I've just enabled sandboxing in my OS X application, and now my Core Audio code doesn't work. In particular, when I call AUGraphAddNode, it returns the error invalidComponentID, saying just "The operation couldn't be completed". A number of other Core Audio calls seem to work correctly before that, though.
It doesn't seem to be a direct sandbox violation, as there aren't any messages from sandboxd in Console, but it definitely works when I turn off sandboxing. Anyone know why this would possibly happen? The only thing I can imagine is that maybe it's trying to read files that I don't have access to, although I would think that would give me a sandboxing error.
Update:
To clarify, I've tried enabling every sandbox entitlement and the issue still occurs.
I've also narrowed down the issue somewhat. That call only fails if I try to add a node with the component type kAudioUnitType_MusicDevice and subtype kAudioUnitSubType_DLSSynth.
Update 2:
I've figured out a hacky workaround. If I add a temporary exception entitlement to enable read-write access to the user's entire home directory, the error no longer happens. This is obviously not ideal, so I'm continuing to search for better options. I tried to narrow down the access required by adding entitlements for more specific subdirectories, but that didn't work.
I recently submitted the app I was having this issue with to the app store, and it was rejected for using the temporary exception entitlement mentioned in the last update to my question. I was pointed to this article discussing this exact issue.
It turns out that there's another entitlement that's unfortunately not documented in the standard sandboxing documentation: com.apple.security.temporary-exception.audio-unit-host. This will allow audio units, like the DLSSynth, which require permissions greater than the host environment's sandboxing allows, to run in the host environment, provided that the user grants permission at run time.
I'm not sure how long-term this solution is, given that this entitlement is also categorized as a temporary exception, but according to Apple this is the way to go for now.