Reliable test for Full Disk Access?

App & System Services Core OS Files and Storage

Created Mar ’19

Replies 20

Boosts 2

Views 13k

Participants 10

On Mojave, my app needs a way to determine if the user has already added the app to the "Full Disk Access" list in System Preferences. (And if not, instruct him to do so).

So far I've been using the following empirical test:

int c = open("/Library/Application Support/com.apple.TCC/TCC.db", O_RDONLY);

if (c == -1 && (errno == EPERM || errno == EACCES)) {

// no full disk access

}

However it turns out that on a small percentage of systems, this test gives NO even when the app is already in the "Full Disk Access" list.

I also noticed that on such systems, the folder /Library/Application Support/com.apple.TCC/ has access permissions 700 (drwx------), as opposed to "normal" systems where this folder has permissions 755 (drwxr-xr-x@). I guess this may be the reason why the test fails.

Anyway, is there any API or a more reliable test to see if my app has been added to the "Full Disk Access" list in System Preferences?

Boost

demitri OP

May ’20

There is no way to do this. I think Apple would argue this is precisely the point; the user must actively, specifically grant this permission. It would defeat the whole purpose if an app could just enable it.

Sheldon15 OP

Jun ’20

Please read the question carefully. The question is not how to let an app enable the full disk access, that would indeed defeat the purpose. The question is how an app could *test* if it has full disk access or not. And if not, give some hints for the user, when necessary. That's a legitimate case.

LowTide OP

Jul ’20

I second this request.

yoavre OP

Jan ’24

Reviving this thread since I also need an API for testing if my APP has FDA. This is a security app, so upon installation we request the user to grant us Full Disk Access, but some users may miss this prompt and thus not grant the access. We need a way to test in the app if we have FDA or not, so that we can give out some hint about it.

So far I've only found threads asking for such an API, but I haven't found an official one released. I opened an enhancement suggestion to Apple in the hopes that they will right such: FB13511819 (Need an API to recognize if an app has Full Disk Access)

In the meanwhile I'll experiment with the other suggestions in this thread.

lseverini OP

Mar ’24

Hello, Plus one here.

Can Apple fix this issue that has been reported (FB13511819) years ago?

Best regards,

Luca Severini