Installing MS PowerPoint extensions on macOS 15

back soon

Let’s start with your technical questions:

Can we obtain com.apple.security.temporary-exception.files.home-relative-path.read-write to the SlidoAddin.localized folder?

No. That specific question doesn’t make sense, because temporary exception entitlements apply to the App Sandbox restrictions and you’re not sandboxed. You’re hitting a MAC restriction, per the terminology in sOn File System Permissions.

But, addressing the spirit of the question, there is no entitlement that allows third-party developers to bypass this check.

Can we obtain a user permission which will be persisted so next time the Slido app can verify its files and uninstall them without further prompts?

No. As things are currently set up, this privilege is only granted to the calling process.

IMO the best path forward is to reach out to the app vendor for guidance. I see two possibilities here:

• Either they do want to support third-party extensions like this, in which case they should provide a supported way to install them. Or adopt ExtensionKit, which causes this whole problem to go away (-:

• Or they don’t, which is a bigger picture concern.

You are, of course, feel to file a bug with Apple about this. However, based on your description of the issue, macOS 15 seems to be doing exactly what it should be doing.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

We understand that entitlements require the app to be sandboxed and preferably we would have it sandboxed and available on Mac App Store.

Based on our testing the sandboxed app with a temporary exception was able to read/write data to Group Containers on macOS 14.

Thanks for the link to the File System Permissions article.

I don't think the Microsoft will change PowerPoint / Office apps architecture to use ExtensionKit. Yet, they have a supported and documented way of installing the extensions if customer is using Finder. In such case the user is not prevented from making changes to the User Content.localized/Add-Ins.localized/ - therefore our customer expect an app would be able to the same for them.

So if I understand it correctly, the only way to install and register the extensions would be by a tool created by Microsoft which can therefore write data to UBF8T346G9.Office container.

But how such tool would get the extension files from our app's container if apps cannot read data between different TeamID containers?

Sorry I didn’t reply sooner; I missed your last reply )-:

therefore our customer expect an app would be able to the same for them.

That’s not really a valid expectation, and hasn’t been for a long time. System components, like the Finder, have numerous privileges relative to third-party apps.

if I understand it correctly, the only way to install and register the extensions would be by a tool created by Microsoft [/quote]

It’s not the only way. Right now your app can access the group container as long as the user approves it, which is something you can expect to continue working in the short term.

But as to the long-term solution, earlier I said “they should provide a supported way to install them” and I think that’s the key here. How they might do that is their business.

But how such tool would get the extension files from our app's container if apps cannot read data between different TeamID containers?

ExtensionKit, obviously (-:

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"