Recent posts



Copyright © 2024 innovative-bytes
All rights reserved.


How sandbox access in Start works

Posted on: | Category:

According to Apple's specifications, Start uses Apple's sandbox. As a result, Start's access to numerous areas of the system is restricted and only possible after the user has asked. When using Start, you have probably noticed messages from time to time where Start asks for permission to open a folder or file.

How does sandbox access work in Start?

Start automatically detects all applications in the default application directory of your Mac and usually has access to launch them automatically. If you add another folder to the search scope, both this folder and the access needed for it will be saved. Likewise, if you manually add files or folders to Start, a new entry is created in Start and access to it is saved at the same time. You can easily see which accesses are currently set up in the settings under "Sandbox access" and also adjust them.

If you now want to launch an entry in Start, Start checks whether it can reach the desired object and whether access rights are available. For this purpose, the entries available in the settings under "Sandbox Access" are searched for a suitable access and - if a suitable entry is available - the object is opened using this entry. If no suitable entry can be found, Start asks whether you want to grant access.

Can this procedure be optimized?

Especially if there are many manually created entries, the list of entries for "Sandbox Access" can become very long. Also, from time to time, entries can accumulate that may no longer be valid at all, since the corresponding entry in Start no longer exists. However, the whole thing can also be optimized simply: an access share for a folder automatically includes all subdirectories and files. So if you want Start to be able to access all files and directories of your user directory or the whole system without individual access shares, for example, you can simply add the corresponding folder manually.

In the following screenshot, for example, the root folder of the system was added as the only entry - this means that Start can open all folders and files without needing a separate access share for each entry.

Start can never access files or folders on its own - you decide what Start can see and do.