Support for sandboxed plugins (screensavers) in 2.x

[glouel]

Hi !

This is a followup to this issue : #1476

I thought I'd give a shot to 2.x/xpc branch to see if that solved the sandboxing issues introduced in Catalina for screensavers (which are now sandboxed in a very weird way by a container, more info in original issue). I followed this guide (https://christiantietze.de/posts/2019/06/sparkle-xpc-or-no/) and it all looked straightforward.

When launching the updater though, it correctly downloads then fail with that error :

Here's what I get in the Console :

erreur	18:49:50.630389+0100	kernel	Sandbox: legacyScreenSave(17773) deny(1) authorization-right-obtain config.add.com.JohnCoates.Aerial.sparkle-auth
erreur	18:49:50.630611+0100	legacyScreenSaver	Failed to make auth right set
erreur	18:49:50.630413+0100	authd	Sandbox denied authorizing right 'config.add.com.JohnCoates.Aerial.sparkle-auth' by client '/System/Library/Frameworks/ScreenSaver.framework/PlugIns/legacyScreenSaver.appex' [17773] (engine 1502)
erreur	18:49:50.637489+0100	kernel	Sandbox: legacyScreenSave(17773) deny(1) authorization-right-obtain com.JohnCoates.Aerial.sparkle-auth
erreur	18:49:50.637710+0100	legacyScreenSaver	Failed copying system domain rights: -60005
erreur	18:49:50.637502+0100	authd	Sandbox denied authorizing right 'com.JohnCoates.Aerial.sparkle-auth' by client '/System/Library/Frameworks/ScreenSaver.framework/PlugIns/legacyScreenSaver.appex' [17773] (engine 1503)
erreur	18:49:50.637583+0100	authd	copy_rights: authorization failed
erreur	18:49:50.638010+0100	legacyScreenSaver	Failed to submit installer job

So if I read that correctly, the host (legacyScreenSaver.appex) denies some auth thing ? I digged a bit into the code, found that it likely happens in SUInstallerLauncher.m, in :

- (SUInstallerLauncherStatus)submitInstallerAtPath:(NSString *)installerPath

I'm not 100% sure what those rights are, the code mentions that it should pop a system prompt (for authorizing xpc?) but I didn't see a thing. Any idea is appreciated, although I completely understand that this (a screensaver) is very much an edge case that Catalina put in a very weird state. Thanks !

[kornelski]

Sorry, sandboxing is a mystery to me too :(

[glouel]

Sorry, sandboxing is a mystery to me too :(

No worries, thanks for taking the time to answer. I think I might just stop wasting time on those weird sandboxing restrictions on screensavers, and make a companion app that would itself update the screensaver file. I think I can still do that with sparkle though (I'm pretty sure I came accross the concept in 2.x or somewhere else), if you have any pointer feel free to share ! Thanks !

[kornelski]

If you can put the screensaver bundle inside Resources of an companion app, it will get updated together with it. You might listen to update event to stop the screensaver before it gets overwritten.

[glouel]

If you can put the screensaver bundle inside Resources of an companion app, it will get updated together with it. You might listen to update event to stop the screensaver before it gets overwritten.

That's super helpful, I'll give this a shot. Thanks again for your time on this !