Launching executable with NSTask - Sandboxing problems?
来源:互联网 发布:arm linux gcc 安装 编辑:程序博客网 时间:2024/05/01 08:59
1down votefavoriteI have an Mac OSX application that launches a executable located in /Contents/Resources. The application is not intended to be released on App Store and so I don't have sandbox turned on.
The launch code:
toolPath = [[[NSBundle mainBundle] pathForResource:@"myexecutable" ofType:@""] copy];task = [[NSTask alloc] init];[task setLaunchPath: toolPath];pipe = [[NSPipe alloc] init];[task setArguments:[NSArray arrayWithObjects:@"-someArg", someVariable, nil]];file = [[NSFileHandle alloc] initWithFileDescriptor:[pipe fileHandleForReading].fileDescriptor];[task setStandardOutput: stderrPipe];[task launch];
The thing is - this all works fine when running in Xcode. It also works fine when exporting the application to desktop and running it.
However, if I zip the application, upload it to a webserver, and then download it on the same computer (or dropbox it to another Mac), the task no longer launches! I get no error in the system console or anything.
I researched some on this problem and found that OSX will mark a new applicaton as "quarantined" special permission right. So I investigated the difference between the downloaded app and the exported app:
Permissions on the executable after exporting my application from Xcode:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableName
At this point the app works fine and the executable is launched from a button inside the app.
And after zipping the application, uploaded to server, downloaded, unzipped, and opening the application and accepting the "This application was downloaded from internet" dialogue:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableName com.apple.quarantine 26
At this point nothing happens when I push the button in my app.
If I then run xattr -rd com.apple.quarantine on the whole app, the quarantine notice is removed:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableName
but the executable is still not being launched!
At this point I now have the following permissions on my desktop app:
/Contents/MacOS:
-rwxr-xr-x 1 Username staff 407728 21 Jul 16:31 appName
/Contents/Resources:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableName
And on the downloaded app which I used xattr -rd on:
/Contents/MacOS:
-rwxr-xr-x 1 Username staff 407728 21 Jul 16:31 appName
/Contents/Resources:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableName
The first app works fine and the second one never launches the executable. What the heck is going on? It's the same app, on the same computer, with the same permissions, but the downloaded one just doesnt work.
This problem appears across all OSX versions on different computers.
objective-c cocoaasked Jul 21 at 15:11
1 Answer
activeoldestvotesup vote0down voteI finally found out what caused this issue, it happened when trying to launch an executable with NSTask that writes files. Strangely, this works fine in some instances as mentioned in the original post. But to get it working on other computers I ended up using STPrivilegedTask which solved the problem.
I have an Mac OSX application that launches a executable located in /Contents/Resources. The application is not intended to be released on App Store and so I don't have sandbox turned on.
The launch code:
toolPath = [[[NSBundle mainBundle] pathForResource:@"myexecutable" ofType:@""] copy];task = [[NSTask alloc] init];[task setLaunchPath: toolPath];pipe = [[NSPipe alloc] init];[task setArguments:[NSArray arrayWithObjects:@"-someArg", someVariable, nil]];file = [[NSFileHandle alloc] initWithFileDescriptor:[pipe fileHandleForReading].fileDescriptor];[task setStandardOutput: stderrPipe];[task launch];The thing is - this all works fine when running in Xcode. It also works fine when exporting the application to desktop and running it.
However, if I zip the application, upload it to a webserver, and then download it on the same computer (or dropbox it to another Mac), the task no longer launches! I get no error in the system console or anything.
I researched some on this problem and found that OSX will mark a new applicaton as "quarantined" special permission right. So I investigated the difference between the downloaded app and the exported app:
Permissions on the executable after exporting my application from Xcode:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableNameAt this point the app works fine and the executable is launched from a button inside the app.
And after zipping the application, uploaded to server, downloaded, unzipped, and opening the application and accepting the "This application was downloaded from internet" dialogue:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableName com.apple.quarantine 26 At this point nothing happens when I push the button in my app.
If I then run xattr -rd com.apple.quarantine on the whole app, the quarantine notice is removed:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableNamebut the executable is still not being launched!
At this point I now have the following permissions on my desktop app:
/Contents/MacOS:
-rwxr-xr-x 1 Username staff 407728 21 Jul 16:31 appName/Contents/Resources:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableNameAnd on the downloaded app which I used xattr -rd on:
/Contents/MacOS:
-rwxr-xr-x 1 Username staff 407728 21 Jul 16:31 appName/Contents/Resources:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableNameThe first app works fine and the second one never launches the executable. What the heck is going on? It's the same app, on the same computer, with the same permissions, but the downloaded one just doesnt work.
This problem appears across all OSX versions on different computers.
1 Answer
I finally found out what caused this issue, it happened when trying to launch an executable with NSTask that writes files. Strangely, this works fine in some instances as mentioned in the original post. But to get it working on other computers I ended up using STPrivilegedTask which solved the problem.
I have an Mac OSX application that launches a executable located in /Contents/Resources. The application is not intended to be released on App Store and so I don't have sandbox turned on.
The launch code:
toolPath = [[[NSBundle mainBundle] pathForResource:@"myexecutable" ofType:@""] copy];task = [[NSTask alloc] init];[task setLaunchPath: toolPath];pipe = [[NSPipe alloc] init];[task setArguments:[NSArray arrayWithObjects:@"-someArg", someVariable, nil]];file = [[NSFileHandle alloc] initWithFileDescriptor:[pipe fileHandleForReading].fileDescriptor];[task setStandardOutput: stderrPipe];[task launch];The thing is - this all works fine when running in Xcode. It also works fine when exporting the application to desktop and running it.
However, if I zip the application, upload it to a webserver, and then download it on the same computer (or dropbox it to another Mac), the task no longer launches! I get no error in the system console or anything.
I researched some on this problem and found that OSX will mark a new applicaton as "quarantined" special permission right. So I investigated the difference between the downloaded app and the exported app:
Permissions on the executable after exporting my application from Xcode:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableNameAt this point the app works fine and the executable is launched from a button inside the app.
And after zipping the application, uploaded to server, downloaded, unzipped, and opening the application and accepting the "This application was downloaded from internet" dialogue:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableName com.apple.quarantine 26 At this point nothing happens when I push the button in my app.
If I then run xattr -rd com.apple.quarantine on the whole app, the quarantine notice is removed:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableNamebut the executable is still not being launched!
At this point I now have the following permissions on my desktop app:
/Contents/MacOS:
-rwxr-xr-x 1 Username staff 407728 21 Jul 16:31 appName/Contents/Resources:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableNameAnd on the downloaded app which I used xattr -rd on:
/Contents/MacOS:
-rwxr-xr-x 1 Username staff 407728 21 Jul 16:31 appName/Contents/Resources:
-rwxr-xr-x 1 Username staff 65724 21 Jul 16:31 executableNameThe first app works fine and the second one never launches the executable. What the heck is going on? It's the same app, on the same computer, with the same permissions, but the downloaded one just doesnt work.
This problem appears across all OSX versions on different computers.
1 Answer
I finally found out what caused this issue, it happened when trying to launch an executable with NSTask that writes files. Strangely, this works fine in some instances as mentioned in the original post. But to get it working on other computers I ended up using STPrivilegedTask which solved the problem.
- Launching executable with NSTask - Sandboxing problems?
- err = Problems with launching via XPC. XPC error : Connection interrupted (0x00000005)
- NSTask
- Newline problems with Subversion
- Solving problems with proc
- Two problems with QSystemTrayIcon
- problems with wifi of SmartQ7
- AP Confusion: Problems with ‘partitiontolerance
- Problems with the lock file
- Problems with EXC_BAD_ACCESS in CCBReader
- Problems with JSPDF and AutoTable
- phpStorm problems with php-cgi
- The executable was signed with invalid entitlements
- Android Native Executable Intro - 02 (with app_glue)
- The executable was signed with invalid entitlements
- The executable was signed with invalid entitlements
- Spring Boot With JSPs in Executable Jars
- the executable was signed with invalid entitlements
- 博弈总结
- 机械键盘到手
- Eclipse安装ADT Plugin时发生错误,提示连接不到 https://dl-ssl.google.com/android/eclipse/...的解决办法
- vsftpd 安装
- 通向架构师的道路(第二十七天)IBM网格计算与企业批处理任务架构
- Launching executable with NSTask - Sandboxing problems?
- jQuery对象与dom对象相互转换
- 输出{1,2,2,3,4,5}排列组合,4不能在第三位,3和5不能相邻
- 从今天起
- 用户安全角色权限不够的解决方法
- Java通过年月,计算月份天数。
- struts2 18拦截器详解(一) --- 准备知识
- Entity Framework 5.0系列之Code First数据库迁移
- MySQL中REPLACE INTO语句的用法
