Sandboxing the DemoRunner

Hi there,
I have some trouble with an OSX app distributed on the Apple Store.
It has been one month since I first notified Apple, still trying to find a solution.
So I tried as a test, to apply sandboxing to the JUCE OSX Demorunner. And, as for my app, the result was that the user can’t access outside its container.
BUT if I understand well my readings and as I have been told by the Apple Support, “The user can dynamically extend your sandbox by various user-level actions (the open and save panels, drag and drop, AppleScript).”. Isn’t the basic FileBrowser able to allow the user to do such a thing? Because they also suggested to use NSDocument and NSDocumentController … This is not a path I would like to take using JUCE.

JUCE uses an NSOpenSavePanelDelegate internally in the FileChooser.

This SO answer, cocoa - NSSavePanel and the Sandbox - Stack Overflow, provides this information:

After contacting Apple, I can confirm what Rob Keniger wrote: NSOpenSavePanelDelegate method’s don’t have access to the filesystem in sandboxed applications.

Ooh, thank you so much t0m. Should we infer that we can’t publish a signed OSX app with JUCE, within which the user will have the possibility to navigate outside the app container? I would be so surprised not to have seen other people complaining.

It appears that SO link was only for the NSOpenSavePanelDelegate's methods itself. NSOpenPanel should work. Have you tried enabling User Selected File in the sandboxing settings?

I have checked com.apple.security.files.user-selected.read-write = true.
About NSOpenPanel: Apple answered me that " You typically [extend your sandbox] by using the open and save panels (NSOpenPanel and NSSavePanel). If your app uses the standard Cocoa document architecture (NSDocument and NSDocumentController) this mostly works by default. "
For some reason I had’nt seen that FileChooser uses NSOpenPanel. So it should work - but it doesn’t.
Also, a problem seems to show itself when I compile with “debug executable” on. The app breaks around the point below:

0x7fff6cff5af2 <+1873>: leaq   0x11f5(%rip), %r8         ; "Sandbox registration internal error: %s"