I have a rules file like this
(version 1) (deny default) ... (allow file-write* (regex "/Users/thomas/Desktop"))
When I use it on app A, it works fine (the app can write to the desktop) but when use it on app B, it doesn't work (the app cannot save a file to the desktop). So I made a test app (app C), a simple cocoa app that just writes a dummy string to a file, and it still doesn't work. If I replace (allow file-write* (regex "/Users/thomas/Desktop")) with (allow file-write*) it works on app B and C too, so I know that's the only thing that's wrong.
So I really don't understand what's going on. How can it work for app A but not for B or C? Especially given that:
- allowing all file-writes works (so I know the regex is the culprit, even though it works for app A (I tested that the app A can save to Desktop but not to other locations)
- app C is minimal and is not a "blackbox"
- I tried tons of different variations: literal instead of regex, "^/Users/thomas/Desktop", "^/Users/thomas/Desktop/" , "^/Users/thomas/Desktop/*", ...
- apps A, B and C are not sandboxed apps if I run them normally (I can check this in the activity monitor)
Thanks in advance for your help!