I recently had the pleasure of sandboxing a Mac application that was written before sandboxing was required on the Mac App Store. I found a lot of good resources (including Apple’s Documentation) that covered the basics of setting up entitlements to give the application access to things that it needed.
However I was surprised to find that there were very few resources about some of the more advanced sandboxing topics. Things like security scoped bookmarks, the related files api, and code signing xpc services had sparse references even in the official sandboxing documentation.
I found these things to be necessary to support many of the existing features in my application but they didn’t seem to be mentioned much on the web.
Especially in the case of the related files API this forced me to use lots of trial and error and reverse engineering the current version of text edit (which has not yet released it’s source). Since this took up more of my time than I would have liked I thought I would post a few examples from my experience to hopefully reduce the pain others experience supporting some of the more advanced sandboxing features.