The app uses several filepath inputs that the user types into a form. We do some validation of the filepaths, and the user can't submit the form until validation passes. Validation involves (1) checking that the path exists, (2) checking for rwx permissions, and (3) trying to open the file.
When the form autofills with inputs from the previous run, all filepath inputs fail validation on step (3). Clearing one input and re-entering it, which triggers validation to run again, causes all inputs to pass as expected. Looking at the console logs, there is an error Sandbox: my-app(1868) System Policy: deny(1) file-read-data <filepath> for each filepath input.
Each time the app is run, it writes to a workspace directory (by default ~/Documents/model_workspace/. It creates this directory if it doesn't exist and overwrites it if it already exists. If the workspace directory exists and was created by a previous run of the app, it works as expected. But if it exists and was created by mkdir or by the CLI version of the app, it doesn't work. A similar error Sandbox: my-app(1868) System Policy: deny(1) file-read-data ~/Documents/model_workspace shows up in the console logs.
Things I have tried:
Changed the file permissions to drwxrwxrwx (no effect)
Gave the app Full Disk Access in System preferences>Privacy (no effect)
Looked further into the logs. The error correlates with an error from tccd: FAIL: PID[2624]: SecTaskCopySigningIdentifier(): [22: Invalid argument]
We are very stuck on this issue and any help would be appreciated!
That is not correct. 10.15 and later introduce additional access control for the desktop and the Documents directory. See WWDC 2019 Session 701 Advances in macOS Security. 10.14 introduces the concept of Full Disk Access. See WWDC 2018 Session 702 Your Apps and the Future of macOS Security. And data vaults, something we’ve never formally documented, were introduced in later 10.13 releases.My understanding is that non-sandboxed apps should have access to
everything that the user can access.
That is the expected behaviour. I suspect your app has a code signing problem that’s confusing TCC.I had thought that TCC would prompt the user for permission if the app
tries to access ~/Documents.
Yeah, that’s not good. TCC needs a stable signature for it to be able to record which app was granted permission by the user. You need to sign your code. For development, I encourage you to use an Apple Developer signing identity. For distribution, you’ll need Developer ID.I am working on a macOS app which is distributed outside of the App
Store and isn't … signed.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"