Full disk access from a launchd daemon

Hello,
I have a security program with a daemon process running as root user started by launchd, which scans documents on users's computer to prevent confidential data leakage. On macOS 10.15.6 adding the program to "Full Disk Access" list in System Preferences doesn't work at all. I also add the Terminal program, but that doesn't make any difference. Do I need to add my program to the root user's TCC database? And how to do that? Thanks!
Up vote post of liang.zhou Down vote post of liang.zhou
1.1k views
Posted by
liang.zhou
Reply
Add a Comment

Replies

Do I need to add my program to the root user's TCC database?

No. Full Disk Access is a system-wide TCC setting.

On macOS 10.15.6 adding the program to "Full Disk Access" list in
System Preferences doesn't work at all.

Does that mean that it used to work prior to 10.15.6?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
Until Full Disk Access was introduced, my app had packaged in it a daemon process, launched intermittently by launchd, with the user's privileges. When Full Disk Access was introduced, after many hours of experimenting blindly (no documentation), I concluded that there was no way for this process to have Full Disk Access. To solve the problem, I discarded it and rewrite its functions into a constantly-running Service Management Login Item.
Posted by
jerrykrinock
Up vote reply of jerrykrinock Down vote reply of jerrykrinock
Add a Comment