Sandbox app failure to mount a volume

1
votes

Our app offers a encrypted filesystem. It mounts a user-space volume, which lets users read/write/create files to it. The data is actually stored to an encrypted vault inside application directory as backend storage for mounted volume.

App works fine until we sandboxed it, and mount fails. I find following in console.

04/02/2015 2:56:10.000 pm kernel[0]: Sandbox: deny file-write-create /Volumes/Personal Vault

Does anybody know how to allow sandbox app to mount a volume under /Volumes. I didn't find an entitlement to do so.

1
objective-cmacosapp-storesandboxentitlements

1 Answers

0
votes

You have to add the com.apple.security.files.user-selected.read-write entitlement and use a NSOpenPanel to let the user select the Volumes folder.

You can then save this selection using NSURLs bookmarkDataWithOptions:includingResourceValuesForKeys:relativeToURL:error: as a secure bookmark. Or ask the user everytime.

My problem is, that I can now create the mount point in /Volumes, but I still get a Sandbox message:

deny file-mount

But I can't find an entitlement which allows mounting… So it seems it's not possible for sandboxed apps to mount something.