Cocoa Programming for Mac OS X - Aaron Hillegass [139]
Entitlements
Sandboxing requires a bit more thought on the part of the developer than simply turning on an Enable Sandboxing flag. The developer must specify the application’s entitlements, a list of things it is allowed to do. The OS will then constrain the application to performing only those actions. You can think of the entitlements as a contract between the application and the operating system: The application promises to perform only the listed actions.
For example, consider the requirements of the RanchForecast project. It needs to create outgoing network connections and not much more. It doesn’t need to read or write files on disk or use the camera or microphone or open a port for incoming network connections. By setting RanchForecast’s entitlements to creating only outgoing network connections, we have severely limited any opportunities for mischief on the part of this application.
To specify an application’s entitlements, the plist can be edited, or you can use Xcode’s project editor (Figure 37.5).
Figure 37.5. Application Entitlements
Sandboxed applications are provided with a container: a folder on disk in which they can store caches, preference files, and other resources. Mac OS X changes the home directory reported to via AppKit API calls to return this container folder, which resides within the user’s Library.
Mediated File Access and Powerbox
Mediated read and write access is the preferred means of file access to applications. Mediated access includes access to temporary files, such as those in the application’s container, and also read or read/write access to files that are explicitly opened by the user using a Mac OS X file-open dialog or files dragged to the application. That is, when the user chooses a file via an NSOpenPanel or NSSavePanel, the application’s sandbox is automatically expanded to include the selected file or directory.
This functionality is provided by a system daemon called Powerbox. When the developer uses NSOpenPanel or NSSavePanel, the sheets are rendered by the system daemon, providing a trusted means for file selection that is transparent to the developer—no code changes are necessary.
If an application that has the mediated read or read/write entitlement is terminated and restarted, the sandbox is again expanded to include previously open documents when Lion restores the prior state of the application by reopening those documents. The standard AppKit Open Recent menu provides similar capabilities.
For a full description of the entitlements available to applications, see the Mac OS X Developer Library document Code Signing and Application Sandboxing Guide.
The Mac App Store
If you’re writing a commercial app, there’s quite a bit of work to do beyond the writing the app itself, in order to release it. The Mac App Store has the advantage of taking care of a lot of these aspects for you: purchasing, installation/packaging, and distribution are all handled for you. Much of licensing is addressed, also. If you’re an independent developer, working on such tasks can feel as though they’re taking valuable time away from making your product better.
The Mac App Store isn’t for every app, however. If your application cannot operate in a sandboxed environment or doesn’t conform to the review guidelines, you will want to use more traditional means of distribution.
Most aspects of distribution in the Mac App Store are fairly straightforward and similar to the iOS App Store. You will need to use Xcode to sign your application binary, provide a description of your application and screenshots, and, finally, submit the app by using Xcode’s Organizer.
Receipt Validation
Mac App Store apps differ from iOS apps in one key area, however: There is no operating system support for license checking. That is, without special effort on your part, there is no copy protection. If copy protection is important to you, you will need to implement receipt validation.