沙盒 macOS 应用程序无法访问照片库

问题描述 投票:0回答:1

我有一个为 macOS 构建的 Electron 应用程序,多年来它一直通过“开发者 ID”分发,运行良好,我能够访问系统照片库中的照片。当然,我已经在 Info.plist 中拥有 'NSPhotoLibraryUsageDescription' 键。

最近我们正尝试将此应用程序发布到Mac App Store,因此我必须打开沙箱,之后该应用程序在访问照片库时开始出现XPC错误。错误看起来像:

PHAuthorizationStatus: Authorized
CoreData: XPC: sendMessage: failed #0
CoreData: XPC: Unable to sendMessage: to server
...
CoreData: XPC: sendMessage: failed #7
CoreData: XPC: Unable to connect to server with options {
    NSPersistentHistoryTrackingKey = 1;
    NSXPCStoreServerEndpointFactory = "<PLXPCPhotoLibraryStoreEndpointFactory: 0x7fc67e8af370>";
    skipModelCheck = 1;
}
CoreData: XPC: Unable to load metadata: Error Domain=NSCocoaErrorDomain Code=134060 "A Core Data error occurred." UserInfo={Problem=Unable to send to server; failed after 8 attempts.}
CoreData: fault: Unable to create token NSXPCConnection.  NSXPCStoreServerEndpointFactory 0x7fc67e8af370 -newEndpoint returned nil
CoreData: error: Failed to create NSXPCConnection

应用程序似乎可以检测到当前的“PHAuthorizationStatus”,即“已授权”,但无法从照片库中获取照片(使用 PhotoKit)。

我从here了解到我可以从

sandboxd
守护进程中查找错误,所以我这样做了,这是我所看到的:

Sandbox: Picture Keeper(32625) deny(1) mach-lookup com.apple.photos.service
Violation:       deny(1) mach-lookup com.apple.photos.service
Process:         Picture Keeper [32625]
Path:            /Applications/Picture Keeper.app/Contents/MacOS/Picture Keeper
Load Address:    0x103bd3000
Identifier:      com.simplifieditproducts.picturekeepermas
Version:         4575 (4.5.75)
Code Type:       x86_64 (Native)
Parent Process:  Picture Keeper [1]
Responsible:    /Applications/Picture Keeper.app/Contents/MacOS/Picture Keeper
User ID:         501

Date/Time:       2024-08-26 16:16:14.645 EDT
OS Version:      macOS 14.5 (23F79)
Release Type:    User
Report Version:  8

MetaData: {"process_path":["Users","Kevin","Projects","Electron","picturekeeper-electron","dist","picturekeeper","mas-dev","Picture Keeper.app","Contents","MacOS","Picture Keeper"],"apple-internal":false,"primary-filter":"global-name","policy-description":"Sandbox","flags":5,"platform-policy":false,"build":"macOS 14.5 (23F79)","process-path":"\/Applications\/Picture Keeper.app\/Contents\/MacOS\/Picture Keeper","responsible-process-path":"\/Applications\/Picture Keeper.app\/Contents\/MacOS\/Picture Keeper","primary-filter-value":"com.apple.photos.service","platform_binary":"no","responsible-process-signing-id":"com.simplifieditproducts.picturekeepermas","hardware":"Mac","target":"com.apple.photos.service","action":"deny","mach_namespace":1,"checker-pid":1,"container":"\/Users\/Kevin\/Library\/Containers\/com.simplifieditproducts.picturekeepermas\/Data","binary-in-trust-cache":false,"team-id":"LU744924UY","process":"Picture Keeper","global-name":"com.apple.photos.service","platform-binary":false,"pid":32625,"summary":"deny(1) mach-lookup com.apple.photos.service","checker":"launchd","responsible-process-team-id":"xxxxx","operation":"mach-lookup","normalized_target":["com.apple.photos.service"],"errno":1,"uid":501,"profile-flags":0,"profile-in-collection":false,"sandbox_checker":"launchd","signing-id":"com.simplifieditproducts.picturekeepermas","release-type":"User"}

我相信我已经拥有照片库的必要权利,请参阅:

codesign -d --entitlements - /Applications/Picture\ Keeper.app/Contents/MacOS/Picture\ Keeper

[Dict]
    [Key] com.apple.application-identifier
    [Value]
        [String] xxxx.com.simplifieditproducts.picturekeepermas
    [Key] com.apple.developer.team-identifier
    [Value]
        [String] xxxx
    [Key] com.apple.security.app-sandbox
    [Value]
        [Bool] true
    [Key] com.apple.security.application-groups
    [Value]
        [Array]
            [String] xxxx.com.simplifieditproducts.picturekeepermas
    [Key] com.apple.security.assets.movies.read-only
    [Value]
        [Bool] true
    [Key] com.apple.security.assets.music.read-only
    [Value]
        [Bool] true
    [Key] com.apple.security.assets.pictures.read-write
    [Value]
        [Bool] true
    [Key] com.apple.security.cs.allow-dyld-environment-variables
    [Value]
        [Bool] true
    [Key] com.apple.security.cs.allow-jit
    [Value]
        [Bool] true
    [Key] com.apple.security.cs.allow-unsigned-executable-memory
    [Value]
        [Bool] true
    [Key] com.apple.security.cs.disable-executable-page-protection
    [Value]
        [Bool] true
    [Key] com.apple.security.cs.disable-library-validation
    [Value]
        [Bool] true
    [Key] com.apple.security.device.usb
    [Value]
        [Bool] true
    [Key] com.apple.security.files.bookmarks.app-scope
    [Value]
        [Bool] true
    [Key] com.apple.security.files.bookmarks.document-scope
    [Value]
        [Bool] true
    [Key] com.apple.security.files.downloads.read-only
    [Value]
        [Bool] true
    [Key] com.apple.security.files.user-selected.read-write
    [Value]
        [Bool] true
    [Key] com.apple.security.network.client
    [Value]
        [Bool] true
    [Key] com.apple.security.network.server
    [Value]
        [Bool] true
    [Key] com.apple.security.personal-information.location
    [Value]
        [Bool] true
    [Key] com.apple.security.personal-information.photos-library
    [Value]
        [Bool] true

顺便说一句,照片库相关代码被内置到.node文件(这是一个dylib)中,它将在运行时由主可执行文件加载。

我错过了什么吗?谢谢!

macos codesign appstore-sandbox xpc code-signing-entitlements
1个回答
0
投票

对于任何使用 Electron 构建 Mac App Store 应用程序并遇到类似 XPC 错误的人来说,这个问题似乎自 Electron v26 以来就已得到解决。

  • Electron 25.9.8 与 Node 18.15.0:不起作用
  • Electron 26.0.0 与 Node 18.16.1:工作正常
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.