Re: folder entitlements EPERM


Jack Brindle
 

You can open the desired System Preference Security Pane from your app to help the user with making the selection you need. Many apps have pretty cool dialogs that not only direct the user to the pane, but also point out exactly what needs to be done in that pane.

Do a web search for MacOS System Preference Links to find a listing of the URLs. As an example, the link for Full Disk is:
x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles

The interesting Objective-C code looks like:

[[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:@"x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles”]];

Enjoy!

Jack


On Jan 25, 2021, at 5:58 PM, Gerriet M. Denkmann <gerriet@...> wrote:



On 26 Jan 2021, at 08:28, Jack Brindle via groups.io <jackbrindle@...> wrote:

Not just app store apps, on Catalina and especially Big Sur, all apps.

The suggestion is to have the user drag the app to the “Full Disk Access” panel of the Security & Privacy’s Privacy pane. Then you should be able to get anywhere you’d like.

Thanks a lot! This is the perfect solution for my app:

System Preferences →  Security & Privacy → Privacy → Full Disk Access (bottom of left scroll view) → add or enable app in right scroll view.

Gerriet.


Jack


On Jan 25, 2021, at 3:36 PM, Jens Alfke <jens@...> wrote:



On Jan 25, 2021, at 9:12 AM, Gerriet M. Denkmann <gerriet@...> wrote:

There are quite a few folders, which behave absolutely normal using the Finder, but when my App tries to do:
open(folderPath, O_RDONLY)
it gets an EPERM error: "Operation not permitted”.

When my App  shows an OpenPanel (with this un-opened folder), and the user clicks ok, then the open() works just fine.

Isn't that just the normal behavior of the app sandbox? Sandboxed apps aren't allowed to access arbitrary areas of the filesystem, unless the user has implicitly given permission by navigating to a file/folder in an Open panel, or dropping a document, etc.

—Jens






Join cocoa@apple-dev.groups.io to automatically receive all group messages.