I realize that I'm a bit late to the game here in getting sandbox-ready, but so it goes.
I'm developing for OS X 10.9. The app displays Calendar event data, but does not allow editing, so I have enabled the Calendars capability.
The app works great with sandboxing enabled when I run it from Xcode, but when I export it signed with Developer ID, the app runs, but can't access the Calendar data. What's more, the system never asks me to allow the app to access Calendar data.
When I run the app, it launches, but doesn't show any data. In Console, sandboxd throws a bunch of errors that look like this:
sandboxd: ([54]) appleeventsd(54) deny file-read-metadata /Library
and
sandboxd: ([54]) appleeventsd(54) deny mach-lookup com.apple.ocspd
I've checked the app's entitlements with codesign -d --entitlements, and it confirms that it's Sandboxed and has calendar entitlements. However, when I check in-app to see if it has permission to access [EKEventStore authorizationStatusForEntityType:EKEntityTypeEvent], it, unsurprisingly given it has never asked, returns EKAuthorizationStatusNotDetermined.
I feel like I am missing something pretty basic here regarding entitlements, code signing, or deployment, but I'm at a loss to find out what it is. And so I throw myself on your collective mercy and wisdom.