NSSavePanel 和沙箱
我在理解新的 Lion's Sandbox 时遇到一些问题。
我知道 Lion 包含一个名为 Powerbox 的受信任守护进程,其工作是代表沙盒应用程序显示和控制打开/保存对话框。
就像 代码签名和应用程序沙盒指南 说:
每当沙箱内运行的应用程序调用 NSOpenPanel 或 NSSavePanel 对话框时,AppKit 都会自动要求 Powerbox 显示该对话框,而不是直接显示面板。从开发人员的角度来看,这些面板的使用方式不需要更改代码;这个过程是完全透明的。
用户选择一组文件或目录后,Powerbox 使用沙箱内核模块中的新功能来扩展调用应用程序的沙箱,以允许访问所选文件。当应用程序代码在面板中查询返回的 URL 或文件名时,它已经具有访问这些文件的权限,并且可以通过它已经使用的几乎任何 API 继续使用这些文件。
好的。我使用这段代码做了一些实际测试:
NSSavePanel *savePanel = [NSSavePanel savePanel];
savePanel.delegate = self;
savePanel.directoryURL = ...;
savePanel.nameFieldStringValue = ...;
[savePanel beginSheetModalForWindow:self.window
completionHandler:^(NSInteger returnCode) {
/* the completion handler */
}];
奇怪的是,在完成处理程序之前调用的 NSOpenSavePanelDelegate 方法无法访问文件系统上的文件。
这是正确的吗?
但如果是这样,像 panel:validateURL:error: 这样的委托方法就变得毫无用处!
您能帮我更详细地解释一下应用程序和 Powerbox 之间的连接吗?
I have some problems understanding the new Lion's Sandbox.
I know that Lion includes a trusted daemon process called Powerbox whose job is to present and control open/save dialog boxes on behalf of sandboxed applications.
Like the Code Signing And Application Sandboxing Guide says:
Any time an application running inside a sandbox invokes an NSOpenPanel or NSSavePanel dialog, rather than showing the panels directly, AppKit automatically asks the Powerbox to present the dialog. From a developer perspective, there are no code changes required in terms of how these panels are used; this process is fully transparent.
After the user selects a set of files or directories, the Powerbox uses new functionality in the sandbox kernel module to expand the invoking application's sandbox to allow access to the selected files. By the time the application code queries the panel for the returned URLs or filenames, it already has permission to access those files, and can continue to use the files through almost any API it already uses.
Ok. I did some practical tests using this code:
NSSavePanel *savePanel = [NSSavePanel savePanel];
savePanel.delegate = self;
savePanel.directoryURL = ...;
savePanel.nameFieldStringValue = ...;
[savePanel beginSheetModalForWindow:self.window
completionHandler:^(NSInteger returnCode) {
/* the completion handler */
}];
The strange thing is that the NSOpenSavePanelDelegate method's, that are called BEFORE the completion handler, do not have access to files on the filesystem.
Is this correct?
But if so, the delegate's methods like panel:validateURL:error: becomes useless!
Can you help me explaining in more detail the connections between the app and Powerbox?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
联系 Apple 后,我可以确认 Rob Keniger 所写的内容:
NSOpenSavePanelDelegate方法无法访问沙盒应用程序中的文件系统。After contacting Apple, I can confirm what Rob Keniger wrote:
NSOpenSavePanelDelegatemethod's don't have access to the filesystem in sandboxed applications.