用NSTask启动的沙盒子进程无声地失败

时间:2015-01-12 14:42:40

标签: macos cocoa swift sandbox nstask

我正在构建一个包含命令行可执行文件的OS X应用程序。应用程序调用可执行文件,传递用户选择的文件名,并使用管道获取输出。执行此操作的代码如下所示:

let bundle = NSBundle(forClass: self.dynamicType)
let binaryPath = bundle.URLForResource("myBundledBinary", withExtension: nil)
let task = NSUserUnixTask(URL: binaryPath!, error: nil)
let stdout = NSPipe()
let stderr = NSPipe()
task.standardOutput = stdout.fileHandleForWriting
task.standardError = stderr.fileHandleForWriting

task.executeWithArguments([filename], completionHandler: { (error) -> Void in
    let output = stdout.fileHandleForReading.readDataToEndOfFile()
    let error = stderr.fileHandleForReading.readDataToEndOfFile()
    let outputString = NSString(data: output, encoding: NSUTF8StringEncoding) ?? ""
    let errorReport = NSString(data: error, encoding: NSUTF8StringEncoding) ?? ""
    handler([outputString, errorReport], nil)
})

这很好,直到我尝试沙盒应用程序。当此代码在沙盒应用程序中运行时,任务似乎已完成,但stdout或stderr上没有任何输出(outputStringerrorReport都是空字符串)。不会生成错误(error始终为nil),并且不会发生控制台输出。

我的应用有这些权利:

<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>

这为app提供了这个签名:

Executable=/path/to/AppName.app/Contents/MacOS/AppName
Identifier=com.thoughtbot.AppName
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=1509 flags=0x0(none) hashes=66+5 location=embedded
Hash type=sha1 size=20
CDHash=fe53fcb996ac55360ecf9cb86be414432e254f24
Signature size=8512
Authority=Developer ID Application: ZZZZ, Inc
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=2015-01-12 14:19:51
Info.plist entries=24
TeamIdentifier=0123456789
Sealed Resources version=2 rules=12 files=30
Internal requirements count=2 size=732
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.files.user-selected.read-only</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
</dict>
</plist>

捆绑二进制文件具有以下权利:

<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>

我正在手动使用codesign来签署带有这些权利的捆绑二进制文件,从而产生了这个签名:

Executable=/path/to/myBundledBinary
Identifier=com.foo.AppName.myBundledBinary
Format=Mach-O thin (x86_64)
CodeDirectory v=20200 size=6335 flags=0x0(none) hashes=307+5 location=embedded
Hash type=sha1 size=20
CDHash=4d9c009084ff8a821fcb1c55f83a4661ed2bc32b
Signature size=8512
Authority=Developer ID Application: ZZZZ, Inc
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=2015-01-12 14:19:44
Info.plist=not bound
TeamIdentifier=0123456789
Sealed Resources=none
Internal requirements count=2 size=300
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
</dict>
</plist>

我已经阅读了Apple关于沙盒的文档,以及各种现有的SO问题,所有这些似乎都表明这应该有效。事实上,我甚至没有得到任何错误,只是沉默的失败,真的很麻烦。

有什么想法吗?

0 个答案:

没有答案
相关问题
最新问题