[Interest] Qt 5 and Mac App Store

Fri Oct 19 18:20:28 CEST 2012

>Ah, okay then, but still: if your application *wanted* to be malicious and, say, delete the file the user has such selected via file dialog, or maybe even at some later point by "security-scoping" that file and only delete it "silently" much much later, then the sandbox would not prevent such a behaviour. Because as I said, the idea of the sandbox is to prevent you process doing damage if it has been "captured" by some *other* malicious process.

Hmm I'm pretty sure that sandboxing is there to prevent *you* from doing thing's not you're supposed to do. Preventing another malicious app from pretending to be your app is what code-signing is for.

It all comes from iOS where most apps are downright trivial and are content to sit inside their own little universe.

> Or in other words: an application can't just "security-scope" any given path and then happily open it, without the user ever having *manually* selected that file (or directory possibly).

And that, is why SourceTree was pulled from the store. As source-control client, it needed read and write access to files that the they user hadn't specifically selected via a dialog. This is the show-stopper I mentioned.

When you create a Cocoa app, you get a recent files menu for free in the MainWindow.nib. I suspect that there is some special-casing going on with that menu that we cannot reproduce outside of Cocoa.

>However I also remember having read about "Document security scoped URLs", that is if the user opens a document (a file), and that document refers to other files (say jpeg photos stored alongside with that document), then there is an API which also lets you "security-scope" those files alongside - even though the user has never explicitly openened them via file dialog, the application is still allowed to read them the next time.

Yes that should work because they're in the same directory. Directories are just entities on disk.

>But I guess that the catch here is that you only get access to those "side-by-side" files if you open the "document file URL" in the first
place: I don't think the application would be allowed to open the JPEG file directly (otherwise that would weaken the security concept again:
you could simply "document security scope" the entire hard disk as soon as the user opens any file, and then you would have access to all files on the hard disk!)

Yes that's exactly my point. If an API exists that allows you security-scope any old file or directory, then everyone would do it and the sandbox is rendered useless.

>I meant exactly those flags ;) I wouldn't mind a flag on QFile level to say "security-scope that file"! As long as you have control over which files to "security scope". Still, a "Recent Files" API of some sort would still be welcome (I am going to have to write that anyway for my own application sooner or later ;))

Those mac WA_ flags have helped me out on more occasions than I can count! Not everything in Qt 'just works' across platforms. For instance, OSX has different sizes and styles of buttons and sliders (mini, small and normal), but Windows does not. Without those flags, a Qt-mac app would look pretty awful.

This email is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. Errors and Omissions Excluded. If you are not the intended recipient please notify the sender. Please delete the message from all places in your computer where it is stored. You should not copy the email or use it for any purpose or disclose its contents to any other person. To do so may be unlawful. Email is an informal means of communicating and may be subject to data corruption accidentally or deliberately. For this reason it is inappropriate to rely on advice contained in an email without obtaining written confirmation of it first.

FXhome Limited is a limited company registered in England and Wales. Registered number: 04172812. Registered office: Suite 4 St Giles House, 27 St Giles Street, Norwich, Norfolk, NR2 1JN, U.K.