為了提高系統(tǒng)安全性，蘋果引入了Sandbox機(jī)制闯睹，要在app store發(fā)布的軟件需符合該機(jī)制戏羽。軟件的讀寫權(quán)限被嚴(yán)格的限制在一定范圍內(nèi)，大部分路徑的讀寫權(quán)限需要向用戶請求瞻坝。但是有些數(shù)據(jù)我們需要獲得較高的權(quán)限蛛壳，而且沒必要每次都向用戶申請。

如何解決呢所刀？還好apple給我們留了一個(gè)路徑讓我們自由讀寫衙荐。下面是apple文檔介紹如何操作相應(yīng)目錄

Container Directories and File System Access

When you adopt App Sandbox, your application has access to the following locations:

The app container directory. Upon first launch, the operating system creates a special directory for use by your app—and only by your app—called a container. Each user on a system gets an individual container for your app, within their home directory; your app has unfettered read/write access to the container for the user who ran it.

App group container directories. A sandboxed app can specify an entitlement that gives it access to one or more app group container directories, each of which is shared among all apps with that entitlement.

User-specified files. A sandboxed app (with an appropriate entitlement) automatically obtains access to files in arbitrary locations when those files are explicitly opened by the user or are dragged and dropped onto the application by the user.

Related items. With the appropriate entitlement, your app can access a file with the same name as a user-specified file, but a different extension. This can be used for accessing files that are functionally related (such as a subtitle file associated with a movie) or for saving modified files in a different format (such as re-saving an RTF flat file as an RTFD container after the user added a picture).

Temporary directories, command-line tool directories, and specific world-readable locations. A sandboxed app has varying degrees of access to files in certain other well-defined locations.

These policies are detailed further in the sections that follow.

The app container directory.就是我們獲取的完全權(quán)限。

The app container directory. Upon first launch, the operating system

creates a special directory for use by your app—and only by your

app—called a container. Each user on a system gets an individual

container for your app, within their home directory; your app has

unfettered read/write access to the container for the user who ran it.

下面是kindle的containers路徑

~/Library/Containers/com.amazon.Kindle/Data/Library/Application Support/Kindle