App security, or ‘sandboxing’, is a key part of the Apple macOS security model. On Apple’s App Security Overview page, they explain:
- On Mac, many apps are obtained from the App Store, but Mac users also download and use apps from the internet. To safely support internet downloading, macOS layers additional controls. First, by default in macOS 10.15 or later, all Mac apps need to be notarised by Apple to launch. This requirement helps to ensure these apps are free of known malware, without requiring that the apps be provided through the App Store. In addition, macOS includes state-of-the-art antivirus protection to block — and if necessary remove — malware.
- As an additional control across platforms, sandboxing helps protect user data from unauthorised access by apps. And in macOS, data in critical areas is itself protected — which helps ensure that users remain in control of access to files in Desktop, Documents, Downloads and other areas from all apps, whether the apps attempting access are themselves sandboxed or not.
All third party apps that are distributed through the Mac App Store must be sandboxed (a requirement set by Apple) which means that they are prevented from accessing certain system resources and are prevented from writing-to or reading-from files or folders which the user has not explicitly granted it access to. X2Pro5 is distributed through the Mac App Store so it is bound by these sandbox rules and this sandboxing can mean that X2Pro5 users will have to perform a few extra steps in order to convert their FCP XML to an AAF.
When the user opens an FCP XML in X2Pro5 or chooses a destination folder for the AAF, they are giving the application access to a file or folder that is outside its sandbox, but in order to process the FCP XML file, X2Pro5 also needs to be able to read all of the clip files that are used in the FCP project (which are also all outside its sandbox). Sometimes there is a ‘bookmark’ in the FCP XML that allows X2Pro5 to access these files without user intervention, but that isn’t always the case. This is where the ‘Media Locations’ feature of X2Pro5 comes in.
The ‘Media Locations’ tab in X2Pro5 enables you to and add or remove folders from the list of locations X2Pro can read media from. It is a way of increasing X2Pro5’s sandbox to include access to all the files that it needs in order to perform the conversion.
The bottom part of the Media Locations window shows all the folders that contain clips that are used in the FCP XML, but that X2Pro5 doesn’t yet have access to (inaccessible locations), and the top part shows all the folders that have already been added and are accessible. You can add folders to the Media Locations list by pressing the ‘+’ button then choosing a folder that contains clip files. If you have a standard installation it would be wise to start by adding your ‘Movies’ folder to the list because this is the default location for FCP’s libraries. You can remove a folder from the Media Locations list (revoking the access that was previously granted) by triple-clicking it. When all the clip files are accessible by X2Pro5 the Inacessible Locations list will be empty. It is not possible to continue until all the clips files are accessible.
Users can add folders as Media Locations that are higher up the folder hierarchy than those listed. For example they could include their home folder rather than their movies folder and this would cover all files in Movies, Documents, Downloads, Desktop, etc. A few steps further would be to include the “root” of the file system (normally called “Macintosh HD”). Be aware that this would grant permission for X2Pro to access the whole file system, so effectively removes file sandboxing for X2Pro. As every file (even files on external, USB or networked drives) is mounted in a subdirectory of the main hard disk, the user will never need to add a new media location after this one.