I made an OS-independent Java application with installers for each OS (I used install4j), and I want to put a Mac installer on the app store. However, that means the app has to be sandboxed and there are restrictions on file access.
My installers let the user choose an installation directory and then the .jar file and other user-editable files (settings etc.) are extracted from the installer into that folder. The application then has to be able to read and write files in this installation directory. For app store submission I have install4j produce a .pkg which installs the sandboxed app fine, but then when I run the sandboxed app it fails when it tries to write to the installation directory. Without the sandbox it works fine.
From what I've read, each sandboxed app has a "container" in which it has read and write permissions. It says here:
Use the FileManager method url(for:in:appropriateFor:create:) to find common directories for user documents, scripts, and supporting files, as it returns a location within the app’s container for a sandboxed app.
But in Java there is no such method, so how am I supposed to find the app's container without just assuming where it will be?
Also, I would prefer my application code not to worry about the OS it is running on, so it would be good if the installation directory could be used for every OS. I don't think it's unreasonable for an app to read and write files in its installation directory where all its files are put at installation. Is there an entitlement to allow that? com.apple.security.files.user-selected.read-write didn't do the job when I tried it. Nor does it seem any of the other file entitlements listed here would work, except the all files entitlement, but that's deprecated.