Java and Mac App Sandboxing
David DeHaven
david.dehaven at oracle.com
Mon Apr 16 09:55:19 PDT 2012
The sandbox daemon restricts file access at a low level and it works on top of normal file permissions. It is always equal or more restrictive, never less. If you don't have execute permission (either via file permissions or by sandboxd) you cannot browse to that directory in the file chooser. Each sandboxed app has it's own temp file space in it's sandbox, you have unrestricted access to it and IIRC the temp file commands will always use the correct location (the java.io.File methods use standard file calls internally). I just re-verified to make sure and even with full filesystem restrictions the temp file methods work as expected.
-DrD-
> Thanks for the reply, Scott. Just to follow up, if I use a file dialog to
> allow the user to open a file the os will know that the user has granted me
> access to open that file? And temporary files will also comply
> automatically? (ie File.createTempFile())?
>
> Steve
>
> On Sunday, April 15, 2012, Scott Kovatch wrote:
>
>> On Apr 15, 2012, at 10:45 AM, Steve Hannah wrote:
>>
>>> Hi all,
>>>
>>> I'm having trouble finding information on how the upcoming App sandboxing
>>> requirement will affect Java applications. Is there an API that we need
>> to
>>> start using for interacting with the file system in order to comply with
>>> sandboxing?
>>>
>>> Any pointers on this matter are very much appreciated.
More information about the macosx-port-dev
mailing list