Cross-platform development for Windows, Mac and Linux desktop, web, iOS and Raspberry Pi - Android coming next!
Monday, July 25, 2011
Real Studio, Sandboxing, and the Mac App Store
As some of you have heard, Apple is going to require all applications submitted to the Mac App Store to be sandboxed starting in November.
Sandboxing is a security feature that limits the amount of damage your application can do if it was to be exploited. The way this works is that an application, by default, is unable to see or manipulate any of the world around it. Not only does this mean that there are fewer attack vectors to compromise your application, but also that it would be unable to harm the user if it was.
However, applications running in complete isolation would not be very useful. What Apple has done is added controlled holes in the sandbox called entitlements. These entitlements let your application access only the bits of the outside world that it absolutely has to. For example, there are entitlements that allow you access the computer's video camera, access the user's address book, or make outgoing network connections.
One entitlement in particular is interesting: the ability to use open and save dialogs. Since the application does not have access to the entire file system, normal open and save dialogs would be completely useless. So what Apple has done is design a system they call Powerbox that seamlessly shows the open box in another process. When the user selects a file from the dialog, it then pokes a hole in your application's sandbox and then you can use that file.
Unfortunately Powerbox is very broken in Carbon applications. We've filed all of the appropriate bug reports with Apple (rdar://9695639, rdar://9695604, rdar://9695574) but it is unclear if they will ever be fixed. It is our opinion that Apple is moving Carbon into a maintenance mode and is only doing updates to keep applications fitting the look and feel of Mac OS X as it changes.
What does this mean for your application built with Real Studio? Basically, it means that the Real Studio Carbon framework cannot be used for applications targeting the Mac App Store. By November, you must switch to using the Real Studio Cocoa framework to submit applications to the Mac App Store.
We realize that our Cocoa framework, in its current state, may not be stable or complete enough for some of your applications. However, we have not stopped working on it and it is improving with each release.
We hope to have addressed all of your important Cocoa framework issues by November. In order to do that we need your feedback. So please test your projects under Cocoa and report issues in Feedback so we can ensure a seamless release.