My app uses a helper application to move files around in the file system, and it's invoked via an AppleScript which is constructed on the fly as:
do shell script "(helper path) (source) (destination)" with with administrator privileges
Each of the arguments is done with "quoted form of" to ensure that there are no surprises with malformed names.
The helper application is a dead simple Swift command-line tool:
import Foundation
let argumentCount = CommandLine.argc
let argumentList = CommandLine.arguments
assert(argumentCount == 3, "Usage: \(argumentList[0]) <source file> <destination folder>")
let sourcePath = argumentList[1]
let sourceURL = URL.init(fileURLWithPath: sourcePath)
let destinationPath = argumentList[2]
let destinationURL = URL.init(fileURLWithPath: destinationPath)
let fileManager = FileManager.default
do {
try fileManager.moveItem(at: sourceURL, to: destinationURL)
} catch {
// Don't worry about errors at this point
}
The problem is that, in Catalina but not in earlier systems, this fails if the destination is a protected folder (in this particular case, it will always be /Library/Keyboard Layouts). I get an error message that I don't have permission (if I put something into the catch block to see it). I can do the file move in the Finder by authenticating, so it should be possible. It looks as though the helper isn't getting the administrator privileges that I've given it.
Am I diagnosing it correctly? Can something be done about it? I'd adopted this solution to get around the need to have a privileged helper that I had in the past, so it would be unfortunate if this can no longer be done.
John