I develop a Java application that, when bundled as an .app, is unable to access the contents of the Desktop, Documents, and Downloads dirs from a specific type of file chooser (JFileChooser) in Catalina. Unlike other apps, no "[app] would like to access files in your [Desktop/Documents/Downloads] folder" popup appears when I attempt to access the contents of those directories via JFileChooser.I can access the contents of those dirs with a different Java file chooser (FileDialog, which appears to use the native macOS chooser) - but there's no "[app] would like to access..." prompt there either.Unlike every other app I've used in Catalina, there are no Desktop/Documents/Downloads access prompts for these Java apps.I'm hoping to determine 1) why the prompt doesn't appear, and 2) how to make it appear if possible, or otherwise grant access to those dirs.AFAICT there's no way to manually add an app to the Prefs > Security & Privacy > Privacy Tab > Files and Folders list. The +/- buttons remain disabled when I "Click the lock to make changes" and authenticate.I created a minimal example app demonstrating the problem - source code and pre-built app bundle are available here:https://github.com/sorghumking/catalinaFileChooserAccessTestAny help would be greatly appreciated!

In Catalina, the root volume could be mounted as read/write by disabling SIP and entering the following command: sudo mount -uw / This command doesn't seem to be working under Big Sur: mount_apfs: volume could not be mounted: Permission denied mount: / failed with 66 What should I do now?

I have an issue on importing files into my app when selected by the user through UIDocumentPickerViewController. The error I get is: Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied". I'm testing on iPhone 11 with iOS 13.5.1. This is my implementation: func documentPicker(_ controller: UIDocumentPickerViewController, didPickDocumentsAt urls: [URL]){                  urls.forEach { (url) in                          let access = url.startAccessingSecurityScopedResource()             var error: NSError? = nil             NSFileCoordinator().coordinate(readingItemAt: url, error: &error) { (coorURL) in             do{                     let gZippedData = try Data(contentsOf: url)                     print(gZippedData)                     if access{                         url.stopAccessingSecurityScopedResource()                     }                 }catch{                     print(error.localizedDescription)                 }                     }                 }             }         }     } The value of access is true. why I can't access the file? what am I missing? Thank you for your help.

We've noticed that our app is now immediately crashing on background on iOS 14 Beta 3 with the 0xdead10cc termination reason. This indicates (as per Technical Note TN2151 - https://developer.apple.com/library/archive/technotes/tn2151/_index.html) that the app held on to a file lock or sqlite database lock during suspension. However this crash didn't occur at all prior to beta 3. Did something change in iOS that might cause this? Stricter enforcement? This is a hard crash for us to debug with little than the technical note to go on and potentially an unknown change in iOS itself.

To solve a dependency tangle on an app, I’m trying to write a simple command line tool that would display all the dependencies of a given app or library, and output it in a format suitable for post-processing by graphviz. The idea here is to collect and lay out the output of the otool -L utility, recursively called on all the dependencies of the target app/lib. Unfortunately, when I try otool -L with, say, otool itself, I get this: Dev > otool -L /usr/bin/otool /usr/bin/otool: /usr/lib/libxcselect.dylib (compatibility version 1.0.0, current version 1.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1292.0.0) Fine. But now: otool -L /usr/lib/libxcselect.dylib /Library/Developer/CommandLineTools/usr/bin/objdump: error: '/usr/lib/libxcselect.dylib': No such file or directory Oops. Indeed, /usr/lib seems mostly empty, and most of what lies inside are links on missing (I assume: invisible) libs. So my question is: where are all the libs gone, and it is possible to bring them back to the surface?

I export a small image with size of 100 kilobytes (or less) via CoreData+CloudKit. The image data is then stored in a data field in user's private database. In CloudKit dashboard, it shows that the data size is 100 kilobytes - as it should. The device's local storage increase by 100 kilobytes - as expected. However, I check the user's iCloud storage (in Settings>Apple ID>iCloud>Manage Storage). The app's storage in crease by approximately 1 megabytes. Larger by a factor of 10! I try uploading the same image to a test asset field via CloudKit Dashboard. The user's iCloud storage increase by 100 kilobytes - as expected. Why the data (bytes) field take up more of user's iCloud quota than asset field? I really prefer to directly store as data rather than as a CKAsset. Is this just the way it is... or a bug?

I implemented the DocumentGroup as follows DocumentGroup(viewing: MyDoc.self) { file in       ContentView(document: file.$document)       } The documentation - https://developer.apple.com/documentation/swiftui/documentgroup says that this should allow viewing, not editing. > init(viewing: Document.Type, viewer: (FileDocumentConfiguration<Document>) -> Content) Creates a document group that is able to view file documents. Available when Document conforms to FileDocument and Content conforms to View. However if I press Cmd+S or click File > Save the ability to save documents still appears to be there. How can I prevent this? I already set "User Selected File" to Read-Only under Signing and Capabilities in Xcode. Have I missed a step somewhere? I've added a link to a sample project demonstrating the issue. It can open any plain text file with the .txt extension and can save changes to those files. Sample Project - https://github.com/conorgriffin/MyDoc TBH this seems like a bug that the app does not honour the File Access settings

Before Big Sur, there was a property list at /System/Library/CoreServices/backupd.bundle/Contents/Resources/StdExclusions.plist that contained a list of all of the standard files/locations that Time Machine would exclude from a backup. That file seems to have disappeared and I have been unable to find an equivalent. Furthermore, the tmutil isexcluded (i.e. NSURLIsExcludedFromBackupKey/CSBackupIsItemExcluded) does not reliably report these locations as excluded. So is there still a publicly accessible way of discovering the standard locations excluded by Time Machine?

Hi, Is it possible in Big Sur to create symbolic link in root directory with the file /etc/synthetic.conf, as it was in Catalina? thanks

I'm working on a CI/CD solution based on VMs deployed from images. Each VM has an external disk attached. Most of the applications I need to run on fresh OS require manual approval in a UI session for using that disk (java, powershell, etc). This is a huge showstopper for my project. Is there a way to allow FDA for certain applications via command line or bypass this check anyhow for testing purposes ?

Hi. I am using a Mac mini with M1. I created a symlink on the Desktop folder and set schg flag so that the system would not modify the link. Now I want to revert Desktop back to a normal folder, but the flag cannot be removed with this command: sudo chflags schg [path] Normally, booting in Single User Mode is advised for removing this specific flag since the system cannot alter anything when schg flag is set. But there is no longer Single User Mode in M1 Macs. I tried removing the flag in Recovery mode with the same command but it didn't help. What is the correct way to unset schg flag in M1 Macs? Thanks

Hello, I have a question regarding how launchd handles NFS shares in macOS 10.15 and later. It seems that launchd daemons can't access network shares (NFS) any longer. Is it possible to enable NFS access for launch daemons?

Hi everyone, I am an embedded linux programmer who knows C and Go programming, so don’t know much about mobile, iOS or Swift. I read some answers here which tells don’t use FTP and I guess BLE is not the best way trasferring file. I need to transfer some configuration files and firmware updates but I don’t know what is the most delicate way to do achive this? Can you give me hand to this newbie here?

Modern versions of macOS use a file system permission model that’s far more complex than the traditional BSD rwx model, and this post is my attempt at explaining that new model. If you have a question about this, post it here on DevForums, tagging your thread with Files and Storage so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" On File System Permissions Modern versions of macOS have four different file system permission mechanisms: Traditional BSD permissions Access control lists (ACLs) App Sandbox Mandatory access control (MAC) The first two were introduced a long time ago and rarely trip folks up. The second two are newer, more complex, and specific to macOS, and thus are the source of some confusion. This post is my attempt to clear that up. Error Codes App Sandbox and the mandatory access control system are both implemented using macOS’s sandboxing feature. When a file system operation fails, check the error to see whether it was blocked by this sandboxing feature. If an operation was blocked by BSD permissions or ACLs, it fails with EACCES (Permission denied, 13). If it was blocked by something else, it’ll fail with EPERM (Operation not permitted, 1). If you’re using Foundation’s FileManager, these error are reported as Foundation errors, for example, the NSFileReadNoPermissionError error. To recover the underlying error, get the NSUnderlyingErrorKey property from the info dictionary. App Sandbox File system access within the App Sandbox is controlled by two factors. The first is the entitlements on the main executable. There are three relevant groups of entitlements: The com.apple.security.app-sandbox entitlement enables the App Sandbox. This denies access to all file system locations except those on a built-in allowlist (things like /System) or within the app’s containers. The various “standard location” entitlements extend the sandbox to include their corresponding locations. The various “file access temporary exceptions” entitlements extend the sandbox to include the items listed in the entitlement. The second factor is dynamic sandbox extensions. The system issues these extensions to your sandbox based on user behaviour. For example, if the user selects a file in the open panel, the system issues a sandbox extension to your process so that it can access that file. The type of extension is determined by the main executable’s entitlements: com.apple.security.files.user-selected.read-only results in an extension that grants read-only access. com.apple.security.files.user-selected.read-write results in an extension that grants read/write access. These dynamic sandbox extensions are tied to your process; they go away when your process terminates. To maintain persistent access to an item, use a security-scoped bookmark. See Security-Scoped Bookmarks and Persistent Resource Access. If you have access to a directory — regardless of whether that’s via an entitlement or a dynamic sandbox extension — then, in general, you have access to all items in the hierarchy rooted at that directory. This does not overrule the MAC protection discussed below. For example, if the user grants you access to ~/Library, that does not give you access to ~/Library/Mail because the latter is protected by MAC. Finally, the discussion above is focused on a new sandbox, the thing you get when you launch a sandboxed app from the Finder. If a sandboxed process starts a child process, that child process inherits its sandbox from its parent. For information on what happens in that case, see the Note box in Enabling App Sandbox Inheritance. IMPORTANT The child process inherits its parent process’s sandbox regardless of whether it has the com.apple.security.inherit entitlement. That entitlement exists primarily to act as a marker for App Review. App Review requires that all main executables have the com.apple.security.app-sandbox entitlement, and that entitlements starts a new sandbox by default. Thus, any helper tool inside your app needs the com.apple.security.inherit entitlement to trigger inheritance. However, if you’re not shipping on the Mac App Store you can leave off both of these entitlement and the helper process will inherit its parent’s sandbox just fine. The same applies if you run a built-in executable, like /bin/sh, as a child process. When the App Sandbox blocks something, it typically generates a sandbox violation report. For information on how to view these reports, see Viewing Sandbox Violation Reports. To learn more about the App Sandbox, see the App Sandbox Design Guide and related documents (most notably the Entitlement Key Reference). For information about how to embed a helper tool in a sandboxed app, see Embedding a Command-Line Tool in a Sandboxed App. Mandatory Access Control Mandatory access control (MAC) has been a feature of macOS for many releases, but it’s become a lot more prominent since macOS 10.14. There are many flavours of MAC but the ones you’re most likely to encounter are: Full Disk Access (since 10.14) Files and Folders (since 10.15) Data Vaults (see below) Mandatory access control, as the name suggests, is mandatory; it’s not an opt-in like the App Sandbox. Rather, all processes on the system, including those running as root, as subject to MAC. Data Vaults are not a third-party developer opportunity. See this post if you’re curious. In the Full Disk Access and Files and Folders case users grant a program a MAC privilege using System Preferences > Security & Privacy > Privacy. Some MAC privileges are per user (Files and Folders) and some are system wide (Full Disk Access). If you’re not sure, run this simple test: On a Mac with two users, log in as user A and enable the MAC privilege for a program. Now log in as user B. Does the program have the privilege? If a process tries to access an item restricted by MAC, the system may prompt the user to grant it access there and then. For example, if an app tries to access the desktop, you’ll see an alert like this: “AAA" would like to access files in your Desktop folder. [Don’t Allow] [OK] To customise this message, set properties in your Info.plist. See the Files and Folders topic on this page. This system only displays this alert once. It remembers the user’s initial choice and returns the same result thereafter. This relies on your code having a stable code signing identity. If your code is unsigned, or signed ad hoc (“Signed to run locally” in Xcode parlance), the system can’t tell that version N+1 of your code is the same as version N, and thus you’ll encounter excessive prompts. Note For information about how that works, see TN3127 Inside Code Signing: Requirements. The Files and Folders prompts only show up if the process is running in a GUI login session. If not, the operation is allowed or denied based on existing information. If there’s no existing information, the operation is denied by default. On managed systems the site admin can use the com.apple.TCC.configuration-profile-policy payload to assign MAC privileges. For testing purposes you can reset parts of TCC using the tccutil command-line tool. For general information about that tool, see its man page. For a list of TCC service names, see the posts on this thread. Note TCC stands for transparency, consent, and control. It’s the subsystem within macOS that manages the privileges visible in System Preferences > Security & Privacy > Privacy. TCC has no API surface, but you see its name in various places, including the above-mentioned configuration profile payload and command-line tool, and the name of its accompanying daemon, tccd. While tccutil is an easy way to do basic TCC testing, the most reliable way to test TCC is in a VM, restoring to a fresh snapshot between each test. If you want to try this out, crib ideas from Testing a Notarised Product. The MAC privilege mechanism is heavily dependent on the concept of responsible code. For example, if an app contains a helper tool and the helper tool triggers a MAC prompt, we want: The app’s name and usage description to appear in the alert. The user’s decision to be recorded for the whole app, not that specific helper tool. That decision to show up in System Preferences under the app’s name. For this to work the system must be able to tell that the app is the responsible code for the helper tool. The system has various heuristics to determine this and it works reasonably well in most cases. However, it’s possible to break this link. I haven’t fully research this but my experience is that this most often breaks when the child process does something ‘odd’ to break the link, such as trying to daemonise itself. Scripting MAC presents some serious challenges for scripting because scripts are run by interpreters and the system can’t distinguish file system operations done by the interpreter from those done by the script. For example, if you have a script that needs to manipulate files on your desktop, you wouldn’t want to give the interpreter that privilege because then any script could do that. The easiest solution to this problem is to package your script as a standalone program that MAC can use for its tracking. This may be easy or hard depending on the specific scripting environment. For example, AppleScript makes it easy to export a script as a signed app, but that’s not true for shell scripts. TCC and Main Executables TCC expects its bundled clients — apps, app extensions, and so on — to use a native main executable. That is, it expects the CFBundleExecutable property to be the name of a Mach-O executable. If your product uses a script as its main executable, you are likely to encounter TCC problems. To resolve these, switch to using a Mach-O executable. Revision History 2021-04-26 Added an explanation of the TCC initialism. Added a link to Viewing Sandbox Violation Reports.  Added the TCC and Main Executables section. Made significant editorial changes. 2022-01-10 Added a discussion of the file system hierarchy. 2021-04-26 First posted.

Ever since the update to macOS 11.4 Beta 3 two days ago, I have been going through hell trying to maintain Full Disk Access for my apps' background agents. I think something has changed with Full Disk Access, and I am very worried that the upcoming release of macOS 11.4 is going to break it for my users. BACKGROUND Because of open issues FB5929825 and FB7772296, my notarized macOS apps require Full Disk Access in order to access Safari bookmarks using a Apple private API. That works OK for the parent apps, but maintaining Full Disk Access for my apps' background agents has always been problematic. Before Full Disk Access became a thing in macOS 10.15, my apps' background agent was a command-line tool, shipped within my apps' bundle, and launched intermittently by launchd tasks. Testing in early betas of 10.15, I could not find any way for a command-line tool to get Full Disk Access. (This may have been fixed in later versions.) Copying the design I saw in another app (Arq Backup) which had a working background agent, I spent several months replacing my command line tool with a Service Management Login Item which runs constantly. For brevity, I shall refer to my Service Management Login Item as "FooAgent". Since then, users have been granting Full Disk Access to my apps after initially installing. The enclosed FooAgent apparently "inherited" Full Disk Access from the parent app, and all was well. I have never seen any documentation that this is by Apple's design, but it worked. But, two days ago, upon restarting after the update to macOS 11.4 Beta 3, in addition to the fact that System Preferences' Full Disk Access checkboxes had been switched OFF for all non-Apple apps on my M1 MacBook Air (FB9103124), FooAgent emitted a warning that it did not have Full Disk Access, and this repeated even after I switched on the two checkboxes labelled "FooAgent" which had appeared in the Full Disk Access list and relaunched FooAgent. Through some combination of this action, removing a previous build of FooAgent, and restarting twice, I was able to restore Full Disk Access yesterday. But today, after rebuilding my app, which includes a rebuild of FooAgent, upon launching, FooAgent again reports no Full Disk Access, and today there are zero checkboxes for FooAgent in the Full Disk Access list. I beg someone from Apple to please answer for me: What is the correct, supported means by which a Service Management Login Item, contained within a parent app, can acquire and maintain Full Disk Access? Is it now necessary to re-grant, for testing, Full Disk Access after every build or update in the field? (Please, please say "No".) Is a Service Management Login Item which is contained within a parent bundle supposed to have its own entry and checkbox in System Preferences' Full Disk Access list? BONUS QUESTION. Please, God, is there any chance that FB7772296 will be fixed in the next version of macOS, so I that can stop using Apple private API and stop requiring this Full Disk Access?

Hello, everyone! Is there a way to know if a .fileImporter of .fileExporter got dismissed? (The cancel button at the top right was pressed or the view was dismissed with a swipe down.)

I have a macOS App that uses a custom file format (XML based). It is properly in the Info.plist as a file format so that my App is launched when this custom file type is double clicked etc etc. All that has been working fine for awhile now. If I use Finder and duplicate one of these custom files, it does the right thing and creates a "File 2.customxml" file, keeping the file extension intact. But if I AirDrop one of these files to another Mac and there is already a file of the same name in the Downloads folder, it creates the file "File.customxml 2" instead of "File 2.customxml". And of course there is no Application registered to open a file of type ".customxml 2". If a user clicks "Open" in the AirDrop popup, my App is opened with this file the first time, but not opened or informed the second time and instead it falls to another App, eg: TextEdit Is there anyway I can get AirDrop to do the "right" file naming? (This is all between 2 Macs)

I work on a cloud sharing solution and I am trying to make some directories read only. I have used "fileSystemFlags" and "capabilities" properties in the NSFileProviderItemProtocol to enforce read only behaviour but it only works when the user is drag and dropping in finder. How can I really make a folder readonly using the file provider extension? I tried to create file/folder from Finder or Terminal it gives permission denied(as expected). However, sudo mkdir created a folder from terminal either way :(. I noticed this is the same behaviour in iCloud Drive unfortunately. Since these are folders/files shared by someone else even with sudo rights user should not be allowed to create or modify files. Can read onlyness be achieved with extended attributes or some other ways? Thank you