Copy link to clipboard
Copied
I use a json file for configuration information. During initial development, I stored it in the plug in folder. I can read it from there without any trouble. I recently tried moving it to the LOCALAPPDATA folder under a folder I created for the plug in. The ocde tests for existince of the file, which works fine and opens it for reading in a stream. But it reads no data. Other that the file path, the code has not changed at all. The existence check uses GetFileAttributes, which does returen the correct file attributes and ensures I have the path right.
I know Acrobat uses the integrity functionality to run the instance of Acrobat with my plug in using the AppContainer model, restricting some user privileges. But reading (and I hope writing) seems like it should be allowed in the user data area.
I would assume not. Other projects, even some parts of Acrobat, don't work properly because they can't read or write control files. BUT... if your problem is simple you might be able to use a configuration file to allow selected access (as described in the first link I posted) rather than the much more complex world of a broker. I should have mentioned that before.
Copy link to clipboard
Copied
No, reading and writing %APPDATA% is very definitely blocked when Protected Mode is off, except for Acrobat's own area. %APPDATA% can contain all sorts of private info, and it is to protect this that Protected Mode exists. You may need to write a plug-in broker to manage your I/O.
Copy link to clipboard
Copied
Thanks for the quick response and info. Can you tell me a litle more about what a plug in broker is? I had been considering writing a service to help, which may be what you mean. We are also wrestling with a related (privilege problem) issue for licensing.
Copy link to clipboard
Copied
It's important to have an insight into what protected mode is designed for. PDF files are shared and downloaded freely, so they are an attractive vector for attacks. These are attacks using undiscovered future bugs. The idea of the sandbox is to provide a double protection: if a future bug is found, and hackers use it to "break in" to Acrobat to run code, then the code can do almost nothing - it can't read files (to steal data), write files (to do more hacking or destruction), read or write registry, set up network connections etc. etc.
A plug-in broker is a special EXE installed alongside your plug-in. Adobe provide a distributed API for you to call routines in your EXE from the plug-in. These routines run with normal privileges - but are not part of Acrobat and cannot access the open file or use the SDK functions. But you should be able to encapsulate "read my preferences" - but it is important not to just write a broker function that "reads any file" because that opens up the sandbox. The EXE should decide what to read, not take a filename.
General info https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/sandboxprotections.html
Specifics https://opensource.adobe.com/dc-acrobat-sdk-docs/acrobatsdk/pdfs/acrobatsdk_overview.pdf chapter 2.
Copy link to clipboard
Copied
Thanks again for the quick yet thorough answer. I am looking at the SDK and I notice that besides the SDK library there is also a simple ipc project that is providing access to named pipes. Does The AppContainer model allow that? Our needs are very simple. Returning json file contents as string would allow me to set up a memory stream instead of the file stream, and a pass/fail on the license. If named pipes are allowe, I think I will go that way instead of the full API route. I would implement it so that only that specific commands result in strings being returned; not having the plugin provide faile names or anything. If anything resulted in a write, it would be a command like setting the last role chosen (in my plugin that's preparer, reviewer or supporting reviewer) so that the next time it's run it would default to the role they last used.
Copy link to clipboard
Copied
I would assume not. Other projects, even some parts of Acrobat, don't work properly because they can't read or write control files. BUT... if your problem is simple you might be able to use a configuration file to allow selected access (as described in the first link I posted) rather than the much more complex world of a broker. I should have mentioned that before.
Copy link to clipboard
Copied
Some other answers were also correct, but this ended up being the simplest way to resolve my issues.
Thanks again.