英文:
Permission denied when trying to access file outside of iOS App container
问题
我需要访问iOS App容器之外的目录。
我尝试的最小代码如下。
let files = try! FileManager.default.contentsOfDirectory(atPath: "/Library/")
我还在权限文件(
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
<string>/</string>
</dict>
</plist>
我认为以上内容应该足够让我的应用程序获得浏览App容器之外文件的适当权限,但我仍然遇到以下错误。
[file:///Library/]
DictionaryLoader/ContentView.swift:54: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=NSCocoaErrorDomain Code=257 "The file “Library” couldn’t be opened because you don’t have permission to view it." UserInfo={NSUserStringVariant=(
Folder
), NSFilePath=/Library/, NSUnderlyingError=0x282c275d0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}
2023-02-15 12:03:48.780396-0800 DictionaryLoader[1132:24964] DictionaryLoader/ContentView.swift:54: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=NSCocoaErrorDomain Code=257 "The file “Library” couldn’t be opened because you don’t have permission to view it." UserInfo={NSUserStringVariant=(
Folder
), NSFilePath=/Library/, NSUnderlyingError=0x282c275d0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}
如果有任何不同之处,这是在真实设备上测试的(iPhone 12,iOS 16.2)。
英文:
I need to access directories outside of iOS App container.
The minimal code I tried is as below.
let files = try! FileManager.default.contentsOfDirectory(atPath: "/Library/")
I also added the following to the entitlements file (<project name>.entitlements)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.temporary-exception.files.absolute-path.read-write
com.apple.security.temporary-exception.files.absolute-path.read-write
</key>
<string>/</string>
</dict>
</plist>
I thought above would give adequate permission for my App to browse files outside of App container, but I'm still getting the following error.
> [file:///Library/]
DictionaryLoader/ContentView.swift:54: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=NSCocoaErrorDomain Code=257 "The file “Library” couldn’t be opened because you don’t have permission to view it." UserInfo={NSUserStringVariant=(
Folder
), NSFilePath=/Library/, NSUnderlyingError=0x282c275d0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}
2023-02-15 12:03:48.780396-0800 DictionaryLoader[1132:24964] DictionaryLoader/ContentView.swift:54: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=NSCocoaErrorDomain Code=257 "The file “Library” couldn’t be opened because you don’t have permission to view it." UserInfo={NSUserStringVariant=(
Folder
), NSFilePath=/Library/, NSUnderlyingError=0x282c275d0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}
If it makes any difference, this is tested on a real device (iPhone 12 with iOS 16.2)
答案1
得分: 1
com.apple.security.temporary-exception.files.*
是与 App Sandbox 相关的仅限于 macOS 的密钥。正如文档中所述:
>注意:本章描述了与 macOS 版本的 App Sandbox 实现特定的属性列表密钥。它们在 iOS 中不可用。
在 iOS 上,您无法执行您尝试的操作。您需要重新设计,以便不再需要此功能,或者您需要越狱设备。
英文:
com.apple.security.temporary-exception.files.*
are macOS-only keys related to App Sandbox. As noted in the docs:
>Note: This chapter describes property list keys specific to the macOS implementation of App Sandbox. They are not available in iOS.
What you're trying to do is not permitted on iOS. You will need to redesign so that you don't need this capability, or you'll need to jailbreak the device.
答案2
得分: 1
只有这些高度信任的组件才具备这些特权。这些可以在此在线数据库找到。
在您的赋权文件中为自己添加授权不会真正赋予您该授权。
特权的工作方式是,在App Store Connect上向您的App ID添加额外的特权,然后生成引用App ID和授权的配置文件以及证书的配置文件。Xcode可以为您自动化此过程。
但您无法在App Store Connect中授予自己正在寻求的那些特权。此外,Xcode不会为您的App ID添加这些特权并为其签名。
有时,Apple确实会为您提供特殊的特权,但您需要通过苹果开发者技术支持来获得这些特权。例如,如果您代表健康机构,可以获得曝露通知授权。但您所要求的内容永远不会由Apple DTS提供。
绕过这一限制的唯一方法通常不会提供给您作为普通开发者:
- 您是一名实际的苹果工程师,正在编写第一方应用程序。
- 您已经越狱了iPhone,因此可以使用ldid来分配特权。
- 您拥有一个已禁用安全性的特殊iPhone(如Apple安全研究设备)。
通过使用虚拟化的iPhone,您可能可以进行您描述的探索。Corellium提供了一种商业产品,可以实现这一点。
英文:
You cannot reach outside your sandbox container to reach other files on the local device due to restrictions placed on your app by Apple known as the App Sandbox.
Only these highly trusted components have such privileges. These are found in this online database
Giving yourself entitlements in your entitlements file does not actually provide you that entitlement.
The way privileges work is that on App Store Connect you add extra privileges to your App ID, and then generate a provisioning profile that references the App ID and entitlements together with a certificate. Xcode can automate this for you.
But you cannot give yourself those privileges that you are seeking in App Store Connect. Also Xcode won't add those to your App ID and code sign them for you.
Sometimes Apple do give you special privileges but you need to go through Apple Developer Technical Support to get those. For example, if you represent a health authority, you can get the exposure notification entitlement. But what you are asking for will never be provided by Apple DTS.
The only way around it are certain special cases normally not available to you as an ordinary developer:
- You are an actual Apple engineer writing a first party app.
- You've jailbroken the iPhone and thus can use ldid to assign privileges.
- You've a special iPhone with security disabled (such as an Apple Security Research Device)
It might be possible to undertake the kind of exploration you describe by using a virtualised iPhone. There is a commercial product offered by Corellium.
答案3
得分: -1
在简单的语言中 - 你不能访问应用目录之外的文件,但如果你想访问文件,比如当我创建聊天应用程序时,当我从目录中发送照片时,首先我必须将该照片复制到我的应用程序目录,然后它就可以轻松访问了。
iOS标准目录:文件所在位置
出于安全考虑,iOS应用程序与文件系统的交互受限于应用程序沙盒目录内的目录。在安装新应用程序时,安装程序会在沙盒目录内为应用程序创建多个容器目录。每个容器目录都有特定的作用。捆绑容器目录保存应用程序的捆绑包,而数据容器目录保存应用程序和用户的数据。数据容器目录进一步分为多个子目录,应用程序可以使用这些子目录来排序和组织其数据。应用程序还可以在运行时请求访问其他容器目录,例如iCloud容器。
英文:
in simple Language - you cannot access file outside your app directory
but if you want to access file , e.g while i am creating chat app when i am sending photo from directory firstly i have to copy that photo to my App directory onward that it is easily accessible to you.
iOS Standard Directories: Where Files Reside
For security purposes, an iOS app’s interactions with the file system are limited to the directories inside the app’s sandbox directory. During installation of a new app, the installer creates a number of container directories for the app inside the sandbox directory. Each container directory has a specific role. The bundle container directory holds the app’s bundle, whereas the data container directory holds data for both the app and the user. The data container directory is further divided into a number of subdirectories that the app can use to sort and organize its data. The app may also request access to additional container directories—for example, the iCloud container—at runtime.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论