NSCocoaErrorDomain Code=257 File Permission

Question

While trying to get a file inside a Swift UI App using a UIViewControllerRepresentable wrapping an UIDocumentPickerViewController, I ran into a very weird behaviour:

Running the app on the simulator works as expected. Running the app on a physical device however would not return the files. Instead it would throw this error: Error Domain=NSCocoaErrorDomain Code=257 "The file “grile.doc” couldn’t be opened because you don’t have permission to view it."

Debugging, I managed to find that the code block causing this error to be thrown on the physical device isn't the actual accessing of the file, instead it's trying to get the file size that throws.

What am I doing wrong here, that makes this Representable work just fine on a simulator but not work on a physical device?

I have already tried using the FileManager approach to get file size, same thing happens. I also tried copying the file to a temp location with FileManager, that also throws the same error.

import Foundation
import SwiftUI
import UniformTypeIdentifiers

struct FilePicker: UIViewControllerRepresentable {
    
    // MARK: - Properties
    var didPickFileURL: ((URL) -> Void)
    var didPickFileOverFileSizeLimit: (() -> Void)
    
    // MARK: - UIViewController Wrapper Methods
    func makeUIViewController(context: Context) -> UIDocumentPickerViewController {
        let picker = UIDocumentPickerViewController(forOpeningContentTypes: [UTType("public.item")!])
        picker.allowsMultipleSelection = false
        picker.delegate = context.coordinator
        return picker
    }
    
    func updateUIViewController(_ uiViewController: UIDocumentPickerViewController, context: Context) {
    }
    
    func makeCoordinator() -> Coordinator {
        return FilePicker.Coordinator(parent: self)
    }
    
    
    // MARK: - Coordinator
    class Coordinator: NSObject, UIDocumentPickerDelegate {
        
        // MARK: - Coordinator Properties
        var parent: FilePicker
        
        
        // MARK: - Coordinator Init
        init(parent: FilePicker) {
            self.parent = parent
        }
        
        
        // MARK: - Coordinator UIDocument Delegate
        func documentPicker(_ controller: UIDocumentPickerViewController, didPickDocumentsAt urls: [URL]) {
            guard let url = urls.first else { return }
            
            do {
                let resources = try url.resourceValues(forKeys:[.fileSizeKey])
                let fileSize = Double(resources.fileSize!)
            
                // check if the file size is bigger than the limit per attachment
                if fileSize.convertBytesToMegabytes() < 10 {
                    self.parent.didPickFileURL(url)
                } else {
                    self.parent.didPickFileOverFileSizeLimit()
                }
            } catch {
                print("Error: \(error)")
            }
        }
    }
}

The conversion extension:

extension Double { 
    func convertBytesToMegabytes() -> Double {
        let kilobytes = self / 1024
        let megabytes = kilobytes / 1024
        return megabytes
    }
}

Answer 1

It's needed to use startAccessingSecurityScopedResource. It's is a method used on macOS and iOS to access security-scoped resources. These resources refer to files or directories that your application does not have direct access to due to security restrictions, such as file locations in App Group containers or files in system-protected locations.

If this is not done, the following error could occur:

Error Domain=NSCocoaErrorDomain Code=257

The startAccessingSecurityScopedResource method is used to request temporary access to these scoped security resources, allowing your application to access them for a limited period of time, usually until your application finishes its work with the resource. This is useful to ensure that your application can work with these resources without violating system security restrictions.

For example, the following path for a .kml file would be:

file:///private/var/mobile/Containers/Shared/AppGroup/XXXXXXXX/File%20Provider%20Storage/example_file.kml

It is IMPORTANT to remember to stop access to the resource using stopAccessingSecurityScopedResource once you have finished using it to free up resources and maintain good security and permissions management.

Below we see a simple example of use:

import Foundation

// Get the URL of the file within the App Group container
if let fileURL = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: "com.yourcompany.yourappgroup")?.appendingPathComponent("example_file.kml") {
    
    // Request temporary access to the security-scoped resource
    let accessGranted = fileURL.startAccessingSecurityScopedResource()
    
    if accessGranted {
        do {
            // Safely access the file
            let fileContents = try String(contentsOf: fileURL, encoding: .utf8)
            print("File contents: \(fileContents)")
        } catch {
            print("Error reading the file: \(error.localizedDescription)")
        }
        
        // Stop accessing the resource after use
        fileURL.stopAccessingSecurityScopedResource()
    } else {
        print("Failed to obtain access to the security-scoped resource.")
    }
}

Answer 2

I've had issues as well. If you look at the URL to your document you might try:

url.startAccessingSecurityScopedResource()

If that returns true you will also need to call:

url.stopAccessingSecurityScopedResource()