What does startAccessingSecurityScopedResource() actually do?

12
votes

I'm making a sandboxed Mac app, and I used NSOpenPanel to get a file URL, and saved it to UserDefaults as a security-scoped bookmark. When I quit and restart the app, I can resolve that blob of Data into a URL again.

The documentation says I should call startAccessingSecurityScopedResource(), and check its return value. (That does return true when I call it.) But if I don't call that, I've still got a resolved URL, and I still appear to have permissions to access it.

What does startAccessingSecurityScopedResource() actually do? Is there anything bad that can happen, if I don't call it?

1
macosnsurlfoundationsecurity-scoped-bookmarks
Update: I've had an app in the Mac App Store for several months, through at least half a dozen different versions. This app never calls startAccessingSecurityScopedResource(), yet neither the Apple reviewers nor any of my users have reported a single issue with accessing files or folders.Ssswift

1 Answers

5
votes

As long as your app only accesses files in standard locations (Downloads, Music Movies, Pictures) and you included the required entitlements for programmatic file and folder access in your app, you don't need to store security scoped bookmarks for those locations.

But for other locations that should remain accessible after the app has been restarted, you should store security scoped bookmarks and call startAccessingSecurityScopedResource() before access. If you skip that step, you'll get an exception as soon as you try to access that file.

startAccessingSecurityScopedResource() makes the security scoped bookmark's resource available to your app's sandbox thus granting you access to that resource.