NSSavePanel and the Sandbox

2019-04-07 00:22发布

问题:

I have some problems understanding the new Lion's Sandbox.

I know that Lion includes a trusted daemon process called Powerbox whose job is to present and control open/save dialog boxes on behalf of sandboxed applications.

Like the Code Signing And Application Sandboxing Guide says:

Any time an application running inside a sandbox invokes an NSOpenPanel or NSSavePanel dialog, rather than showing the panels directly, AppKit automatically asks the Powerbox to present the dialog. From a developer perspective, there are no code changes required in terms of how these panels are used; this process is fully transparent.

After the user selects a set of files or directories, the Powerbox uses new functionality in the sandbox kernel module to expand the invoking application's sandbox to allow access to the selected files. By the time the application code queries the panel for the returned URLs or filenames, it already has permission to access those files, and can continue to use the files through almost any API it already uses.

Ok. I did some practical tests using this code:

NSSavePanel *savePanel = [NSSavePanel savePanel];
savePanel.delegate = self;

savePanel.directoryURL = ...;
savePanel.nameFieldStringValue = ...;

[savePanel beginSheetModalForWindow:self.window
                  completionHandler:^(NSInteger returnCode) {
/* the completion handler */
}];

The strange thing is that the NSOpenSavePanelDelegate method's, that are called BEFORE the completion handler, do not have access to files on the filesystem.

Is this correct?

But if so, the delegate's methods like panel:validateURL:error: becomes useless!

Can you help me explaining in more detail the connections between the app and Powerbox?

回答1:

After contacting Apple, I can confirm what Rob Keniger wrote: NSOpenSavePanelDelegate method's don't have access to the filesystem in sandboxed applications.