Strategies for debugging Sandbox Violations in Java
Marco Dinacci
marco.dinacci at gmail.com
Sat Aug 11 00:30:31 PDT 2012
Hi,
> I'm in the process of sandbox-ifying a mac app with a bundled JRE. I'm
> currently trying to weed out all of the sandbox violations and I'm having
> some difficulty. I see the sandbox violations in console and I can see the
> kernel backtrace, but I'm having trouble walking this back to the parts of
> my Java application that are triggering this code.
most sandbox violations are triggered by attempts to read/write to the
filesystem without user intervention (eg. without using an open/save
dialog) and/or from places outside the container (eg.
~/Library/Containers/yourapp/...).
A violation is also triggered by trying to execute an external process
from Java (ex. using Runtime.exec()).
If you look at the list of entitlements your application can have on
the Apple site(*) you can think whether your application is performing
an operation that would require enabling a specific entitlement, like
connecting to a network, printing, interacting with a usb or bluetooth
device, etc..
> What strategies do you
> guys use for debugging sandbox violations in Java. Is it possible to get
> the Java stack trace for where a violation occurs?
The Kernighan strategy, careful thinking and judicious print statements :)
I think about where my application is in possible violation and I add
log statements which are redirected to a file in the application
container directory.
When this is not enough (ex. the problem may be in the jvm), or I want
to see the values received by the native code, just gdb.
I'd be also interested to hear other people's techniques.
Best,
Marco
* http://developer.apple.com/library/mac/#documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/EnablingAppSandbox.html#//apple_ref/doc/uid/TP40011195-CH4-SW1
More information about the macosx-port-dev
mailing list