I use QLPreviewView to show the quicklook preview in the app. Without sandbox, this works well, but once change the app to sandbox, the preview can not show up.
I found the error in Console: QuickLookUIHelpe(20786) deny file-read-data XXX.
I have used the security-scoped bookmarks & com.apple.security.files.user-selected.read-write to grant access the user home dir, then:
[allowedURL startAccessingSecurityScopedResource];
self.myPreiviewItem.myURL = fileURL;
self.myQLPreviewView.previewItem = self.myPreiviewItem;
[self.myQLPreviewView refreshPreviewItem];
[allowedURL stopAccessingSecurityScopedResource];
with these, I can delete files of user home dir, but the QLPreviewView can not work. I do not know what is the difference between these 2 scenes, does QLPreviewView need more for sandbox?
If I add com.apple.security.files.downloads.read-only into the entitlement, the files in "Downloads" can be previewed, but other files of user home dir can not be previewed.
Finally I have found the solution!
refreshPreviewItem is an async call, so before Mac finishes loading the preview, the following api stopAccessingSecurityScopedResource immediately shutdown the access, as a result, Mac failed to load the preview successfully.
so the solution is: do NOT call stopAccessingSecurityScopedResource here, keep the allowedURL's access right until you do not need the QL preview function, and then call stopAccessingSecurityScopedResource there, such as when closing the window.