Technical Note TN2062

Creating Kiosks

This technote offers a general overview of the technologies that specifically support kiosk on OS X.

Introduction
General Kiosk Guidelines
NSApplication presentationOptions API
Replacing the Finder
Enabling a Firmware Password
Frequently Asked Kiosk Questions
Document Revision History

Introduction

Developers working in vertical markets, for example education, have been creating kiosks or adding kiosk behavior to their applications for quite some time. Specifically, this means the ability to lock the user into a certain application or disable certain operating system functionality normally available. Developers requiring kiosk behavior on computer systems have often been forced to use ad hoc solutions which often were quite hard to maintain over the long-term.

This technote offers a general overview of the technologies that specifically support or are useful to kiosk developers on OS X.

General Kiosk Guidelines

Using the techniques and APIs described in this technote, it is possible to force Mac OS X into states which can be very difficult to recover from. For example, using this technote it is fairly trivial to create an application that launches on startup, takes over the entire screen, and cannot be quit. Recovering from this state can be quite complicated if prior preparations have not been made. It is recommended that developers anticipate this possibility, and configure their machines to facilitate recovery. Apple recommends that all kiosk developers take the following steps:

With this configuration, if a problem occurs and the active account is no longer functional, recovery is fairly trivial. Simply log into the recovery account and use that admin account to clear up whatever misconfiguration issue is causing problems.

NSApplication presentationOptions API

Starting in Mac OS X 10.5, the older SystemUIMode API has been replaced by the NSApplication presentationOptions API. SetSystemUIMode and GetSystemUIMode have not been formally deprecated, but the newer NSApplication API should generally be used instead. The presentationOptions API is documented as part of NSApplication; the full details can be found in the NSApplication Class Reference.

Both presentationOptions and currentSystemPresentationOptions are KVO-observable. A client that observes currentSystemPresentationOptions will receive notifications under three different circumstances.

Replacing the Finder

In Mac OS X, launchd is responsible for the automatic processes and daemons including the Finder. For more information on launchd, see the following documents:

In Mac OS X 10.6, the plist that actually controls Finder launching is the file com.apple.Finder.plist found in /System/Library/LaunchAgents. The plist structure is quite simple, and you can change the global Finder by changing the Program property of that plist. However, it is generally preferable to override the system-wide Finder by placing a modified plist in /Library/LaunchAgents. In addition, you can also override the Finder on a per-user basis by adding a custom plist to the ~/Library/LaunchAgents of that user's home folder.

Enabling a Firmware Password

The firmware password is a security feature available on Mac OS X systems. Enabling the firmware password prevents users from choosing the startup disk at boot, as well as disabling a number of other features that would be inappropriate in a kiosk environment.

There is currently no public programmatic solution to setting the firmware password (r. 3075615). This means this setting cannot be set by an installer. However, an administrator can enable using the process described in Setting up firmware password protection in Mac OS X. This document also contains more details on what activities the firmware password will restrict.

Frequently Asked Kiosk Questions

How do I prevent users from booting off alternative media (bootable CDs, external hard drives, etc.)?

Among other things, enabling a firmware password prevents the user from selecting a different startup device when booting. See the section Enabling a Firmware Password for more information.

How do I prevent new media (CDs, DVDs, iPods, USB/Firewire hard drives, etc.) from becoming mounted? How do I prevent media from being ejected?

DiskArbitration is the framework responsible for managing all mounting and ejecting on the system. Using DiskArbitration, you can screen devices before mount and respond in a variety of ways, including blocking the mount attempt or forcing a volume to mount read-only. For more information on DiskArbitration, see the DiskArbitration Framework Reference.

How do I disable the power button?

There is currently no supported way to disable the power button. Developers concerned about forced reboots should secure the computer's boot process using a firmware password.

How do I disable sleep?

This is described by Technical Q&A QA1340: Registering and unregistering for sleep and wake notifications. It includes information on how to monitor and prevent sleep.

How can I monitor keyboard or mouse events?

Quartz Event Taps allow an application to observe and alter the stream of low-level user input events before their delivery. Using this API, it is possible to create, hide, or modify a variety of keyboard events before they reach the higher level system. For more information on this API, see the Quartz Event Services Reference.



Document Revision History


DateNotes
2011-04-13

revison information

2003-02-24

Discusses techniques used in creating applications which require kiosk-like functionality on Mac OS X.

 

New document that discusses techniques used in creating applications which require kiosk-like functionality on Mac OS X.