I've got an OS X App where I request app-scoped security bookmarks from the user using an NSOpenPanel - this works great.
Now I want to delete the file as well - this works for ALL files except for those stored in system locations, e.g. /private/var/log. Even though the user granted me a (not stale) security bookmark.
Is there any entitlement that allows me to delete user-selected files from those locations?
Just for reference, the following entitlements are set:
<key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key>
<array>
<string>/.Trash</string>
</array>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>
<key>com.apple.security.app-sandbox</key>
<true/>
Cheers!
Most of the files in system locations belong to user root and no one else has write permission. In order to delete such files, they need to have the appropriate permissions set. You can check this using terminal:
cd /private/var/log
ls -la
Just because your app has permission by sandbox doesn't mean it has permission by filesystem to write and remove. Sorry to say.