I just watched the Apple developer videos about App Sandboxing and have to agree that it in most cases it's a good thing.
With that new enthusiasm I went ahead and tried the AppSandboxQuickStart code sample that loads a webpage in a WebKit WebView.
Enabled sandboxing, app failed because of missing network.client entitlement. Enabled that as the tutorial said to get it to work: app still fails.
Turns out that the WebView, or rather the Flash plugin is trying to load the AIR apps that are installed (why, I have no clue, I was loading apple.com).
The app didn't start at all. Only hint were errors in the Console. As a developer I'm afraid that those "perceived crashes", that's what they will look like to users, will become a common theme.
This brings up an important issue. If an app uses an embedded webview and the user can navigate down links would the developer have to check off every entitlement that the webview might in the future need to access?
Navigating links shouldn't be an issue assuming that the app hosting the web view is allowed to connect to the network.
But how about plugins loaded by the web view? I assume that's what's happening in my case. The web view is loading the Flash plugin, which in turn tries to access the file system.
That's not allowed, because the plugin inherits the entitlements of the parent app. The Flash plugin really can't believe that access to it's Library folder doesn't work so it tries and tries and tries sending the main thread into an endless loop blocking the complete app.
That's actually what I meant by navigating links. Each page would load fresh content that might have plugins that require services not authorized in the main app.
For example, any typical RSS reader, alternative email clients, specialized browsers, or any dev tool that shows page previews using a webview. These all have to max out the entitlements so they don't break down the line.
It seems like it would be much more useful to make entitlements be a dynamic system instead, so apps can request extra privileges at runtime and asking the user to confirm instead of statically baking it into the app envelope. Same goes for the iPhone.
With that new enthusiasm I went ahead and tried the AppSandboxQuickStart code sample that loads a webpage in a WebKit WebView.
Enabled sandboxing, app failed because of missing network.client entitlement. Enabled that as the tutorial said to get it to work: app still fails.
Turns out that the WebView, or rather the Flash plugin is trying to load the AIR apps that are installed (why, I have no clue, I was loading apple.com).
>WebProcess(1319) deny file-read-data /Users/me/Library/Application Support/Adobe/AIR/ELS/com.prezi.PreziDesktop/PrivateEncryptedDatak
The app didn't start at all. Only hint were errors in the Console. As a developer I'm afraid that those "perceived crashes", that's what they will look like to users, will become a common theme.