Change file metadata using xattr in sandboxed Mac app

Question

I am trying to remove the "com.apple.quarantine" attribute in files placed in

~/Library/Containers/....../Library/Application Support.

Using NSTask and xattr leads to "Operation not permitted" messages in console. As second option I tried the header xattr.h using removexattr().

I also tried to add LSFileQuarantineEnabled to Info.plist. Calling xattr manually from Terminal works.

Seems like sandbox prevents xattr from deleting attributes using Objective-C.

Answer 1

Run a helper binary inside a sandboxed app...

For first tests:

1. create a certificate using "Keychain Access"
   1. "certificate assistant" > "create certificate ..."
   2. name it ...
   3. overwrite default settings
   4. ...
2. sign your helper binary (updater) with codesign -s <certificate A> <binary>
3. copy binary to your project
4. check that it's linked within "Build Phases" > "Copy Bundle Resources"
5. go to Product > Archive
   1. Distribute ...
   2. Export as Application
   3. Use your Signing Identity

If you want to send it to the Mac App Store, use the correct certificate.

The code I'm using to start/call the helper binary is as follows:

NSString * resourcePath = [[NSBundle mainBundle] resourcePath];
NSTask *testbin = [[NSTask alloc] init];
NSString * path = [resourcePath stringByAppendingString:@"/testbin"];
[testbin setLaunchPath:path];
[testbin launch];
[testbin waitUntilExit];

No need to copy or move a file ;-)