Enabling File Quarantine for apps

Is there any additional work that developers need to do to enable File Quarantine for their apps besides adding LSFileQuarantineEnabled to their Info.plist (and all the helpers)?

All files made by the app's processes should be quarantined by macOS without any additional changes to the app by the developer correct?

Thanks!

Up vote post of brandon-dalton Down vote post of brandon-dalton
1.1k views
Posted by
brandon-dalton
Reply
Add a Comment

Accepted Reply

Should they be using any special file write API to additionally support File Quarantine?

Nope. Consider this snippet:

let s = """
    #! /bin/sh
    echo 'Hello Cruel World!'
    """
let u = FileManager
    .default
    .homeDirectoryForCurrentUser
    .appendingPathComponent("test.command")
    .absoluteURL
try! s.write(to: u, atomically: true, encoding: .utf8)
_ = chmod(u.path, 0o755)

If LSFileQuarantineEnabled is not present, the resulting ~/test.command file opens and runs in Terminal. If it is, Terminal stops with a Gatekeeper alert.

Having said that, there are advantages in applying quarantine directly (using the .quarantinePropertiesKey property) in that it gives you more control.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

Presumably you’re talking about macOS here.

Is your app sandboxed or not?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • Hey Quinn, that's correct and the app (and the helpers) do not opt-into Apple's app sandbox model.

    brandon-dalton

  • Hey Quinn, that's correct! The app (and its helpers) does not opt-into Apple's sandbox model.

    brandon-dalton
Add a Comment

Hey Quinn! That’s correct and the app does not opt into Apple’s sandbox model. Should they be using any special file write API to additionally support File Quarantine?

Posted by
brandon-dalton
Up vote reply of brandon-dalton Down vote reply of brandon-dalton
Add a Comment

Should they be using any special file write API to additionally support File Quarantine?

Nope. Consider this snippet:

let s = """
    #! /bin/sh
    echo 'Hello Cruel World!'
    """
let u = FileManager
    .default
    .homeDirectoryForCurrentUser
    .appendingPathComponent("test.command")
    .absoluteURL
try! s.write(to: u, atomically: true, encoding: .utf8)
_ = chmod(u.path, 0o755)

If LSFileQuarantineEnabled is not present, the resulting ~/test.command file opens and runs in Terminal. If it is, Terminal stops with a Gatekeeper alert.

Having said that, there are advantages in applying quarantine directly (using the .quarantinePropertiesKey property) in that it gives you more control.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment