Can my app get permission to rename one of its files when installed in Applications on OSX?

My application acts as a wrapper to another app and would be installed to the Applications folder normally from the Mac App Store.


Part of its functionality is to rename one of its files (inside the wrapped app) which I use the Unix mv command to do as an external process. Outside of the Applications folder this works fine but when it's installed in the Applications folder of course, it gets permission denied as the user would normally need to authorise any access with their login.


Is there any way my application can prompt this login to get permission to rename the file? (Effectively I'm trying to do a sudo for my mv command. Ideal scenario is without a login, but I can see why this would classify as a security/safety issue).

Is there any way my application can prompt this login to get permission to rename the file?

No. Modifying an app requires elevated privileges and Mac App Store apps are not allowed to elevate their privileges.

Even if you could do this, changing your app would invalidate its code signature, which is a real bad idea.

Modifying apps is just not supported on OS X; in fact, this is something that we’ve been warning folks not to do since the very early days of the Mac.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks, I thought that might be the case (I was looking at this as an option to avoid the main app that we're wrapping having to make changes for the Mac App Store version which they're reluctant to do).


One thing I did find though, which I'm not sure if I should file as a bug on RADAR or not, is that you can rename files in a code signed application without breaking the code signature. Any changes of location, deletion etc. break it, but just renaming them doesn't. Not sure if this could be exploitable other than our nasty hack for this edge case, but I thought it was a little odd.

… you can rename files in a code signed application without breaking the code signature.

That’s not my experience.

$ codesign -vv RenameTest.app
RenameTest.app: valid on disk
RenameTest.app: satisfies its Designated Requirement
$ mv RenameTest.app/Contents/Resources/MainMenu.nib RenameTest.app/Contents/Resources/foo.nib
$ codesign -vv RenameTest.app
RenameTest.app: a sealed resource is missing or invalid
file added: /Users/quinn/Desktop/RenameTest/build/Debug/RenameTest.app/Contents/Resources/foo.nib
file missing: /Users/quinn/Desktop/RenameTest/build/Debug/RenameTest.app/Contents/Resources/MainMenu.nib

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

If you rename a file in the app's bundle (I'm externally calling mv to do this) it seems quite happy. Same if you rename a file directly from the command line.


e.g


mv /test.app/Contents/Data/niceandsafefile.png /test.app/Contents/Data/FormatDiskIfHere.png


where the app is looking for that file to do its hidden nasty stuff. (I should point out that I wasn't doing that, I'm just seeing if I can think up a worst case scenario 🙂 )


That seems to pass on the codesigning in that the app will happily run assuming it's happy with the filename in its code.

Accepted Answer

That seems to pass on the codesigning in that the app will happily run assuming it's happy with the filename in its code.

Running isn’t really a good test of the code signature. You should either:

  • validate the code signature, as I described in my earlier post

  • put the app on a server somewhere, download it from there, and then see if it passes the Quarantine check

Last I checked OS X does not check the entire code signature of the app every time it launches the app; rather, the full check is done as part of the un-Quarantine process.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Ah thanks 🙂 Good to know it's already covered and adjusting my signing and checking procedure accordingly.

Can my app get permission to rename one of its files when installed in Applications on OSX?
 
 
Q