This technote offers a general overview of the technologies that specifically support kiosk on OS X.
Developers working in vertical markets, for example education, have been creating kiosks or adding kiosk behavior to their applications for quite some time. Specifically, this means the ability to lock the user into a certain application or disable certain operating system functionality normally available. Developers requiring kiosk behavior on computer systems have often been forced to use ad hoc solutions which often were quite hard to maintain over the long-term.
This technote offers a general overview of the technologies that specifically support or are useful to kiosk developers on OS X.
General Kiosk Guidelines
Using the techniques and APIs described in this technote, it is possible to force Mac OS X into states which can be very difficult to recover from. For example, using this technote it is fairly trivial to create an application that launches on startup, takes over the entire screen, and cannot be quit. Recovering from this state can be quite complicated if prior preparations have not been made. It is recommended that developers anticipate this possibility, and configure their machines to facilitate recovery. Apple recommends that all kiosk developers take the following steps:
Disable automatic login.
Create an alternate admin account exclusively for recovering from misconfigurations.
Whenever possible, test all changes in a single user account rather than applying them to the entire system.
With this configuration, if a problem occurs and the active account is no longer functional, recovery is fairly trivial. Simply log into the recovery account and use that admin account to clear up whatever misconfiguration issue is causing problems.
NSApplication presentationOptions API
Starting in Mac OS X 10.5, the older
SystemUIMode API has been replaced by the NSApplication
GetSystemUIMode have not been formally deprecated, but the newer NSApplication API should generally be used instead. The
presentationOptions API is documented as part of NSApplication; the full details can be found in the NSApplication Class Reference.
currentSystemPresentationOptions are KVO-observable. A client that observes
currentSystemPresentationOptions will receive notifications under three different circumstances.
The observing app is the active application, and makes a change itself using either
Another application is active, and makes such changes of its own.
Making a different application active causes the current set of presentation options to change.
Replacing the Finder
In Mac OS X, launchd is responsible for the automatic processes and daemons including the Finder. For more information on launchd, see the following documents:
In Mac OS X 10.6, the plist that actually controls Finder launching is the file
com.apple.Finder.plist found in
/System/Library/LaunchAgents. The plist structure is quite simple, and you can change the global
Finder by changing the
Program property of that plist. However, it is generally preferable to override the system-wide
Finder by placing a modified plist in
/Library/LaunchAgents. In addition, you can also override the
Finder on a per-user basis by adding a custom plist to the
~/Library/LaunchAgents of that user's home folder.
Enabling a Firmware Password
The firmware password is a security feature available on Mac OS X systems. Enabling the firmware password prevents users from choosing the startup disk at boot, as well as disabling a number of other features that would be inappropriate in a kiosk environment.
There is currently no public programmatic solution to setting the firmware password (r. 3075615). This means this setting cannot be set by an installer. However, an administrator can enable using the process described in Setting up firmware password protection in Mac OS X. This document also contains more details on what activities the firmware password will restrict.
Frequently Asked Kiosk Questions
How do I prevent users from booting off alternative media (bootable CDs, external hard drives, etc.)?
Among other things, enabling a firmware password prevents the user from selecting a different startup device when booting. See the section Enabling a Firmware Password for more information.
How do I prevent new media (CDs, DVDs, iPods, USB/Firewire hard drives, etc.) from becoming mounted? How do I prevent media from being ejected?
DiskArbitration is the framework responsible for managing all mounting and ejecting on the system. Using
DiskArbitration, you can screen devices before mount and respond in a variety of ways, including blocking the mount attempt or forcing a volume to mount read-only. For more information on
DiskArbitration, see the DiskArbitration Framework Reference.
How do I disable the power button?
There is currently no supported way to disable the power button. Developers concerned about forced reboots should secure the computer's boot process using a firmware password.
How do I disable sleep?
This is described by Technical Q&A QA1340: Registering and unregistering for sleep and wake notifications. It includes information on how to monitor and prevent sleep.
How can I monitor keyboard or mouse events?
Quartz Event Taps allow an application to observe and alter the stream of low-level user input events before their delivery. Using this API, it is possible to create, hide, or modify a variety of keyboard events before they reach the higher level system. For more information on this API, see the Quartz Event Services Reference.
Document Revision History
Discusses techniques used in creating applications which require kiosk-like functionality on Mac OS X.
New document that discusses techniques used in creating applications which require kiosk-like functionality on Mac OS X.