Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-120528

Support accessing security-scoped URLs on macOS/iOS

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • P2: Important
    • 6.8
    • 6.5, 6.6, 6.7
    • QPA
    • None
    • iOS/tvOS/watchOS, macOS

    Description

      Starting from iOS 13, the document picker in iOS returns security-scoped URLs. When you obtain a security-scoped URL, you can’t immediately use the resource it points to. To make the resource available to your app, we need to call startAccessingSecurityScopedResource and stopAccessingSecurityScopedResource methods.

      To access these URLs in the future we can save them as bookmark data. Security-scoped URLs come with some metadata for the security scope that needs to be explicitly included via {{NSURLBookmarkCreationWithSecurityScope }}when creating a bookmark from them. From the docs:

       When you later resolve the bookmark, you can use the resulting security-scoped URL to obtain read/write access to the file-system resource pointed to by the URL. To obtain a security-scoped URL from a security-scoped bookmark, call this method using the NSURLBookmarkResolutionWithSecurityScope option. In addition, to use security scope, you must first have enabled the appropriate entitlements for your app, as described in Enabling Security-Scoped Bookmark and URL Access.

       

      Suggestions from discussion in: https://codereview.qt-project.org/c/qt/qtbase/+/527335

      • This API is also relevant for macOS (for sandboxed apps), so we could create a custom Darwin file system engine for security-scoped resources. We could wrap the URLs in a custom scheme, and use a custom file system engine like we do for photos, to automatically wrap access (open/close) in the appropriate calls to startAccessingSecurityScopedResource.
      • To pass around QUrls with the bookmark data embedded, we could create a custom scheme security-scoped-url:<base-64-encoded-data-from-bookmarkDataWithOptions> similar to the data-scheme in browsers. If we can open a QFile from a "data:" scheme, we could build it on data and embed it as data:macos/security-scoped-url,<data>.

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              tpochep Timur Pocheptsov
              dorisverria Doris Verria
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are no open Gerrit changes