반응형
ShakeJ
MNWorld
ShakeJ
전체 방문자
오늘
어제
  • 카테고리 N
    • Contact
    • 🤔그냥이야기
    • 📷사진이야기
    • 제주도에서 한달을 살아보았다
    • 옛글 N
      • 👇Blog
      • 공지사항
      • 이슈 N
      • 생각들
      • 👇취미
      • 건프라
      • 👇Review
      • 노래리뷰
      • 영화리뷰
      • 👇Travel Story
      • 2011 도쿄여행기
      • 2013 Google IO
      • 2013 Jeju
      • 2014 HONGKONG
      • 2014 Jeju
      • 2014 Sanfransis..
      • 2015 Lombok
      • 2016 HONGKONG
      • 2017 Saigon
      • 국내여행기
      • Photo Story
      • Growth
      • 👇Server
      • Ruby on the Rai..
      • Frontend
      • FullStack (MEAN..
      • Ubuntu
      • 👇Android
      • 안드로이드 프로그래밍
      • 번역본
      • 내어플이야기
      • 코드창고
      • 👇iOS
      • 아이폰 프로그래밍
      • 맥북 이야기
      • 👇Microsoft
      • ASP.NET
      • Silverlight
      • 윈도우 이야기
      • 👇IT Story
      • 모바일 이야기
      • 하드웨어 이야기 N
      • 네트워크 이야기
      • 프로그래밍이야기
      • Database이야기
      • 클라우드이야기
      • 프론트 이야기
      • 마케팅이야기
      • 그래픽 작업
      • 블로그 팁

블로그 메뉴

  • GuestBook

공지사항

인기 글

태그

  • 티스토리 팁
  • shakej
  • asp.net
  • MNWorld
  • 블로그 만들기
  • 무료배너제작
  • 티스토리
  • 랩
  • 배너교환
  • 풍경사진
  • 블로그 시작하기
  • 블로그 운영하면서
  • 블로그 잡담
  • 초대장
  • 배너제작
  • 블로그 초보
  • 블로그 팁
  • 블로그 운영하기
  • iOS 프로그래밍
  • 블로그 이야기
  • D40 사진
  • 블로그 관련
  • 배너무료제작
  • 블로그 꾸미기
  • 안드로이드 어플 추천
  • 서울 출사지
  • 블로그 처음
  • 윈도우폰7
  • 티스토리 초대장
  • 블로그 운영

최근 댓글

최근 글

티스토리

hELLO · Designed By 정상우.
ShakeJ

MNWorld

옛글/아이폰 프로그래밍

MAC App sandboxing 하기

2012. 6. 29. 16:54
반응형

맥앱스토어가 더이상 샌드박스를 적용하지 않는 앱의 경우에는 허용하지 않겠다는 발표아래 샌드박싱을 하는 방법을 퍼와 포스팅합니다. 


https://developer.apple.com/library/mac/#documentation/Security/Conceptual/AppSandboxDesignGuide/AppSandboxQuickStart/AppSandboxQuickStart.html#//apple_ref/doc/uid/TP40011183-CH2-SW3 
에서 퍼왔으며 생각보다 간단하니 천천히 따라하시면 될 듯 합니다. 

(맥 Developer 인증서가 없이 자체 인증서 생성으로 테스팅이 가능합니다. Sandbox가 적용되어 있는 iOS앱처럼 (숨겨져있는) 라이브러리에 앱 폴더가 정상적으로 만들어지네요)

* 애플뉴스 : 맥앱에 sandbox가 켜져있어야 맥앱스토어에서 사용이 가능하다(https://developer.apple.com/news/index.php?id=11022011a)

App Sandbox Quick Start

In this Quick Start you get an OS X app up and running in a sandbox. You verify that the app is indeed sandboxed and then learn how to troubleshoot and resolve a typical App Sandbox error. The apps you use are Xcode, Keychain Access, Activity Monitor, and Console.

Create the Xcode Project

The app you create in this Quick Start uses a WebKit web view and consequently uses a network connection. Under App Sandbox, network connections don’t work unless you specifically allow them—making this a good example app for learning about sandboxing.

bullet
To create the Xcode project for this Quick Start . . .
  1. In Xcode 4, create a new Xcode project for an OS X Cocoa application.

    • Name the project AppSandboxQuickStart.

    • Set a company identifier, such as com.yourcompany, if none is already set.

    • Ensure that Use Automatic Reference Counting is selected and that the other checkboxes are unselected.

  2. In the project navigator, click the MainMenu nib file.

    The Interface Builder canvas appears.

  3. In the Xcode dock, click the Window object.

    The app’s window is now visible on the canvas.

  4. In the object library (in the utilities area), locate the WebView object.

  5. Drag a web view onto the window on the canvas.

  6. (Optional) To improve the display of the web view in the running app, perform the following steps:

    • Drag the sizing controls on the web view so that it completely fills the window’s main view.

    • Using the size inspector for the web view, ensure that all of the inner and outer autosizing contraints are active.

  7. Create and connect an outlet for the web view in the AppDelegate class. In Xcode, use the following specification:

    Outlet connection source

    The WebView object of the MainMenu nib file.

    Outlet variable location

    The interface block of the AppDelegate.h header file.

    Outlet name

    webView

    Storage

    weak

    At this point, if you were to build the app, Xcode would report an error because the project doesn’t yet use WebKit but does have a web view in the nib file. You take care of this in the next step.

  8. Add the WebKit framework to the app.

    • Import the WebKit framework by adding the following statement above the interface block in theAppDelegate.h header file:

      #import <WebKit/WebKit.h>
    • Link the WebKit framework to the Quick Start project as a required framework.

  9. Add the following awakeFromNib method to the AppDelegate.m implementation file:

    - (void) awakeFromNib {
        [self.webView.mainFrame loadRequest:
            [NSURLRequest requestWithURL:
                [NSURL URLWithString: @"http://www.apple.com"]]];
    }

    On application launch, this method requests the specified URL from the computer’s network connection and then sends the result to the web view for display.

Now, build and run the app—which is not yet sandboxed and so has free access to system resources including its network sockets. Confirm that the app’s window displays the page you specified in the awakeFromNib method. When done, quit the app.

Enable App Sandbox

You enable App Sandbox by selecting a checkbox in the Xcode target editor.

In Xcode, click the project file in the project navigator and click the AppSandboxQuickStart target, if they’re not already selected. View the Summary tab of the target editor.

bullet
To enable App Sandbox for the project . . .
  1. In the Summary tab of the target editor, click Enable Entitlements.

    An entitlement is a key-value pair, defined in a property list file, that confers a specific capability or security permission to a target.

    When you click Enable Entitlements, Xcode automatically checks the Code Sign Application checkbox and the Enable App Sandboxing checkbox. Together, these are the essential project settings for enabling App Sandbox.

    When you click Enable Entitlements, Xcode also creates a .entitlements property list file, visible in the project navigator. As you use the graphical entitlements interface in the target editor, Xcode updates the property list file.

  2. Clear the contents of the iCloud entitlement fields.

    This Quick Start doesn’t use iCloud. Because Xcode automatically adds iCloud entitlement values when you enable entitlements, delete them as follows:

    • In the Summary tab of the target editor, select and then delete the content of the iCloud Key-Value Store field.

    • Click the top row in the iCloud Containers field and click the minus button.

At this point in the Quick Start, you have enabled App Sandbox but have not yet provided a code signing identity for the Xcode project. Consequently, if you attempt to build the project now, the build fails. You take care of this in the next two sections.

Create a Code Signing Certificate for Testing

To build a sandboxed app in Xcode, you must have a code signing certificate and its associated private key in your keychain, and then use that certificate’s code signing identity in the project. The entitlements you specify, including the entitlement that enables App Sandbox, become part of the app’s code signature when you build the project.

In this section, you create a code signing certificate. This simplified process lets you stay focused on the steps for enabling a sandbox.

Important A code signing certificate that you create as described in this Quick Start is not appropriate to use with an app you intend to distribute. Before you work on sandboxing an app you plan to distribute, read “App Sandbox and Code Signing.”

bullet
To create a code signing certificate for testing App Sandbox . . .
  1. In Keychain Access (available in Applications/Utilities), choose KeyChain Access > Certificate Assistant > Create a Certificate.

    Certificate Assistant opens.

    Note: Before you invoke the “Create a Certificate” menu command, ensure that no key is selected in the Keychain Access main window. If a key is selected, the menu command is not available.

  2. In Certificate Assistant, name the certificate something like My Test Certificate.

  3. Complete the configuration of the certificate as follows:

    Identity type

    Self Signed Root

    Certificate type

    Code Signing

    Let me override defaults

    unchecked

  4. Click Create.

  5. In the alert that appears, click Continue.

  6. In the Conclusion window, click Done.

Your new code signing certificate, and its associated public and private keys, are now available in Keychain Access.

Specify the Code Signing Identity

Now, configure the Xcode project to use the code signing identity from the certificate you created in the previous task.

bullet
To specify the code signing identity for the project . . .
  1. View the Build Settings tab in the project editor.

    Take care that you are using the project editor, not the target editor.

  2. In the Code Signing section, locate the Code Signing Identity row.

  3. Click the value area of the Code Signing Identity row.

  4. In the popup menu that opens, choose Other.

  5. In the text entry window that opens, enter the exact name of the newly created code signing certificate, then press <return>.

    If you’re using the suggested name from this Quick Start, the name you enter is My Test Certificate.

Now, build the app. The codesign tool may display an alert asking for permission to use the new certificate. If you do see this alert, click Always Allow.

Confirm That the App Is Sandboxed

Build and run the Quick Start app. The window opens, but if the app is successfully sandboxed, no web content appears. This is because you have not yet conferred permission to access a network connection.

Apart from blocked behavior, there are two specific signs that an OS X app is successfully sandboxed.

bullet
To confirm that the Quick Start app is successfully sandboxed . . .
  1. In Finder, look at the contents of the ~/Library/Containers/ folder.

    If the Quick Start app is sandboxed, there is now a container folder named after your app. The name includes the company identifier for the project, so the complete folder name would be, for example,com.yourcompany.AppSandboxQuickStart.

    The system creates an app’s container folder, for a given user, the first time the user runs the app.

  2. In Activity Monitor, check that the system recognizes the app as sandboxed.

    • Launch Activity Monitor (available in /Applications/Utilities).

    • In Activity Monitor, choose View > Columns.

      Ensure that the Sandbox menu item is checked.

    • In the Sandbox column, confirm that the value for the Quick Start app is Yes.

      To make it easier to locate the app in Activity monitor, enter the name of the Quick Start app in the Filter field.

tip icon

Tip If the app crashes when you attempt to run it, specifically by receiving an EXC_BAD_INSTRUCTION signal, the most likely reason is that you previously ran a sandboxed app with the same bundle identifier but a different code signature. This crashing upon launch is an App Sandbox security feature that prevents one app from masquerading as another and thereby gaining access to the other app’s container.

You learn how to design and build your apps, in light of this security feature, in “App Sandbox and Code Signing.”


반응형
저작자표시 비영리 변경금지

'옛글 > 아이폰 프로그래밍' 카테고리의 다른 글

iOS Universal 프로그래밍. 모델 구별하기  (3) 2012.07.02
MAC App용 이미지 파일 변경앱 'img2icns'  (0) 2012.06.29
iOS앱을 MAC App으로 Porting하기  (0) 2012.06.29
child already added. It can't be added again COCOS2D CCNode에러  (0) 2012.06.29
XCode iOS MAC 구별하는 전처리문  (0) 2012.06.26
    추천글👇
    • [📷사진이야기] 붉은 호치민의 노을
    ShakeJ
    ShakeJ

    티스토리툴바