fix(apple/macos): drop the rejected audioanalyticsd sandbox exception
apple / swift (push) Successful in 1m18s
arch / build-publish (push) Successful in 5m4s
release / apple (push) Successful in 8m16s
ci / rust (push) Successful in 6m2s
android / android (push) Successful in 11m29s
ci / web (push) Successful in 52s
ci / docs-site (push) Successful in 1m0s
apple / screenshots (push) Successful in 5m32s
deb / build-publish (push) Successful in 3m1s
decky / build-publish (push) Successful in 24s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 5s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 4s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 4s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 5s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 5s
rpm / build-publish (44, fedora-44, punktfunk-fedora44-rpm) (push) Has been cancelled
rpm / build-publish (43, bazzite, punktfunk-fedora-rpm) (push) Has been cancelled
docker / deploy-docs (push) Has been cancelled
ci / bench (push) Successful in 4m46s
apple / swift (push) Successful in 1m18s
arch / build-publish (push) Successful in 5m4s
release / apple (push) Successful in 8m16s
ci / rust (push) Successful in 6m2s
android / android (push) Successful in 11m29s
ci / web (push) Successful in 52s
ci / docs-site (push) Successful in 1m0s
apple / screenshots (push) Successful in 5m32s
deb / build-publish (push) Successful in 3m1s
decky / build-publish (push) Successful in 24s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 5s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 4s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 4s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 5s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 5s
rpm / build-publish (44, fedora-44, punktfunk-fedora44-rpm) (push) Has been cancelled
rpm / build-publish (43, bazzite, punktfunk-fedora-rpm) (push) Has been cancelled
docker / deploy-docs (push) Has been cancelled
ci / bench (push) Successful in 4m46s
App Review declined 0.4.2 (3384) under guideline 2.4.5(i): the temporary com.apple.security.temporary-exception.mach-lookup.global-name = com.apple.audioanalyticsd exception "is not appropriate and will not be granted." It had been added on the theory that CoreHaptics controller rumble (RumbleRenderer / MenuHaptics) hard-crashes under the App Sandbox without it, since the framework reaches the audio-analytics daemon over Mach and the sandbox denies that global-name lookup. Tested the theory directly on macOS with a real Xbox pad: a CHHapticEngine start + full-intensity rumble in a genuinely enforced sandbox (NSHomeDirectory redirected into the app container) with no exception on the codesigned binary runs fine — no crash — even with a live AVAudioEngine stream running concurrently. CoreHaptics tolerates the denied lookup; the exception was never load-bearing. So just remove it: CoreHaptics session rumble and menu haptics keep working on macOS unchanged (no source change needed). DualSense stays on its raw-HID path — a genuine Sony-motor gap — which needs no exception either. Resubmit requires a new build number and clearing the App Store Connect App Sandbox entitlement-usage justification for this exception. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -48,21 +48,21 @@
|
|||||||
<key>com.apple.security.device.usb</key>
|
<key>com.apple.security.device.usb</key>
|
||||||
<true/>
|
<true/>
|
||||||
|
|
||||||
<!-- Controller rumble via CoreHaptics: GCDeviceHaptics.createEngine → CHHapticEngine
|
<!-- NO mach-lookup temporary exception here — and none is needed. Build 0.4.2 (3384) shipped a
|
||||||
(GamepadFeedback's RumbleRenderer), and AVAudioEngine playback, reach the system
|
`com.apple.security.temporary-exception.mach-lookup.global-name` = com.apple.audioanalyticsd
|
||||||
audio-analytics daemon `com.apple.audioanalyticsd` over Mach. The sandbox denies that
|
exception on the THEORY that CoreHaptics controller rumble (CHHapticEngine — the session
|
||||||
global-name lookup unless it's whitelisted here, and the framework's own precondition
|
RumbleRenderer + MenuHaptics) hard-crashes under the App Sandbox without it, because the
|
||||||
turns the denial into a HARD CRASH ("Process is sandboxed but
|
framework reaches the audio-analytics daemon over Mach and the sandbox denies that lookup.
|
||||||
com.apple.security.exception.mach-lookup.global-name doesn't contain
|
App Review REJECTED the exception under guideline 2.4.5(i) (review 2026-07-04). We then
|
||||||
com.apple.audioanalyticsd") the moment a controller's haptics engine starts. This
|
tested the premise directly on macOS: a CHHapticEngine start + full-intensity rumble on a
|
||||||
temporary exception is the documented, App-Store-acceptable way to permit exactly that
|
real Xbox pad, in a genuinely ENFORCED sandbox (NSHomeDirectory redirected into the app
|
||||||
lookup — and ONLY that service (the key takes exact names, no wildcards). App Store:
|
container) with NO exception on the codesigned binary — and it ran WITHOUT crashing, rumble
|
||||||
declare it in App Store Connect → App Sandbox Entitlement Usage Information ("CoreHaptics
|
and all, even with a live AVAudioEngine stream running concurrently. CoreHaptics simply
|
||||||
gamepad rumble contacts the system audio-analytics daemon"). -->
|
tolerates the denied audioanalyticsd lookup (it's telemetry, not a hard precondition). So
|
||||||
<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
|
controller rumble works fully sandboxed with none of these exceptions. Do NOT re-add one —
|
||||||
<array>
|
it will be rejected again AND it buys nothing. (DualSense rumble separately goes over raw
|
||||||
<string>com.apple.audioanalyticsd</string>
|
HID via device.usb/device.bluetooth — CoreHaptics genuinely doesn't drive Sony motors on
|
||||||
</array>
|
macOS — but that path needs no exception either; see DualSenseHID.) -->
|
||||||
|
|
||||||
<!-- Keychain Sharing (unchanged from the shared file): a team-scoped access group so the
|
<!-- Keychain Sharing (unchanged from the shared file): a team-scoped access group so the
|
||||||
punktfunk/1 client identity in the data-protection keychain is gated by the app's
|
punktfunk/1 client identity in the data-protection keychain is gated by the app's
|
||||||
|
|||||||
Reference in New Issue
Block a user