Anyone making "Sandbox-Safe" Audio Units?

DSP, Plugin and Host development discussion.
Post Reply New Topic
RELATED
PRODUCTS

Post

Angus_FX wrote: @xh3rv Inter-app audio can be done, but there's always some latency penalty & a limit to scalability. For 5 AudioBus apps on an iPad, fine; for 90 on a Mac Pro?

Additionally, most existing inter-app systems don't currently offer a decent session-restore mechanism. In iOS, apps typically automatically restore their last state so it's not such an issue, but switching between 5 different projects, each using 5 different devices, doesn't exactly have a good user experience right now.

(It may additionally be that Apple will see inter-app audio as a security hole - it could be exploited as communication channel between a sandboxed app & an unsandboxed one, which they seem to be trying pretty hard to prevent).
I think the ios7 Core Audio interapp is pulling buffers through nodes in an AUGraph to render an output buffer, rather than pushing things around hackishly - I think this is not different than a DAW? Some iOS devs claim the system is zero latency. iOS apps can be 'hosts' or 'nodes', but really are registering with an independent AURemoteIO object. Nodes are an app but spawn audio units that hosts can interact with to construct the graph. I'm probably missing something?

Session restore does seem weird, although it's not the app state but the audio unit state that needs to be recalled. Inter-app audio at a system level would be sort of de-facto secure.

I've got Geist stand-alone on my dock, that'd be pretty awesome for something like this I'd think ... wishful thinking.
Top

Post

Urs wrote: If Apple, google and co were clever, they'd put their hope into desktop computing, not online storage. I think that NSA and co have rendered the cloud void. Many people start to realise that smartphones and tablets don't need a trojan to be malware motherships - they come with a built-in espionage warranty.
As an American ... sorry about Angela Merkel's cell phone. :oops: :hihi: Always been against that sort of stuff.
Top

Post

Well, it's things like this that worry me about the 'cloud':

Windows Azure Compute cloud goes TITSUP WORLDWIDE
http://www.theregister.co.uk/2013/10/30 ... obal_fail/

Although the phrase 'Blue Sky of Death' is great!

But that's Microsoft, and shouldn't reflect on Apple's future security or server stability at all! They are completely different - probably. :)
Top

Post

this thread just keeps getting more interesting... and also simultaneously creates new computer related anxiety.

i wouldn't blame any of you devs if you just stopped making AUs out of spite. (and i'm a logic user!) it's surprising there hasn't been some kind of small scale revolt against apple... i doubt they'd take the message seriously though.

threads like this one and other discussions over the last year have opened my eyes a bit regarding apple's practices and plans for the future and what you devs have to deal with.

i think i just sandboxed my money so it can't get a socket connection to apple.
Top

Post

dayjob wrote:t's surprising there hasn't been some kind of small scale revolt against apple...
I think maybe there is, but it doesn't happen in a public forum. While Apple employees wouldn't post here, they're fine by email.

(one day, when the NSA is hacked and all their content is available on Wikileaks, there'll be some gems to be discovered)
Top

Post

Urs wrote:
dayjob wrote:t's surprising there hasn't been some kind of small scale revolt against apple...
I think maybe there is, but it doesn't happen in a public forum. While Apple employees wouldn't post here, they're fine by email.

(one day, when the NSA is hacked and all their content is available on Wikileaks, there'll be some gems to be discovered)
it would be one helluva popcorn eating event to see a mass of developers walk out of WWDC or just quit playing along

i could live w/o logic. i would miss five12 numerology though..

but who knows what the timeline for apple's plans is... so long as my current laptop and desktop keep working then i'm not worried... i can keep things at 10.8.5 and not update logic beyond its current state... and likely build a hackintosh and gather up a copy of 10.8.5 to run it... so.. i can "stay old" with my music making stuff with some effort...

but i could happily just bail out on apple if the path is there to do that.
Top

Post

Hahaha, I don't think things go away in a hurry. There's still VST and the "old way" AUs will also keep working.
Top

Post

Urs wrote:It's not just that. If we sell AUs in the App Store, we don't get any info about our customers. No name, no email address, nada. Thus, if anyone wants to have a VST version as well, he has to buy twice. No crossgrades possible.
Perhaps a standalone version can check if a legit AU is on the system using codesign and offer a cross-grade link or even download and install the VST for free.
Top

Post

George wrote:
Urs wrote:It's not just that. If we sell AUs in the App Store, we don't get any info about our customers. No name, no email address, nada. Thus, if anyone wants to have a VST version as well, he has to buy twice. No crossgrades possible.
Perhaps a standalone version can check if a legit AU is on the system using codesign and offer a cross-grade link or even installing the VST for free.
Hmm, then the just need to buy once, upload to torrents and off they go. Free VSTs for everyone :lol:

I have no idea how Apple's copy protection works, I guess it's some sort of white list embedded somehwere in the system. I'm quite sure it isn't available for us to check out...
Top

Post

:hihi: Well, the "free" VST could check AU codesign to be able to work. I found a Receipt Validations article at Apple

https://developer.apple.com/library/mac ... 73-CH1-SW2
Top

Post

Cool stuff :-o
Top

Post

My plug-ins are not signed nor sandbox-safe, so when I first loaded one into GaragdeBand 10 it asked me whether I wanted to lower its shields, after which they seemed to work fine. I have stumbled upon one issue though: I use

Code: Select all

NSSearchPathForDirectoriesInDomains(NSApplicationSupportDirectory, NSUserDomainMask, YES);
to get the user's application support directory, which returns something like

Code: Select all

/Users/username/Library/Containers/com.apple.garageband10/Data/Library/Application Support
So far so good, I guess. I then add /CombF to this path and create the directory if it doesn't exist already, which all seems to work. However, if I then pass this path to NSOpenPanel or NSSavePanel it fails and opens the (non-sandboxed) user's documents folder instead. If I then manually browse to the sandboxed user's application support directory (using Shift-Cmd-G to open the user's library directory), I can successfully read/write files there.

Is there any way I can get NSOpenPanel and NSSavePanel to open in the sandboxed user's application support directory (preferrably without making my plug-ins sandbox-proof) without having to browse to it manually?
Top

Post

Hello,

Just got a reply from Apple in dev portal.


Here are the current recommendations:

(a) Safest assumption
An AudioUnit has full write access to ~/Music (each AudioUnit host needs this directory anyway, Logic Pro X/GarageBand X and MainStage store their settings, etc in ~/Music/Audio Music Apps). Each plugin will therefore have access to all files in this directory. You could create a hidden directory by prefixing "." in front of the name. I would use the AU-BUNDLE-ID as a directory name to avoid conflicts. This is compatible with or without a sandbox on all OS X versions.

(b) Work-around for all other directories relative to $HOME
All access to the file system relative to $HOME will end up inside the container of the sandboxed host. To avoid that, you need to find the real home directory (see the sample code below), which will work just fine, because GBX provides full filesystem access. Right now this access is necessary anyway to maintain compatibility with e.g. sample libraries and files somewhere on the system or external hard drives. We plan to move to secure bookmarks in the future.

+-(NSString *)realHomeDirectory
+{
+ struct passwd *pw = getpwuid(getuid());
+ if (pw == nil)
+ return nil;
+ return [NSString stringWithUTF8String:pw->pw_dir];
+}

(c) Additional recommendations
The following directories seem reasonable for an AudioUnit, if ~/Music is not an option. This way at least the data is in clearly defined directories.

- ~/Library/Application Support/<AU-BUNDLE-ID>
- ~/Library/Caches/<AU-BUNDLE-ID>
- ~/Library/Preferences/<AU-BUNDLE-ID>
Logic X rocks!!!
Top

Post

Thanks for the heads up, jendakub.

So this basically means that to get the user "documents" directory Apple now recommends to hardcode the path, concatenated to the "~" directory returned by a unix function call?!? This looks like a huge security hole (or more precisely a sandbox hole), as well as a freaking bad method if the path ever changes in the future, doesn't it?... Why bother with sandboxing if you can access all paths with good old unix stuff?!?
Top

Post

Thanks, jendakub! :)

I can confirm that getpwuid(getuid()) returns the non-sandboxed home directory (in my non-sandboxed AU plug-in) in GarageBand 10. This also seems to work in other hosts, and also on Mac OS X 10.6.8. Here is what I will probably implement in ComboV and ComboF:

Code: Select all

#include <unistd.h>
#include <pwd.h>

struct passwd* pw = getpwuid(getuid());
if (pw)
{
	NSString* path = [[NSString stringWithUTF8String:pw->pw_dir] stringByAppendingString:@"/Library/Application Support/ComboF"];
}
I agree that this is a rather weird solution, but it does seem to work (at least for now).

However, ~/Library/Application Support/ComboF doesn't work for me, at least not if I call [NSString stringByExpandingTildeInPath] on it, because then it expands to the sandboxed path, just like NSSearchPathForDirectoriesInDomains() does.
Top
Post Reply

Return to “DSP and Plugin Development”