL fileURLWithPath:pathFromTheXMLFile]];
Here's the documentation on NSSavePanel
(NSOpenPanel
inherits from it, and the properties above are defined there).
This is a hack (somewhat like the one you mentioned) - if you can detect that the file has embedded file paths - after you have opened the file - can you prompt the user to "Import Files", and select the parent directory and copy the parent directory to the sandbox to read the files?
I know that sucks but having watched the apple vids on sandboxing without embedded bookmarks into the files Im not sure what else you could really do.