I need to access directories outside of iOS App container.
The minimal code I tried is as below.
let files = try! FileManager.default.contentsOfDirectory(atPath: "/Library/")
I also added the following to the entitlements file (.entitlements)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.temporary-exception.files.absolute-path.read-write
com.apple.security.temporary-exception.files.absolute-path.read-write
</key>
<string>/</string>
</dict>
</plist>
I thought above would give adequate permission for my App to browse files outside of App container, but I'm still getting the following error.
[file:///Library/]
DictionaryLoader/ContentView.swift:54: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=NSCocoaErrorDomain Code=257 "The file “Library” couldn’t be opened because you don’t have permission to view it." UserInfo={NSUserStringVariant=(
Folder
), NSFilePath=/Library/, NSUnderlyingError=0x282c275d0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}
2023-02-15 12:03:48.780396-0800 DictionaryLoader[1132:24964] DictionaryLoader/ContentView.swift:54: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=NSCocoaErrorDomain Code=257 "The file “Library” couldn’t be opened because you don’t have permission to view it." UserInfo={NSUserStringVariant=(
Folder
), NSFilePath=/Library/, NSUnderlyingError=0x282c275d0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}
If it makes any difference, this is tested on a real device (iPhone 12 with iOS 16.2)
You cannot reach outside your sandbox container to reach other files on the local device due to restrictions placed on your app by Apple known as the App Sandbox.
Only these highly trusted components have such privileges. These are found in this online database
Giving yourself entitlements in your entitlements file does not actually provide you that entitlement.
The way privileges work is that on App Store Connect you add extra privileges to your App ID, and then generate a provisioning profile that references the App ID and entitlements together with a certificate. Xcode can automate this for you.
But you cannot give yourself those privileges that you are seeking in App Store Connect. Also Xcode won't add those to your App ID and code sign them for you.
Sometimes Apple do give you special privileges but you need to go through Apple Developer Technical Support to get those. For example, if you represent a health authority, you can get the exposure notification entitlement. But what you are asking for will never be provided by Apple DTS.
The only way around it are certain special cases normally not available to you as an ordinary developer:
You are an actual Apple engineer writing a first party app.
You've jailbroken the iPhone and thus can use ldid to assign privileges.
You've a special iPhone with security disabled (such as an Apple Security Research Device)
It might be possible to undertake the kind of exploration you describe by using a virtualised iPhone. There is a commercial product offered by Corellium.
com.apple.security.temporary-exception.files.* are macOS-only keys related to App Sandbox. As noted in the docs:
Note: This chapter describes property list keys specific to the macOS implementation of App Sandbox. They are not available in iOS.
What you're trying to do is not permitted on iOS. You will need to redesign so that you don't need this capability, or you'll need to jailbreak the device.
in simple Language - you cannot access file outside your app directory
but if you want to access file , e.g while i am creating chat app when i am sending photo from directory firstly i have to copy that photo to my App directory onward that it is easily accessible to you.
iOS Standard Directories: Where Files Reside
For security purposes, an iOS app’s interactions with the file system are limited to the directories inside the app’s sandbox directory. During installation of a new app, the installer creates a number of container directories for the app inside the sandbox directory. Each container directory has a specific role. The bundle container directory holds the app’s bundle, whereas the data container directory holds data for both the app and the user. The data container directory is further divided into a number of subdirectories that the app can use to sort and organize its data. The app may also request access to additional container directories—for example, the iCloud container—at runtime.
Related
I'm trying to distribute a new version of my app to app store connect with an app clip. The info.plist for my app and for my app clip have the same required device capabilities:
<array>
<string>location-services</string>
<string>gps</string>
<string>armv7</string>
<string>arkit</string>
</array>
I am getting the following error when trying to distribute the app:
Invalid required device capabilities.
The UIRequiredDeviceCapabilities values [arkit, location-services, gps] in the Info.plist of app clip 'GrifGraf.app/AppClips/grifgrafAppClip.app' must match the UIRequiredDeviceCapabilities values [arkit, location-services, gps] in the Info.plist of the app.
Match the device capabilities between your app and app clip.
With error code STATE_ERROR.VALIDATION_ERROR.90845 for id
I've double checked that the capabilities match between the two plists, but I still get the error.
I found the answer
I deleted the UIRequiredDeviceCapabilities array from the info.plist in both my app and app clip, and built the app to my phone. Xcode's debugger errored saying that the app clip's required device capabilities needed to match the main app's capabilities, and included multiple capabilities in the error message, including location-services.
This means it's not looking at my info.plist files...
I grepped for location services in the project root, and found that project.pbxproj was the only spot that contained the UIRequiredDeviceCapabilities array containing location-services so it got it from there. project.pbxproj is actually hidden inside of your .xcodeproj package, you have to show package contents to access it.
I deleted the UIRequiredDeviceCapabilities array from that file, and then re-added the device capabilities to both my app and the app clip's info property lists and it resolved the issue. My guess is, it's looking inside that file to determine what the required device capabilities are, and it was out of sync with my info.plist files.
I am trying to add iCloud drive capabilities to my existing iPhone app, basically just to be able to store files in iCloud drive, such that the user has access to them on all his devices.
I have followed the steps to enable iCloud drive capabilities:
Enable iCloud Documents capability in the "Signing and Capabilities" in XCode for the project target, and the iCloud container
Added the NSUbiquitousContainers key to the Info.plist.
The app ensures the Documents folder in the ubiquity container exists
The app writes a test file into the Documents folder at start-up.
Stepped the build version to a higher number
So far, it is working locally on the iPhone: the app folder is visible in the Files app on the same phone, and the test file is visible there as well.
But the app folder is not visible on iCloud.com, and not in Finder on my MacBook. I can see the Downloads folder with the same content in iCloud Drive on both platforms, so I am sure that I am logged in with the same AppleID as on the iPhone.
What else do I need to do to make the app folder visible in iCloud? If it is an issue because the app update has not been released yet, how can I test the functionality before releasing it?
I have looked at other questions that have encountered the same problems, such as this and this, but I think I have done all the steps recommended in those answers (the practical ones, requesting a new AppID is obviously not possible for an existing app).
The Apple documentation is extremely bloated, so it is hard to distill what the basic steps are that you need to follow.
Info.plist settings (obviously with MyApp replaced with my app's name):
<key>NSUbiquitousContainers</key>
<dict>
<key>iCloud.com.MyApp.MyApp</key>
<dict>
<key>NSUbiquitousContainerIsDocumentScopePublic</key>
<true/>
<key>NSUbiquitousContainerName</key>
<string>MyApp</string>
<key>NSUbiquitousContainerSupportedFolderLevels</key>
<string>Any</string>
</dict>
</dict>
It seems to be that the answer is: just wait. I did not change anything in the code, and did not even run it again. A day later the files and folders showed up both on icloud.com and on my MacBook.
Strange that it takes so long, though.
I'm trying to upload my iOS App to App Store but I have some issues to upload my .ipa file to iTunes Connect.
I'm trying to upload my .ipa file wheter through Application Loader or XCode and the uploading seems to be ok.
For a while if I look at Activity I see the build written "Processing" but immediately after iTunes Connect doesn't show the build and, when I check the delivery status of my App in Application Loader -> Window -> Delivery Status, I read that there was an
"Import Error"
with no description of the error that occurred.
Which could be the problem?
I've solved the problem thanks to the response Email from the App Store Team:
Missing Info.plist key - This app attempts to access privacy-sensitive data without a usage description. The app's Info.plist must contain an NSCalendarsUsageDescription key with a string value explaining to the user how the app uses this data.
Missing Info.plist key - This app attempts to access privacy-sensitive
data without a usage description. The app's Info.plist must contain an
NSPhotoLibraryUsageDescription key with a string value explaining to
the user how the app uses this data.
I do not know why I need these keys but I hope it will be useful to those who will have the same problem.
I have an issue with iTunes Connect. When I transferred my application with watch support to another apple account after I've received an error from iTunes Connect when I tried to upload an ipa file (that was signed by new account after transferring) to.
I was transferring the applications very often and have no any problems before. Problems are for watch kit application and watch kit extension only, a main application is ok.
Have same problems for another 3 my applications with watch support which were transferred to new account. A transferring the applications without watch support is working as expected without any issue.
ps.
All mobileprovision files for transferred applications were either transferred too or recreated into a new account (old account doesn’t have any transferred bundle ids and mobile provision files with after).
Any ideas?
Thank you.
Sorry, english is not my native language.
Description of an error from Apple
Dear developer,
We have discovered one or more issues with your recent delivery for "My application name". To process your delivery, the following issues must be corrected:
CFBundleIdentifier Collision - The Info.plist CFBundleIdentifier value 'com.my.company.watchkitextension' of 'My application name.app/PlugIns/My application name WatchKit Extension.appex' is already in use by another application.
CFBundleIdentifier Collision - The Info.plist CFBundleIdentifier value 'com.my.company.watchkitapp' of 'My application name.app/PlugIns/My application name WatchKit Extension.appex/My application name WatchKit App.app' is already in use by another application.
Once these issues have been corrected, you can then redeliver the corrected binary.
Updated
The problem has been solved. I've just transferred the applications to the third my company's Apple account without any problems
My company recently joined iOS enterprise program to distribute in-house app to our employees. We choose over-the-air installation for our app and put the .plist and .ipa file inside our web server which are protected by our Id/password mechanism. It's means that you must log into our web site first then you can install the app. The whole process works fine when we put these files in open area(not protected by ID\password). However, once we put files behind protected it's showed "can not connect to example.com " and Xcode’s device console view shows
“Jul 21 11:17:39 unknown itunesstored[385] : Could not load
download manifest with underlying error: Error Domain=SSErrorDomain
Code=2 "can not connect to iTunes Store" UserInfo=0x1c551fb0
{NSLocalizedDescription= can not connect to iTunes Store}”.
I guess it’s because the session it’s not the same when we open the itms-services://… link which iOS called the process to install the app.
The iOS installer is a sandboxed process that will only make an itms-services request. There is absolutely no way of forcing the installer to authenticate to your backend server. You will need to make your plist an unprotected resource or roll your own authentication mechanism based on values in the url. Also, you can't use self-signed certificates to SSL protect your plist.