App sandboxing in BM, any news?

Archives Forums/MacOS X Discussion/App sandboxing in BM, any news?

OscarBraindeaD(Posted 2012) [#1]
Hi all,
Is there any news about mac store app sandboxing and how done it in BlitzMax?

Best regards.


ima747(Posted 2012) [#2]
check

http://www.blitzbasic.com/Community/posts.php?topic=96219

I still haven't gotten to it myself, but time is getting short... if anyone has any helpful tips or best yet a basic step by step for bundling with sandboxing it would be much appreciated :0)


OscarBraindeaD(Posted 2012) [#3]
Hi Ima747,
thanks for the link. The RB package maker can be a fast solution... but I'll wait to see if anybody tells how to make an entitlements file by hand to include in the app.

Regards


JazzieB(Posted 2012) [#4]
I've just come across this whole Sandboxing thing and didn't even know what it was! Anyway, I've done some reading up and alarm bells are a-ringing!

I currently store my game levels (which include high scores), player profiles and the config files in the /Library/Application Support folder, which was fine pre-Lion. I've just installed Lion and tested my game and I'm no longer allowed to write any files there (I've mentioned this problem on another thread).

So now I've come across Sandboxing and it looks like that if I were to sort out the above issue I should no longer be writing there anyway. I know that when an app is Sandboxed that a Container folder is created per user, which is all well and good, but the main question is where am I now supposed to be saving shared files? I've read some of the docs, but can't find any mention of it.


SLotman(Posted 2012) [#5]
As I understood, at the same place as before. It will just be sandboxed.

Anyway, I didn't hardcode "~/Library/Application Support", I used an API to get the correct place...

FSFindFolder( kUserDomain, kApplicationSupportFolderType, False, ref)


I haven't update my 'old' games with sandbox - nor do I intend to if I'm not forced (people with save games suddenly will lost them, if I understand it correctly, unless I make a very complicated process to import the old save games into the sandbox app) - but my 'poker' game - which *is* sandboxed - is going strong, and everything seems to be fine.

Last edited 2012


OscarBraindeaD(Posted 2012) [#6]
Hi all,
I use the same API that you, SLotman. I figure that you're using this method to your poker sandboxed game? So... no entitlements file is needed? Just use the user's folder to write? Maybe only apps that write out of this folder needs the entitlements file? Hmmm... too simple to Apple... :)

Last edited 2012


JazzieB(Posted 2012) [#7]
I use the same API call too (via bah.volumes.mod), which returns /Library/Application Support for non-Sandboxed apps. Problem is, that location is now read-only by default under Lion. I can manually create the folders and set the permissions and my game will work.

I'm guessing that a Sandboxed app will return a folder within the Container folder instead, which is per user. If there is no need to share data between different user accounts, then there is no issue - which is why I presume SLotman has not heard of any issues, or no-one uses multiple accounts, or simply no-one has noticed.

As far as the Entitlement File goes, there doesn't appear to be a key for using an external folder, only folders such as Documents or Pictures, for example. So, unless I've missed it somewhere, there doesn't appear to be a solution here either.


ima747(Posted 2012) [#8]
grain of salt warning: I have not implemented sandboxing yet, this is based on my research...

If you using a *sandbox compatible* API call (I have no idea if FSFindFolder qualifies...) in a sandboxed app it will return an appropriate sandboxed location (which generally will be inside the app's contents folder itself to my understanding... though it depends on what you're asking for and possibly your entitlements).

Just compiling an app doesn't put it in the sandbox. It has to be signed *with and entitlements file*. You can sign apps from the command line (see my guide in the tutorials section regarding submitting bmax apps to the app store). When signing an app from the command line you can optionally include an entitlements file which is factored into the signing and then included in the app. I have yet to personally do this so I could be wrong but I do recall something regarding entitlements in the command line arg list when I was getting all the signing stuff set the first time...


SLotman(Posted 2012) [#9]
Just to ressurect this topic...

I'm now having problems on Lion: game runs fine when running from Blitzmax, but if I codesign with an entitlements file, the game just refuses to run, crashing with "bus error 10" (which I have no idea what it means)

If I codesign the game back again, without the entitlements file, the game runs fine...!