skip to Main Content

I need to access directories outside of iOS App container.

The minimal code I tried is as below.

        let files = try! FileManager.default.contentsOfDirectory(atPath: "/Library/")

I also added the following to the entitlements file (.entitlements)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.temporary-exception.files.absolute-path.read-write

com.apple.security.temporary-exception.files.absolute-path.read-write

</key>
    <string>/</string>
</dict>
</plist>

I thought above would give adequate permission for my App to browse files outside of App container, but I’m still getting the following error.

[file:///Library/] DictionaryLoader/ContentView.swift:54: Fatal error: ‘try!’ expression unexpectedly raised an error: Error Domain=NSCocoaErrorDomain Code=257 "The file “Library” couldn’t be opened because you don’t have permission to view it." UserInfo={NSUserStringVariant=(
Folder
), NSFilePath=/Library/, NSUnderlyingError=0x282c275d0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}
2023-02-15 12:03:48.780396-0800 DictionaryLoader[1132:24964] DictionaryLoader/ContentView.swift:54: Fatal error: ‘try!’ expression unexpectedly raised an error: Error Domain=NSCocoaErrorDomain Code=257 "The file “Library” couldn’t be opened because you don’t have permission to view it." UserInfo={NSUserStringVariant=(
Folder
), NSFilePath=/Library/, NSUnderlyingError=0x282c275d0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}

If it makes any difference, this is tested on a real device (iPhone 12 with iOS 16.2)

3

Answers


  1. in simple Language – you cannot access file outside your app directory
    but if you want to access file , e.g while i am creating chat app when i am sending photo from directory firstly i have to copy that photo to my App directory onward that it is easily accessible to you.

    iOS Standard Directories: Where Files Reside
    For security purposes, an iOS app’s interactions with the file system are limited to the directories inside the app’s sandbox directory. During installation of a new app, the installer creates a number of container directories for the app inside the sandbox directory. Each container directory has a specific role. The bundle container directory holds the app’s bundle, whereas the data container directory holds data for both the app and the user. The data container directory is further divided into a number of subdirectories that the app can use to sort and organize its data. The app may also request access to additional container directories—for example, the iCloud container—at runtime.

    Login or Signup to reply.
  2. com.apple.security.temporary-exception.files.* are macOS-only keys related to App Sandbox. As noted in the docs:

    Note: This chapter describes property list keys specific to the macOS implementation of App Sandbox. They are not available in iOS.

    What you’re trying to do is not permitted on iOS. You will need to redesign so that you don’t need this capability, or you’ll need to jailbreak the device.

    Login or Signup to reply.
  3. You cannot reach outside your sandbox container to reach other files on the local device due to restrictions placed on your app by Apple known as the App Sandbox.

    Only these highly trusted components have such privileges. These are found in this online database

    Giving yourself entitlements in your entitlements file does not actually provide you that entitlement.

    The way privileges work is that on App Store Connect you add extra privileges to your App ID, and then generate a provisioning profile that references the App ID and entitlements together with a certificate. Xcode can automate this for you.

    But you cannot give yourself those privileges that you are seeking in App Store Connect. Also Xcode won’t add those to your App ID and code sign them for you.

    Sometimes Apple do give you special privileges but you need to go through Apple Developer Technical Support to get those. For example, if you represent a health authority, you can get the exposure notification entitlement. But what you are asking for will never be provided by Apple DTS.

    The only way around it are certain special cases normally not available to you as an ordinary developer:

    • You are an actual Apple engineer writing a first party app.
    • You’ve jailbroken the iPhone and thus can use ldid to assign privileges.
    • You’ve a special iPhone with security disabled (such as an Apple Security Research Device)

    It might be possible to undertake the kind of exploration you describe by using a virtualised iPhone. There is a commercial product offered by Corellium.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search