Mac App Sandboxing Interferes With Drag & Drop
Merely inspecting the UTIs in the pasteboard is fine – that doesn’t interfere with anything. So if all you care about is if any kind of file (or folder) is being dragged, you’re set. But if you want to only react to some types of files or folders, you need to know more.
If you ask for the URL – even without actually using it – you trigger some behind the scenes activity involving app sandboxing. This prevents the file being made accessible to your app if & when it actually is dropped into your app.
When things are working correctly, when a file is dragged and dropped onto a receptive view in your app a link to that file is created inside your own app’s container. It’s that link that you actually have access to – the original file cannot be accessed directly. That link seems to persist for a while – perhaps until your app is quit – so once you have it you’re set.
I don’t know why merely peeking at the file path (URL) prevents this link being created, but it does.
Previously:
- Sandboxing a Command Line Tool With Paths As Arguments
- Modern AppKit File Permissions
- Sandbox Limitation on Number of Files That Can Be Opened
- Security-Scoped Bookmarks and .webarchive Files
3 Comments RSS · Twitter · Mastodon
The first thing I do in any new macOS Xcode project I start is to disable app sandbox.
The App Sandbox is not perfect, but I usually avoid others people buggy apps if they are not sandboxed. An app having almost full access to every file on disk is an awful thing.
macOS and its third party apps worked just fine before there was app sandbox. Neither myself nor any other mac user I've ever known has ever had an issue with apps having disk access. (But I've sure had problems with apps that were *denied* having proper disk access.)
And it's not even full disk access. Just the files they have permission to read. And of course write access is even more limited.
And if you're using macOS Catalina or later, you have to individually grant each app permission to read from your Documents or Desktop folder anyway! But that wasn't really solving any sort of existing problem either.
Real question: have any of you ever had a problem with an app (that obviously wasn't malware) having general disk access?