I have some problems understanding the new Lion sandbox.
I know that Lion includes a process of a trusted daemon called Powerbox , whose task is to present and manage open / save dialogs on behalf of isolated applications.
As the Sandbox Guide for Code and Application Signing says:
At any time when an application running inside an isolated area calls the NSOpenPanel or NSSavePanel dialog, rather than showing the panel directly, AppKit automatically asks Powerbox to present the dialog. From the developer's point of view, there are no code changes required to use these panels; this process is completely transparent.
After the user selects a set of files or directories, Powerbox uses the new features in the sandbox core module to deploy the calling application sandbox to allow access to the selected files. By the time the application code requests the panel for the returned URLs or file names, it already has permission to access these files and can continue to use the files through almost any API that it already uses.
Ok I did some practice tests using this code:
NSSavePanel *savePanel = [NSSavePanel savePanel]; savePanel.delegate = self; savePanel.directoryURL = ...; savePanel.nameFieldStringValue = ...; [savePanel beginSheetModalForWindow:self.window completionHandler:^(NSInteger returnCode) { }];
The strange thing is that the NSOpenSavePanelDelegate method, called the BEFORE completion handler, does not have access to files in the file system.
Is it correct?
But if so, delegate methods, such as panel:validateURL:error: become useless!
Can you help me explain in more detail the relationship between the application and Powerbox ?
Dev
source share