How to sandbox quick look plugin on mavericks?
Currently obtaining following error message:
2014-04-14 16:26:50.507 qlmanage[5601:303] *** CFMessagePort: bootstrap_register(): failed 1100 (0x44c) 'Permission denied', port = 0x8b13, name = 'com.apple.tsm.portname'
See /usr/include/servers/bootstrap_defs.h for the error codes.
2014-04-14 16:26:50.512 qlmanage[5601:303] *** CFMessagePort: bootstrap_register(): failed 1100 (0x44c) 'Permission denied', port = 0x3f0f, name = 'com.apple.CFPasteboardClient'
See /usr/include/servers/bootstrap_defs.h for the error codes.
2014-04-14 16:26:50.512 qlmanage[5601:303] Failed to allocate communication port for com.apple.CFPasteboardClient; this is likely due to sandbox restrictions
Following entitlement is defined at Xcode's "Code Signing Entitlements" build setting, still observed above error message:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
<array>
<string>com.apple.CFPasteboardClient</string>
<string>com.apple.tsm.portname</string>
</array>
</dict>
</plist>
While this doesn't solve the original issue let me add some updates on the current status of standalone QuickLook plugins development in 2019 that could have saved me a lot of time when I reached this answer.
- The
com.apple.tsm.portname error is still there but it doesn't seem to cause issues once the plugin is installed in one of the Library/Quicklook locations. The plugin will work anyway.
- If you are developing a standalone plugin (not inside an app) you wouldn't even have entitlements, so don't try to mess with those to solve this issue.
- Debugging with
qlmanage -p <file> seems to be completely broken at least in Mojave if you use the kUTTypeHTML data representation (kUTTypeRTF works), nothing is displayed but when you copy the plugin under Library it will work normally...
- Still impossible to use Swift to implement the generators (the last officially provided motivation points to lack of ABI stability (lol))
Quicklook plugins don't support entitlement.
You can try to modify manually the sandbox profile and try to change the rule.
Sandbox profile for quicklook are in /usr/share/sandbox where you can check the quicklook-satellite.sb and quicklookd.sb profile.
I hope this info can help you.
I had some problem on my outlook 2011 quicklook plugins and I resolved modifing the uicklook-satellite.sb
You can help take a look to this document: FGOUTLOOK2011Manual.pdf.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 贼婆χ 的文章《sandbox custom qlgenerator (Quick look) plugin》','https://www.manongdao.com/article-343182.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}