为了提高系统安全性，苹果引入了Sandbox机制，要在app store发布的软件需符合该机制。软件的读写权限被严格的限制在一定范围内，大部分路径的读写权限需要向用户请求。但是有些数据我们需要获得较高的权限，而且没必要每次都向用户申请。

如何解决呢？还好apple给我们留了一个路径让我们自由读写。下面是apple文档介绍如何操作相应目录

Container Directories and File System Access

When you adopt App Sandbox, your application has access to the following locations:

The app container directory. Upon first launch, the operating system creates a special directory for use by your app—and only by your app—called a container. Each user on a system gets an individual container for your app, within their home directory; your app has unfettered read/write access to the container for the user who ran it.

App group container directories. A sandboxed app can specify an entitlement that gives it access to one or more app group container directories, each of which is shared among all apps with that entitlement.

User-specified files. A sandboxed app (with an appropriate entitlement) automatically obtains access to files in arbitrary locations when those files are explicitly opened by the user or are dragged and dropped onto the application by the user.

Related items. With the appropriate entitlement, your app can access a file with the same name as a user-specified file, but a different extension. This can be used for accessing files that are functionally related (such as a subtitle file associated with a movie) or for saving modified files in a different format (such as re-saving an RTF flat file as an RTFD container after the user added a picture).

Temporary directories, command-line tool directories, and specific world-readable locations. A sandboxed app has varying degrees of access to files in certain other well-defined locations.

These policies are detailed further in the sections that follow.

The app container directory.就是我们获取的完全权限。

The app container directory. Upon first launch, the operating system

creates a special directory for use by your app—and only by your

app—called a container. Each user on a system gets an individual

container for your app, within their home directory; your app has

unfettered read/write access to the container for the user who ran it.

下面是kindle的containers路径

~/Library/Containers/com.amazon.Kindle/Data/Library/Application Support/Kindle