hi
I have a rules file like this
(version 1)
(deny default)
...
(allow file-write* (regex "/Users/thomas/Desktop"))When I use it on app A, it works fine (the app can write to the desktop) but when use it on app B, it doesn't work (the app cannot save a file to the desktop). So I made a test app (app C), a simple cocoa app that just writes a dummy string to a file, and it still doesn't work. If I replace (allow file-write* (regex "/Users/thomas/Desktop")) with (allow file-write*) it works on app B and C too, so I know that's the only thing that's wrong.
So I really don't understand what's going on. How can it work for app A but not for B or C? Especially given that:
- allowing all file-writes works (so I know the regex is the culprit, even though it works for app A (I tested that the app A can save to Desktop but not to other locations)
- app C is minimal and is not a "blackbox"
- I tried tons of different variations: literal instead of regex, "^/Users/thomas/Desktop", "^/Users/thomas/Desktop/" , "^/Users/thomas/Desktop/*", ...
- apps A, B and C are not sandboxed apps if I run them normally (I can check this in the activity monitor)
Thanks in advance for your help!
why doesn't it work?
I’ve no idea, sorry. I just wanted to make sure you weren’t planning to ship a product based on this.
Would there be other alternatives?
Personally, if I need to run software I don’t trust, I do so in a VM.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"