AppleScript App entitlement when access-group identifier="*"

App & System Services Automation & Scripting
antome OP
Created Mar ’17
Replies 1
Boosts 0
Views 1.4k
Participants 1

I am developing a Mac app that makes use of App Scripting. The is Sandboxed and thus needs the proper entitlements in order to get permissions to send AppleScript events to other apps. I have gotten this working properly for apps (like Mail and spotify) which specify access-group identifiers like this:


<access-group identifier="com.apple.mail.compose" access="rw"/>
<access-group identifier="com.spotify.playback"/>


However, a few other of the Apple made apps (like Xcode) specify their identifiers like this:


<access-group identifier="*"/>


I have tried to configure my entitlement file like this:


<key>com.apple.security.scripting-targets</key>
<dict>
     <key>com.apple.dt.Xcode</key>
     <array>
          <string>*</string>
     </array>
</dict>


, but when doing this it does not work and I get this error message in the console:


AppleEvents/sandbox: Returning errAEPrivilegeError/-10004 and denying dispatch of event xcod/buld from process '-------'/0x0-0x1a05a04, pid=82514, because it is not entitled to send an AppleEvent to this process.


Does anyone know how to properly configure this?

Replies  1
Boosts  0
Views  1.4k
Participants  1
antome OP
Mar ’17

Actually I found the answer myself. In the sdef Man pages it states:


An identifier of "*" means the element is usable by any application, without an explicit entitlement.


This means that you do not have to add the identifiers in your entitlements file and it should work regardless. The reason why I got the error was because I accidentally used commands that were not included in those particular access-groups.

0
AppleScript App entitlement when access-group identifier="*"
First post date Last post date
 
 
Q