How do I get around NSCocoaErrorDomain:257 when pulling a file from the Files app?

Question

I'm trying to access a file to pull a copy into my app so that users can associate it with relevant information. It used to work just fine up until recently, and now I suddenly am getting the following message:

Failed to read file, error Error Domain=NSCocoaErrorDomain Code=257 "The file “[File name]” couldn’t be opened because you don’t have permission to view it." UserInfo={NSFilePath=/private/var/mobile/Library/Mobile Documents/com~apple~CloudDocs/[File name], NSUnderlyingError=0x281b88690 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}

This is the code that's throwing the error:

//AppDelegate.m
-(BOOL)application:(UIApplication *)app openURL:(NSURL *)url options:(NSDictionary<UIApplicationOpenURLOptionsKey,id> *)options
{
    if (![url.pathExtension isEqualToString:@"pdf"] && ![url.pathExtension isEqualToString:@"png"] && ![url.pathExtension isEqualToString:@"jpg"] && ![url.pathExtension isEqualToString:@"jpeg"]){
        return false;
    }
    NSError* error = nil;
    NSString *path = [url path];
    NSData *data = [NSData dataWithContentsOfFile:path options: 0 error: &error];
    if(data == nil) {
        NSLog(@"Failed to read file, error %@", error);
    }

    //Do stuff with the file    

    return true;
}

I did update to xcode 11 and iOS 13, so there may have been a change there that I wasn't aware of.

Answer 1

It's needed to use startAccessingSecurityScopedResource. It's is a method used on macOS and iOS to access security-scoped resources. These resources refer to files or directories that your application does not have direct access to due to security restrictions, such as file locations in App Group containers or files in system-protected locations.

If this is not done, the following error could occur:

Error Domain=NSCocoaErrorDomain Code=257

The startAccessingSecurityScopedResource method is used to request temporary access to these scoped security resources, allowing your application to access them for a limited period of time, usually until your application finishes its work with the resource. This is useful to ensure that your application can work with these resources without violating system security restrictions.

For example, the following path for a .kml file would be:

file:///private/var/mobile/Containers/Shared/AppGroup/XXXXXXXX/File%20Provider%20Storage/example_file.kml

It is IMPORTANT to remember to stop access to the resource using stopAccessingSecurityScopedResource once you have finished using it to free up resources and maintain good security and permissions management.

Below we see a simple example of use:

import Foundation

// Get the URL of the file within the App Group container
if let fileURL = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: "com.yourcompany.yourappgroup")?.appendingPathComponent("example_file.kml") {
    
    // Request temporary access to the security-scoped resource
    let accessGranted = fileURL.startAccessingSecurityScopedResource()
    
    if accessGranted {
        do {
            // Safely access the file
            let fileContents = try String(contentsOf: fileURL, encoding: .utf8)
            print("File contents: \(fileContents)")
        } catch {
            print("Error reading the file: \(error.localizedDescription)")
        }
        
        // Stop accessing the resource after use
        fileURL.stopAccessingSecurityScopedResource()
    } else {
        print("Failed to obtain access to the security-scoped resource.")
    }
}

Answer 2

Jordan has a great answer! Here's the version translated to Swift

let isAccessing = url.startAccessingSecurityScopedResource()

// Here you're processing your url

if isAccessing {
    url.stopAccessingSecurityScopedResource()
}

As I encountered this myself and the comment to Jordan's answer confirmed this happens only on the real device. Simulator has no such an issue

Answer 3

It turns out there's a "using" function that tells the app its accessing files outside of it's sandbox. The methods startAccessingSecurityScopedResource and stopAccessingSecurityScopedResource on NSURL need to be wrapped around the code using the url, like so:

BOOL isAcccessing = [url startAccessingSecurityScopedResource];
NSError* error = nil;
NSString *path = [url path];
NSData *data = [NSData dataWithContentsOfFile:path options: 0 error: &error];
if(data == nil) {
    NSLog(@"Failed to read file, error %@", error);
}
if (isAccessing) {
    [url stopAccessingSecurityScopedResource];
}

I'm not sure if there's anything specific to iOS 13 that requires this when it didn't previously, but that is the only real change between it working and not working.