Hi all and thanks for replying.
I did some more experimenting and these are the results.
I am summarizing them here in case others (including myself) will need a quick reference to them in the future.
Let’s make it clear that these experiments are about how to load a non-sandbox-safe plug-in in Garageband X.
Also, let’s suppose that we start these with a fresh installation of Garageband X on a new computer.
Facts:
-
The first time we try to load a non-sandbox-safe plug-in, we are greeted with the following dialog window
-
If one responds clicking “Cancel”, the operation is aborted and the plug-in is not loaded at all.
-
If one clicks “Lower Security Settings”, the plug-in loading proceeds as requested, although with some differences from a regular loading inside a regular, non-sandboxed host. We’ll cover them later.
-
The “Lower Security Setting” choice made at point 3 is a global setting that gets stored in Garageband.
This means that when you load the non-sandbox-safe plug-in again, the operation now proceeds without the dialog window being displayed again.
Also, this applies not only to the plug-in for which the dialog was originally displayed, but also to any other non-sandbox-safe plug-ins: all non-sandbox-safe plug-ins will now be loaded without the dialog being displayed again. -
It is possible to reset that security setting so that the next time one tries to load a non-sandbox-safe plug-in, the dialog window is displayed again. To do so, issue the following command into a terminal window:
defaults delete com.apple.audio.SandboxHelper app.com.apple.garageband10 -
As previously mentioned in point 3, there are still differences when a non-sandbox-safe plug-in is loaded in Garageband X (even with lowered security settings) versus when it is loaded in any other non-sandboxed DAW.
The main difference that I am interested in (and the sole covered by my experiments) regards filesystem access. Some of these differences have already been mentioned in the rest of this thread. -
When
File::getSpecialLocation()is used to retrieve any path in the “user” domain (e.g.userDocumentsDirectoryoruserHomeDirectory), the returned paths are inside the Garageband sandbox (~/Library/Containers/com.apple.garageband10/Data). The plug-in has permissions to create, read and write files in all these folders inside the sandbox.
Please note that the returned paths are inside the sandbox even if Garageband is in lowered security mode. -
On the other hand, using
File::getSpecialLocation()to obtain other, non-user paths (e.g.commonApplicationDataDirectory) results in the “real” path being returned, without sandbox interference this time.
Access to these folders is not limited by the sandbox in any way, but of course the regular filesystem permissions still apply. -
Thank to the suggestion made by chkn in this other post, it is possible to write a function that returns the “real” path of the home directory even inside Garageband X. This is the code:
#include <pwd.h> File getRealUserHomeDirectory () { struct passwd *pw = getpwuid (getuid ()); if (pw == nullptr) { jassertfalse; // unable to read the user info return File::getSpecialLocation (File::userHomeDirectory); } return File (String (pw->pw_dir)); } -
Using the path returned from that function, my plug-in inside Garageband X had no problems creating, reading and writing files located in the real home directory.
I admit that this may be due to Garageband being in lower security mode, but since that mode is necessary for my plug-in to be loaded in the first place. Therefore, I can be certain that if my plug-in is running, it can access the real home directory just fine.
In consideration of all these facts, I think I’ll go against the current of those that preferred to move the user files inside “~/Music/Audio Music Apps” for peace of mind.
Instead, I think I will keep them where they have always been, in the user home directory, only changing the way its path is obtained so that the real path is returned even when the plug-in is inside Garageband X.
Unless there is something conceptually wrong that I am missing…