macOS授予对沙盒应用程序的全磁盘访问权限
我正在尝试全盘访问,但无法使其正常工作.这是我执行的步骤列表:
I'm experimenting with full-disk access and can't make it working. Here is list of steps I did:
- 沙箱已打开.实际上,权利文件如下所示:
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
- 我创建了该应用程序的存档,并尝试同时使用 Developer ID 或 Development 方法分发它
- 我将应用程序的二进制文件放入了/Applications 文件夹
- 我进入了系统偏好设置->安全和保护;隐私->隐私->完整磁盘访问权限,并在/Applications 文件夹中添加了对我的应用程序的访问权限
- 当然我没有使用 Xcode 附加到应用程序
- I created archive of the app and tried to distribute it using boths Developer ID or Development methods
- I placed the binary of my app to /Applications folder
- I went to System Preferences -> Security & Privacy -> Privacy -> Full Disk Access and added access to my app in /Applications folder
- Of course I'm NOT attached to the app with Xcode
我正在Xcode 11和Catalina上对其进行测试.它是虚拟应用程序,打开NSOpenPanel可以让用户选择要解压缩的档案,然后尝试在同一目录中将其解压缩.
I'm testing it in Xcode 11 and on Catalina. It's dummy app, opening NSOpenPanel to let user select archives to decompress and tries to decompress it in the same directory.
实际上与NSOpenPanel无关,问题是:
In fact it's not about NSOpenPanel, the question is:
使用全盘访问权限制作沙盒应用程序需要做什么?
有任何提示吗?我做错什么了吗?
Any hints? Am I doing anything wrong?
以下是解决方法找到了iTerm2 (值得一读的是如何找到解决方案).它只是将其添加到应用程序plist中:
Here is solution found for iTerm2 (it is worth read how solution was found). It just adds this to application plist:
<key>NSSystemAdministrationUsageDescription</key>
<string>I want to read all your files</string>
文档有点模糊.
可悲的是,此解决方案不适用于launchctld守护程序(这是我需要的).我认为守护程序是一个例外,因为根本看不到UI.
Sadly this solution doesn't work for launchctld daemons (this is what I need). I think daemons are an exception since the do not see UI at all.
但是对于常规应用程序,它应该像一种魅力(还没有测试).
But for regular applications it should work like a charm (didn't test it yet).