Showing an admin prompt to delete files in sandboxed app

Question

inexcitus OP

Created Aug ’17

Replies 1

Boosts 0

Participants 2

Hello everyone,

I am developing an app that has a feature to detect and delete rarely used apps.

The apps are installed in the /Applications folder. The apps were installed by the Mac Store, so the "owning" user is root.

Although I have an admin account on my machine, I am not able to delete the apps from the /Applications folder because I do not have permissions to do so (root > admin).

I found a couple of different apps on the Mac Store, that have the same features as my app. Because they are published in the Mac Store, the apps are sandboxed (take "Delete Apps" for example). When an app is selected for deletion, an admin prompt is shown where I can type in my password.

How can I show such a prompt in a sandboxed app?

I tried creating a helper utility using SMJobBless, but it always returns an error. I read the overview page and it seems that SMJobBless always returns an error in a sandboxed app.
I created an AppleScript, which worked fine. However, I had to add the entitlement "
```
com.apple.security.temporary-exception.apple-events
```
" which is not allowed in sandboxed apps (published on the Mac Store).

Because there are apps that show admin prompts, my question is: How can I ask the user for temporary access for an operation?

Any help is appreciated.

Regards,

Sascha

Boost

Answer 1

john daniel OP

Aug ’17

Hello Sascha,

According to the App Review Guidelines, "They may not request escalation to root privileges or use setuid attributes". I assume that this implies that you can't use clever workarounds like Applescript. There may be other apps in the Mac App Store that have gone ahead and implemented those clever workarounds. That doesn't necessarily mean that you will be able to get your app past app review though.

0