Introduction

Developers working in vertical markets, for example education, have been creating kiosks or adding kiosk behavior to their applications for quite some time. Specifically, this means the ability to lock the user into a certain application or disable certain operating system functionality normally available. Developers requiring kiosk behavior on computer systems have often been forced to use ad hoc solutions which often were quite hard to maintain over the long-term.

This technote offers a general overview of the technologies that specifically support or are useful to kiosk developers on OS X.

General Kiosk Guidelines

Using the techniques and APIs described in this technote, it is possible to force Mac OS X into states which can be very difficult to recover from. For example, using this technote it is fairly trivial to create an application that launches on startup, takes over the entire screen, and cannot be quit. Recovering from this state can be quite complicated if prior preparations have not been made. It is recommended that developers anticipate this possibility, and configure their machines to facilitate recovery. Apple recommends that all kiosk developers take the following steps:

• Disable automatic login.

• Create an alternate admin account exclusively for recovering from misconfigurations.

• Whenever possible, test all changes in a single user account rather than applying them to the entire system.

With this configuration, if a problem occurs and the active account is no longer functional, recovery is fairly trivial. Simply log into the recovery account and use that admin account to clear up whatever misconfiguration issue is causing problems.

NSApplication presentationOptions API

Starting in Mac OS X 10.5, the older SystemUIMode API has been replaced by the NSApplication presentationOptions API. SetSystemUIMode and GetSystemUIMode have not been formally deprecated, but the newer NSApplication API should generally be used instead. The presentationOptions API is documented as part of NSApplication; the full details can be found in the NSApplication Class Reference.

Both presentationOptions and currentSystemPresentationOptions are KVO-observable. A client that observes currentSystemPresentationOptions will receive notifications under three different circumstances.

• The observing app is the active application, and makes a change itself using either -setPresentationOptions: or SetSystemUIMode.

• Another application is active, and makes such changes of its own.

• Making a different application active causes the current set of presentation options to change.

Replacing the Finder

In Mac OS X, launchd is responsible for the automatic processes and daemons including the Finder. For more information on launchd, see the following documents:

• launchd man page

• Creating launchd Daemons and Agents

• Technical Note TN2083: Daemons and Agents

In Mac OS X 10.6, the plist that actually controls Finder launching is the file com.apple.Finder.plist found in /System/Library/LaunchAgents. The plist structure is quite simple, and you can change the global Finder by changing the Program property of that plist. However, it is generally preferable to override the system-wide Finder by placing a modified plist in /Library/LaunchAgents. In addition, you can also override the Finder on a per-user basis by adding a custom plist to the ~/Library/LaunchAgents of that user's home folder.

Enabling a Firmware Password

The firmware password is a security feature available on Mac OS X systems. Enabling the firmware password prevents users from choosing the startup disk at boot, as well as disabling a number of other features that would be inappropriate in a kiosk environment.

There is currently no public programmatic solution to setting the firmware password (r. 3075615). This means this setting cannot be set by an installer. However, an administrator can enable using the process described in Setting up firmware password protection in Mac OS X. This document also contains more details on what activities the firmware password will restrict.

Frequently Asked Kiosk Questions