First of all let I'd like to say that I'm evaluating this software and I really like it so far. I will certainly buy it if I can get this issue resolved.
I found two other topics related to this issue, but following the steps suggested in those topics didn't resolve the problem for me.
I'm using MacBook Pro 2021 with MacOS 12.1.
When opening an mp3 file from the ~/Downloads folder everything works just fine. But when I move that file to the other folder, which is also located on the internal drive (APFS) I'm getting the following error:
Cannot access file "/System/Volumes/Data/Data/Audio/myfile.mp3" via secure bookmark
To my understanding the "Data" here represents a separate volume mounted on "/System/Volumes/Data", whereas the Downloads folder would be located on the root volume (under /Users). I have to admit that I'm not confident about that volume structure and I'm not an expert in APFS, but this is what I deduce from the "df" mount points overview, which was in turn created by the migration assistant while migrating from an older system.
When running the following command from the target ("Audio") folder I get an empty list:
I tried opening the file and the whole folder via Cmd+O, but that didn't create any new SecurityScopedBookmarks records. I also tried deleting the SecurityScopedBookmarks property, but that didn't change anything either (I'm not getting any new SecurityScopedBookmarks records created after reopening the program).
Here is what I get in the console log:
error 14:00:31.915978-0500 Mp3tag Found NO secure bookmark for file:///System/Volumes/Data/Data/Audio/myfile.mp3
error 14:00:31.916147-0500 Mp3tag cannot open file at line 45340 of [d24547a13b]
error 14:00:31.916162-0500 Mp3tag os_unix.c:45340: (2) open(/var/db/DetachedSignatures) - No such file or directory
default 14:00:31.933624-0500 Mp3tag Created secure bookmark for file:///System/Volumes/Data/Data/Audio/myfile.mp3
error 14:00:31.935468-0500 Mp3tag Error resolving secure bookmark: Error Domain=NSCocoaErrorDomain Code=256 "Couldn't issue sandbox extension for the resolved URL" UserInfo={NSDebugDescription=Couldn't issue sandbox extension for the resolved URL}
error 14:00:31.936883-0500 Mp3tag Error resolving secure bookmark: Error Domain=NSCocoaErrorDomain Code=256 "Couldn't issue sandbox extension for the resolved URL" UserInfo={NSDebugDescription=Couldn't issue sandbox extension for the resolved URL}
default 14:00:31.942651-0500 Mp3tag Adding presenter 740445AD-2A81-4789-B029-AFF9BA827359 for URL: <private>
error 14:00:37.755390-0500 Mp3tag Found NO secure bookmark for file:///System/Volumes/Data/Data/Audio/myfile.mp3
default 14:00:37.759129-0500 Mp3tag Created secure bookmark for file:///System/Volumes/Data/Data/Audio/myfile.mp3
error 14:00:37.762571-0500 Mp3tag Error resolving secure bookmark: Error Domain=NSCocoaErrorDomain Code=256 "Couldn't issue sandbox extension for the resolved URL" UserInfo={NSDebugDescription=Couldn't issue sandbox extension for the resolved URL}
error 14:00:37.766413-0500 Mp3tag Error resolving secure bookmark: Error Domain=NSCocoaErrorDomain Code=256 "Couldn't issue sandbox extension for the resolved URL" UserInfo={NSDebugDescription=Couldn't issue sandbox extension for the resolved URL}
default 14:00:37.766490-0500 Mp3tag Cannot access write file file:///System/Volumes/Data/Data/Audio/myfile.mp3 via secure bookmark
error 14:00:37.772293-0500 Mp3tag Cannot access file "/System/Volumes/Data/Data/Audio/myfile.mp3" via secure bookmark (accessDenied(file:///System/Volumes/Data/Data/Audio/myfile.mp3))
Thanks for the detailed documentation of the steps you've already taken and for providing the corresponding log entries.
It seems like Mp3tag cannot obtain any secure bookmarks for the file location and also cannot write to the settings. Are other preferences stored persistently, e.g., when changing something at Preferences → General and restarting the app?
This certainly looks like a more broader issue. However, if everything else is working fine on your Mac, I assume that it's local to Mp3tag.
I tried changing the "File List" Preferences, like it was suggested in another ticket, and it worked: after restarting the application the change was saved as expected.
Just like you mentioned, Mp3tag is the only application affected by this issue.
I'm using Mp3tag version 1.3.2 (54) in trial mode, downloaded (yesterday) from the "mp3tag.app" web site (as opposed to the App Store).
I've did some more experiments and tried to created the environment which produces the error. It seems that I cannot create any additional Data folder at /System/Volumes/Data/ due to what is called SIP or System Integrity Protection on macOS (starting from Catalina).
However, doing so as root user via
cd /System/Volumes/Data/
sudo mkdir -p Data/Audio
did work and I've copied some example files (also as root user). Trying to write to those files from within Mp3tag produced a permission denied error. I've changed the owner to my local username and group via
sudo chown -R florian:staff Data/Audio
and was able to reproduce the error you're getting. It really seems to be the macOS sandbox preventing access to files stored at this location — I can create secure bookmarks, but I'm not able to resolve them back to a file URL, resulting in the errors you've posted initially.
This is only meant as an update. I'll continue investigating this and keep you posted.
Yes, it's also a mounted APFS volume on my system and contains, e.g., the Users folder where access to files works without problem. What doesn't seem to work as intended is access to files in folders at /System/Volumes/Data/ other than Users, e.g., Data/Audio as per your example.
Thank you very much. As part of the troubleshooting, may I suggest adding the necessary records to the defaults manually? Just to confirm that fixing/working around the path resolution issue would actually fix the problem.
The data to store there cannot be constructed manually, it's binary data that is provided by the macOS ScopedBookmarkAgent and can only be obtained via opening files or folders via an Open/Save panel or drag and drop.
I've also posted this on Twitter and one response suggested to just move the folder to your User's folder. It doesn't resolve the original problem, but would certainly work around the issue.
Is it correct to assume that ScopedBookmarkAgent should display a pop-up window asking for the user's confirmation providing the application access to that specific folder? I have never got such requests from any applications except for the access to folders inside the home folder, like "Desktop", "Downloads", etc.
I'm just confused because I never had this kind of problems with any other applications. For example, I previously I used the MusicBrainz Picard for mp3 tagging and I was always able to access this specific folder. I started looking for alternative software because I want something that works with Apple silicon natively.
No, it's usually done transparently by Mp3tag itself by creating the bookmarks for folders that are either opened via an Open Panel or by drag and drop. In both ways, macOS provides secure access to the app because it ensures that the user intended to access the files through this app.
One exception is when the user only open or drags files (not folders) and later wants to rename the files, because renaming files requires secure access to the parent folder. In this instance, Mp3tag asks for secure access by showing an open panel with a short explanation.
MusicBrainz Picard doesn't use the macOS sandbox system. This is only required for apps distributed via the Mac App Store (which Mp3tag is). Other apps might employ specific workarounds for the issue you're having and I've spent the past week finding one of those.
I've now created a beta version which potentially allows for editing the files in this special folder and I'll sent a link to this version shortly via PM. Please let me know how it goes.
Thank you for explaining the nature of this problem, I really appreciate it. And I should confirm that I prefer to purchase software directly from the manufacturer rather then via App Store (where possible), so it is absolutely possible that non-AppStore versions that I install do not use the sandbox system (I remember I've seen this information somewhere already that AppStore versions are slightly different).
And the good news is, I tested the beta version and it worked as expected! Thank you so much! I'm planning to make my purchase a bit later today. Do you think this update will be released any time soon?
I hope to release a official version including the workaround by the end of the month (at the latest) and you can use the beta till then. This way, you can be sure it's working for you and you don't need to hurry.