Sandbox app: how to let the XPC service read the file that the user opened in the parent application?

Question

Sandbox app: how to let the XPC service read the file that the user opened in the parent application?

I have a simple Cocoa image viewer application. A user selects a file using NSOpenPanel , and the application creates a preview image using the Quick Look API.

I would like to move the preview creation to a separate XPC service. Without the sandbox application, everything works fine, but after turning on the application sandbox for the parent application and the XPC service, the XPC service is denied read access to the user-selected file.

The parent application is allowed to read the file (because it was selected using NSOpenPanel).

How do I transfer file permissions for a user-selected file from the parent application to the XPC process so that the XPC process can read the file to create a preview?

The XPC service requests access to read files through its rights, and I added the following key to the XPC service's Service Info.plist, but this did not help:

 JoinExistingSession = YES

+6

cocoa sandbox appstore-sandbox xpc

Mark Jul 6 '12 at 11:07

source share

1 answer

Ole begemann · Accepted Answer · 2012-07-06T11:12:45+0000

I'm not 100% sure, but I think that Apple recommends passing NSFileHandle to the XPC process in this case. Thus, the XPC process can access the contents of the file, but does not need to know the URL of the file.

Edit: This thread in the Apple developer forums is helpful. The recommendation is to create a normal (not protected area) bookmark for the file URL. You can then transfer this bookmark to the XPC process and access it.

Sandbox app: how to let the XPC service read the file that the user opened in the parent application?

More articles: