Post

Replies

Boosts

Views

Activity

ShazamKit under the App Sandbox on macOS — sanctioned way to reach com.apple.shazamd? (error 202)
I'm building a music-recognition app for the Mac App Store that uses ShazamKit (SHSession / SHManagedSession) against the default Shazam catalog. In a sandboxed build, SHSession.match(_:) fails with: com.apple.ShazamKit error 202 — "The connection to service named com.apple.shazamd was invalidated" The root cause is a sandbox denial of the mach-lookup to the ShazamKit matching daemon: kernel (Sandbox): deny(1) mach-lookup com.apple.shazamd What I've established: Enabling the ShazamKit App Service on the App ID does not add com.apple.shazamd to the sandbox mach-lookup allow-list on macOS — the denial persists and matching returns error 202. The iOS entitlement com.apple.developer.shazamkit is rejected by the macOS validator at upload ("not supported on macOS"), so it isn't an option here. Adding com.apple.security.temporary-exception.mach-lookup.global-name = [com.apple.shazamd] to the app's entitlements removes the denial, and ShazamKit then matches correctly under the sandbox (verified end-to-end: real api.shazam.apple.com/v1/catalog/.../match requests complete and tracks are identified). Removing that exception reproduces error 202 on every probe. So the temporary-exception appears to be the only way to make ShazamKit's default-catalog matching work inside the macOS App Sandbox today. Questions: Is there a sanctioned, non-temporary-exception way to use ShazamKit default-catalog matching in a sandboxed macOS app (a proper entitlement, an App Service configuration, or a supported API usage)? If not, is the com.apple.shazamd mach-lookup temporary-exception the intended approach on macOS? My actual SHSession.match runs in a nested helper that inherits the app's sandbox (com.apple.security.inherit). Is it correct to place the exception on the main app (which the inherited helper then picks up), rather than on the helper itself? Environment: macOS 26.1, ShazamKit App Service enabled on the App ID, signed App Sandbox build installed via TestFlight (valid _MASReceipt present). Happy to share entitlement plists and a focused sample on request. Thanks!
0
0
18
6h
ShazamKit under the App Sandbox on macOS — sanctioned way to reach com.apple.shazamd? (error 202)
I'm building a music-recognition app for the Mac App Store that uses ShazamKit (SHSession / SHManagedSession) against the default Shazam catalog. In a sandboxed build, SHSession.match(_:) fails with: com.apple.ShazamKit error 202 — "The connection to service named com.apple.shazamd was invalidated" The root cause is a sandbox denial of the mach-lookup to the ShazamKit matching daemon: kernel (Sandbox): deny(1) mach-lookup com.apple.shazamd What I've established: Enabling the ShazamKit App Service on the App ID does not add com.apple.shazamd to the sandbox mach-lookup allow-list on macOS — the denial persists and matching returns error 202. The iOS entitlement com.apple.developer.shazamkit is rejected by the macOS validator at upload ("not supported on macOS"), so it isn't an option here. Adding com.apple.security.temporary-exception.mach-lookup.global-name = [com.apple.shazamd] to the app's entitlements removes the denial, and ShazamKit then matches correctly under the sandbox (verified end-to-end: real api.shazam.apple.com/v1/catalog/.../match requests complete and tracks are identified). Removing that exception reproduces error 202 on every probe. So the temporary-exception appears to be the only way to make ShazamKit's default-catalog matching work inside the macOS App Sandbox today. Questions: Is there a sanctioned, non-temporary-exception way to use ShazamKit default-catalog matching in a sandboxed macOS app (a proper entitlement, an App Service configuration, or a supported API usage)? If not, is the com.apple.shazamd mach-lookup temporary-exception the intended approach on macOS? My actual SHSession.match runs in a nested helper that inherits the app's sandbox (com.apple.security.inherit). Is it correct to place the exception on the main app (which the inherited helper then picks up), rather than on the helper itself? Environment: macOS 26.1, ShazamKit App Service enabled on the App ID, signed App Sandbox build installed via TestFlight (valid _MASReceipt present). Happy to share entitlement plists and a focused sample on request. Thanks!
Replies
0
Boosts
0
Views
18
Activity
6h