found a way to sandbox unity OSX stand alones for mac app store

hello there.

as some of you may know, application sandboxing is just a technical way to enforce the mac app store guidelines, its some kind of extension to code signing, its still a premature technology that i hope will get better with time, but for the moment apple will be enforcing its use for apps for osx lion submitted to the mac app store after november this year..

it will be a hard ride for many applications to update and become compliant if the devs want the app to stay in the mac app store

for more information on application sandboxing and code signing you can go here

https://developer.apple.com/library...roduction.html#//apple_ref/doc/uid/TP40005929

fortunately unity seems to be compatible out of the box with sandboxing, as i was able to sandbox angrybots and run it without any problems

heres the pic, click for larger version:



to do it, its very simple if you are already familiar with code signing or preparing unity stand alones for mac app store submission

first you need to make an entitlements file which is basically a .plist file, in the link above theres explanations on what options and keys are available or you can make Xcode 4.1 make one for you, for that you need to make a dummy project with Xcode 4.1 and enable app sandboxing and entitlements on the projects setting.

the entitlements file that used with angrybots its the most basic and restricting one.. here it is what it contains

Code (csharp):

1.  
2. <?xml version="1.0" encoding="UTF-8"?>
3. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
4. <plist version="1.0">
5. <dict>
6.     <key>com.apple.security.app-sandbox</key>   <true/>
7. </dict>
8. </plist>
9.  

i saved that in file called AngryBots.entitlements and put it in the same folder of the built angry bots .app

then i when I'm code signing, I've added a couple of things to the command line , heres an example

Code (csharp):

1.  
2. codesign -f -s 'Mac App Certificate Name' --entitlements AppBundleName.entitlements AppBundleName.app
3.  

and thats it, the game is code signed and sandboxed, ready to be tested and packaged for the mac app store

the installer build process is the same as before

later i may do a more proper tutorial on how to prepare a unity osx stand alone for submission to the mac app store

hope this helps anyone

Cheers!

 

very nice. i was already confused on how to bring my game to the mac app store. thanks!

 

When I make a .plist I get the file that has like a variable type on the left and my assignment on the right..and yet you went from talking about .plist to .entitlements files.. Kinda lost me there.

Any chance of making a video screencast of this process? Theres free screen capture functionality in Quicktime if you dont have screen capture software.

Thanks for any help you can summon
AaronC

 

Thanks CoatlGames! I was of course ignoring Apple's nagging until the last minute, but you've saved me

He just saved the plist as "WhateverGame.entitlements"
A .plist is just an xml file, as is the entitlements file. The variable on the left/assignment on the right is just Xcodes way to conveniently show a plist. Open the file in a normal txt editor to see what it actually looks like (just an xml file).

 

Hello, this thread is useful, especially with the deadline approaching, but checking on Console for Sandboxing violations i found this error:

deny iokit-open IOHidLibUserClient

The cause seems to be Unity accessing libraries for joysticks and other devices, the game runs fine but this could cause problems during the review process. I found that allowing access to USB devices there were no violations recorded. If you use Xcode to create the .entitlements file simply click the "Allow USB Access" checkbox on the entitlements section. If you do it manually your file should look more or less like this:

Code (csharp):

1. <?xml version="1.0" encoding="UTF-8"?>
2. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
3. <plist version="1.0">
4. <dict>
5.     <key>com.apple.security.app-sandbox</key>
6.     <true/>
7.     <key>com.apple.security.device.usb</key>
8.     <true/>
9. </dict>
10. </plist>

Hope this helps!

 

i already have some games on mac store .... with out sandboxing.
this proces already work..... ??????

can I sandboxing just using xcode 4.1 on leopard ?
with this tutorial above ?
easy like that ?

i just have 5 days to deadline.

please help !

 

I recommend you to check if your version of XCode supports sandboxing or if you can upgrade to the latest version from Leopard, since Apple said the process is easier on XCode 4.3

 

Hi, thanks for all hints shared.
The codesign process is easy with all information here, and the sandbox scheme seems to work great as well.

One doubt, and please, any help would be very appreciated:

After using the codesign with the basic entitlements (sandbox true), the game can not write files inside its folder.

Inside the game, /Contents, I'm using several files to write the player profiles, etc.

Everything works okay after the normal codesign. But when using the entitlements (sandbox true), it seems not be possible.

I'm trying some Keys inside the entitlements, trying to allow the data writing, but still without success.

Do you know any Key allowing the data read/write for the entitlements.plist?

The game is ready. The codesign and the pack worked okay. Sandbox was the last request by the appStore. But using it, it seems I can't write files inside my game's folder anymore.

Thanks in advance.

 

Invent4, How did you sandbox your application?

 

hi
some update on how sandboxing a unity game for mac app store please ?
thanks so much for any help !

 

please help .... i have probles with sandboxing and signcode ( unity to mac store )
any help please ?

 

I made a support case, Case #00106080 with Unity support requesting their help here. If anyone else wants to resort to this in order to get official help with this feel free to quote the support number.

Its disappointing how bad Mac App Store support is. Please Unity Technologies help your developers like Mauricio here.

~A

 

There are multiple tutorials on the matter, its pretty simple but out of necesity it requires the usage of the terminal and the dev command line tools.
I think there are even scripts that you can simply execute.

Unity can't do anything to change that as OSX unlike iOS does not generate an xcode project so Apples buildchain could take over the task, its up to you to read the Apple documentation on the matter this time.

 

Ok would you mind listing the up to date tutorials then including sandboxing? Mauricio here is one of my clients (Yours too I think Dreamnora?) So please lets help him with something solid - some decent up-to-date instructions to work with? I know hes been trying for literally weeks to get his apps accepted.

 

hey, just letting you know that we are looking into this for you.

 

I have these steps from the devs to prepare your app for the Mac App Store:

1) Info.plist needs to be fixed.
2) .icns file should be prepared to have all the required resolutions of app icon. This one changes quite often.
3) Entitlements file needs to be made with sandboxing key in there.
4) App should be signed using users distribution certificate. Entitlements file should be supplied to the codesign utility.
5) Additionally libmono.dylib needs to be signed. (Entitlements file should be supplied to the codesign utility.)
6) Installer should be made and signed.

 

Here are some more details about building to Mac App Store, kindly provided by Mantas Puida one of our iOS devs.


1) Modifications needed to be done for Info.plist. It is based on old
Flashbang blogpost :
http://technology.blurst.com/unity-games-and-mac-app-store/

Here is a screenshot for everything that needs to be changed manually.



Additionally "LSApplicationCategoryType" key should be added, possible
values could be looked up here :
http://developer.apple.com/library/....html#//apple_ref/doc/uid/TP40010572-CH16-SW8

2) .icns file should be prepared to have all the required resolutions of app icon. This one changes quite often.

3) Sample entitlements file should look like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key> <true/>
<key>com.apple.security.device.usb</key> <true/>
</dict>
</plist>

Some games might require additional security exceptions. The whole
list of available exceptions is published here :
http://developer.apple.com/library/...x.html#//apple_ref/doc/uid/TP40011195-CH4-SW1

4) Signing application:

codesign --force --sign "<your certificate name>" --entitlements
<your_entitlements_filename>.entitlements <your_app_name>.app

Certificate name could be looked up in Keychain. The name of
distribution certificate typically begins with “3rd Party Mac
Developer Application.”. More details are available on
http://developer.apple.com/library/mac/#releasenotes/General/SubmittingToMacAppStore/_index.html

5) Additionally libmono.dylib also needs to be signed:
codesign --force --sign "<your certificate name>" --entitlements
<your_entitlements_filename>.entitlements
<your_app_name>.app/Contents/Frameworks/MonoEmbedRuntime/osx/libmono.0.dylib

6) Building a signed pkg:
productbuild --component
<path_to_current_location_of_the_app>/<your_app_name>.app
/Applications --sign "<your certificate name>" <your_app_pkg_name>.pkg

 

HI ! I followed all the step you described but the Mac Store still reject my app


My entitlement file look like this :

Code (csharp):

1.  
2. <?xml version="1.0" encoding="UTF-8"?>
3. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
4. "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
5. <plist version="1.0">
6. <dict>
7. <key>com.apple.security.app-sandbox</key> <true/>
8. </dict>
9. </plist>
10.  

I don't know how and why my app need the access to the music/download directory of the computer. Could it be that my app use Assetbundles ? (because I access to them with WWW and Application.dataPath but it still pretty weird).
Does anyone got a similar problem with the macstore submission ?

 

Hi,

We got it, our game is on appStore:
https://itunes.apple.com/us/app/bridge-project/id560104673?mt=12

About the question I made, about "- how to write files inside my app folder ? " the answer is, do not write there! Use another allowed folder. It's not Windows!

So, this topic helped me to find the users and app allowed folder to write files:
http://forum.unity3d.com/threads/23686-SOLVED-Special-folder-path-in-mac

This link helped with sandbox, also:
https://developer.apple.com/library...x.html#//apple_ref/doc/uid/TP40011195-CH4-SW1

We followed the steps which another users shared here in the forum, and everything gone ok.

The steps needed are well described by Aurora, it's a good sumary / manual.

Thanks for sharing!

By the way, here is a video of our "Bridge Project" : http://www.youtube.com/watch?v=mQDnK4sGy88&feature=plcp

All the best!

 

Hi,

I am using the *exact* entitlement file that CoatlGames
posted here. So the XML structure and syntax should be Ok.

But when running codesign from the commandline,
it gives me these errors:

unrecognized blob type (accepting blindly)
invalid length in entitlement blob

I have double-checked my .entitlements file and it looks fine.

Any ideas what might be causing this?

 

Apparently my problem outlined above came about because I used TextEdit to create the XML file.

When creating the XML file from within Xcode, then editing it in TextEdit afterwards, it works without errors.

 

I did exactly as written.
But this error appears when I load the. Pkg in Application Loader

"I'm using Xcode 4"

https://lh5.googleusercontent.com/-...53/Captura+de+Tela+2013-02-08+às+13.26.55.png

For God PLEASE someone help me?