Mojave: and NSSharingService Class 'OC_PythonUnicode' disallows secure coding. It must return YES from supportsSecureCoding

Issue #251 resolved
Marc Van Olmen
created an issue


I have an Objective-c class that implements the following method:

- (void)mailWithSharingServiceEmailAddress: (NSString *) emailAddress
                                   subject: (NSString *) subject
                                      body: (NSString *) body
                                      fileURL: (NSURL *) fileURL
    NSSharingService* sharingService = [NSSharingService sharingServiceNamed: NSSharingServiceNameComposeEmail];

    [sharingService setRecipients: @[emailAddress]];
    [sharingService setSubject:subject];
    [sharingService performWithItems: @[ body, fileURL]];

Then when I call this code from Python PyObjC 4.2.1 and also tried 5.0 the objects that are passed in are OC_PythonUnicode objects. My python environment is 64-bit Python 2.7.15.

This code worked fine under macOS High Sierra, but under Mojave this above code fails.

This is the error I'm getting under Mojave:

2018-10-04 20:02:35.949690-0400 Checkout[23665:468160] *** ObjC exception 'NSInvalidUnarchiveOperationException' (reason: 'Class 'OC_PythonUnicode' disallows secure coding. It must return YES from supportsSecureCoding.') discarded
Stack trace (most recent call last):
  0x00000003 (in Checkout)
  start (in libdyld.dylib) + 1
  ffi_closure_unix64 (in + 70
  ffi_closure_unix64_inner (in + 688
  method_stub (in + 1248
  PyObject_Call (in Python) + 98
  function_call (in Python) + 176
  PyEval_EvalCodeEx (in Python) + 2115
  PyEval_EvalFrameEx (in Python) + 40001
  PyEval_EvalCodeEx (in Python) + 2115
  PyEval_EvalFrameEx (in Python) + 41307
  objc_NSApplicationMain (in + 313
  NSApplicationMain (in AppKit) + 780
  -[NSApplication run] (in AppKit) + 699
  -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (in AppKit) + 1362
  _DPSNextEvent (in AppKit) + 997
  _BlockUntilNextEventMatchingListInModeWithFilter (in HIToolbox) + 64
  ReceiveNextEventCommon (in HIToolbox) + 618
2018-10-04 20:02:35.952537-0400 Checkout[23665:468603] error with remoteObjectProxyWithErrorHandler: Error Domain=NSCocoaErrorDomain Code=4097 "connection from pid 23776" UserInfo={NSDebugDescription=connection from pid 23776}
2018-10-04 20:02:40.510908-0400 Checkout[23665:468601] WARNING: _endWindowBlockingModalSessionForShownService called with <NSSharingService: 0x6000000d1e20> [] - enabled:YES for a service but we couldn't find a matching modal session!

So it seems that OC_PythonUnicode needs to support supportsSecureCoding and NSSharingService requires objects to be secureCoded..

I solved this problem with the following workaround:

    [sharingService setRecipients: @[[NSString stringWithFormat: @"%@", emailAddress]]];
    [sharingService setSubject:[NSString stringWithFormat: @"%@", subject]];
    [sharingService performWithItems: @[ [NSString stringWithFormat: @"%@", body], fileURL]];

Comments (7)

  1. Ronald Oussoren repo owner

    This is related to #180

    I basically need to adjust the implementation of all OC_* classes to properly support secure coding where possible (claiming to support secureCoding for arbitrary Python objects would not be correct, in the general case NSCoding support falls back to pickling objects and pickle shouldn't be used across security boundaries).

    I'll probably split all OC_* classes into two classes: one for built-in types where I can support secureCoding, and one for other types that cannot support secureCoding. The change is slightly more involved than changing the implementation of supportsSecureCoding for these classes :-)

  2. Ronald Oussoren repo owner

    Changeset 66453e390b64 introduces most of the support for secureCoding, except for the support for adding secureCoding to python's builtin number types (int, long, float).

    The code for that is present in the changeset but is not yet enabled because it causes other problems that I don't understand at this time. The code changes for OC_PythonNumber/OC_BuiltinPythonNumber are similar to those for other classes which do work properly.

    I won't close this issue until I've debugged the problem I mentioned before.

  3. Log in to comment