Hi everyone,
We’re developing a macOS SwiftUI app that uses a local Swift Package (CasSherpaCore) to invoke an external compiled binary (sherpa-onnx-offline-tts) for text-to-speech synthesis using system calls. The package works flawlessly when tested from terminal or via a lightweight test C program.
However, when we invoke it from a SwiftUI app (even with Full Disk Access granted to Xcode and Terminal), we consistently get the error:
sh: /Users/xxxxxxxxxxx/SherpaONNX/sherpa-onnx/build/bin/sherpa-onnx-offline-tts: Operation not permitted
We’ve tried:
- Granting Full Disk Access to Xcode and Terminal.
- Removing the quarantine flag with
xattr -d com.apple.quarantine. - Setting executable permission via
chmod +x. - Using both
system()andProcessin C and Swift contexts. - Testing within a Swift Package that’s integrated into the app as a local dependency.
- Running the command manually from terminal (works perfectly).
It appears that macOS (or Xcode’s runtime sandbox) is restricting execution of binaries from certain locations or contexts when launched via system() inside the app.
Questions:
- Is there a specific entitlement or configuration that allows execution of local binaries from a SwiftUI macOS app?
- Is this related to System Integrity Protection (SIP) or a hardened runtime limitation?
- Are there best practices or alternative approaches to safely execute local TTS binaries from within a Swift app?
Any help would be deeply appreciated. This is a core feature in our project and we’re stuck at this point. Thank you so much in advance!
Thanks for bringing this over to Apple Developer Forums.
As I mentioned on your Swift Forums thread, the key problem here is most likely the App Sandbox. The best way of resolving it depends on whether you need to have sandboxing enabled or not:
- If need to have the App Sandbox enabled — either because you plan to distribute via the Mac App Store or for your own internal reasons — then the overall approach you’re using won’t work. The standard alternative is to embed the command-line tool within your app. Embedding a command-line tool in a sandboxed app explains the two ways to set this up. If that doesn’t work for you, please reply here with the details of your specific situation and we can take things from there.
- If you don’t need to have the App Sandbox enabled, then by far the easiest path forward is to disable it. There are other approaches you might take — for example, using a temporary exception entitlement — but those don’t work in all circumstances. Still, if you’d like to explore them, feel free to reply back here with more details about your overall goal.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
