Monday, July 25, 2011

Real Studio, Sandboxing, and the Mac App Store

As some of you have heard, Apple is going to require all applications submitted to the Mac App Store to be sandboxed starting in November.

Sandboxing is a security feature that limits the amount of damage your application can do if it was to be exploited. The way this works is that an application, by default, is unable to see or manipulate any of the world around it. Not only does this mean that there are fewer attack vectors to compromise your application, but also that it would be unable to harm the user if it was.

However, applications running in complete isolation would not be very useful. What Apple has done is added controlled holes in the sandbox called entitlements. These entitlements let your application access only the bits of the outside world that it absolutely has to. For example, there are entitlements that allow you access the computer's video camera, access the user's address book, or make outgoing network connections.

One entitlement in particular is interesting: the ability to use open and save dialogs. Since the application does not have access to the entire file system, normal open and save dialogs would be completely useless. So what Apple has done is design a system they call Powerbox that seamlessly shows the open box in another process. When the user selects a file from the dialog, it then pokes a hole in your application's sandbox and then you can use that file.

Unfortunately Powerbox is very broken in Carbon applications. We've filed all of the appropriate bug reports with Apple (rdar://9695639, rdar://9695604, rdar://9695574) but it is unclear if they will ever be fixed. It is our opinion that Apple is moving Carbon into a maintenance mode and is only doing updates to keep applications fitting the look and feel of Mac OS X as it changes.

What does this mean for your application built with Real Studio? Basically, it means that the Real Studio Carbon framework cannot be used for applications targeting the Mac App Store. By November, you must switch to using the Real Studio Cocoa framework to submit applications to the Mac App Store.

We realize that our Cocoa framework, in its current state, may not be stable or complete enough for some of your applications. However, we have not stopped working on it and it is improving with each release.

We hope to have addressed all of your important Cocoa framework issues by November. In order to do that we need your feedback. So please test your projects under Cocoa and report issues in Feedback so we can ensure a seamless release.


Beatrix Willius said...

This sounds really fascinating. Sandboxing even for open and save dialogs? Oh man. Since Carbon is broken for me on Lion anyway: Long live Cocoa.

Joe Ranieri said...

Sandboxing really is neat. If you're interested in it, I recommend watching the "Introducing App Sandbox" session from WWDC 2011 and reading "Code Signing And Application Sandboxing Guide".

TJ said...

This is all good information, but we can't ignore the new elephant in the room - how is the REALbasic language going to be extended to allow easy access to the entitlement requests? This will become "basic functionality" for even the simplest of tasks and should be a provided class or set of methods rather than something that requires users to learn about declares and the brouhaha that accompanies them.

Hopefully the result implemented will be more useable than the current methods and hoops that we must jump through to use the existing OS X security APIs.

Joe Ranieri said...

@TJ: There is nothing that really needs to be done. You specify your entitlements when you sign your application and you *cannot* get around these limitations. I'm not sure exactly what you're asking for.

Mark said...

What about existing apps that are on the Mac App Store? Will they be removed?

Joe Ranieri said...

@Mark: as far as I've heard, existing applications will stay but you will not be able to submit updates or new applications.

Charles Kelley said...

Will the applications one makes with REAL Studio hide the implementation details of entitlements from us?

Joe Ranieri said...

@Charles: Entitlements are specified when you sign your application for submission to the Mac App Store, long after Real Studio has finished its job.