I'm working on a macOS app that I want to give "Full Disk Access". When I run from Xcode, I get "permission denied" errors when reading a file in my home directory.
What can I do so that I can run and debug from Xcode?
I dragged the binary from the derived data folder to the System Preferences list for Full Disk Access, but that seems to do nothing.
I get "permission denied" errors when reading a file in my home directory.
Which file specifically? The reason this matters is that our MAC system supports two different flavours, Files & Folders and Full Disk Access, and your best path forward depends on that detail.
Note For more background on this, see On File System Permissions.
I'm working on a macOS app
Just to clarify, are you using “app” to mean a “standalone GUI app that the user would normally double click in the Finder”.
Also, does your program have a stable code signing identity? In Xcode’s, Signing & Capabilities tab, what is the Signing Certificate popup set to?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
The first file that gave the error had a path like
~/Workspace/MyProject/main.jl.
That location is not one protected by MAC. Is your app sandboxed?
The Signing Certificate popup says "Development" now.
That’ll do.
I don't know what you mean by "stable code signing identity".
For MAC to work is has to be able to identify build N+1 of your app as being the ‘same code’ as build N. It does this via its code signature, but that only works if the signature is the same from build to build. Hence “stable”. An Apple Development code signing identity works for that. The two things that don’t are unsigned code and ad hoc signed code.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
I think I want permissions similar to Xcode.
Xcode is not sandboxed.
Should I just turn that off?
Well, that depends (-:
If you plan to deploy via the Mac App Store, you can’t turn it off. Mac App Store apps must be sandboxed.
If you’re deploying independently using Developer ID, you have the option to turn it off. As you say, it’s generally better to leave it on. The explicit user consent required by the App Sandbox makes it hard to support certain user experiences.
You mentioned two things in your earlier post:
A project document that references other files
2D and 3D art
The first is feasible in a sandboxed app. The trick is to have your project document store document-relative security-scoped bookmarks for each file referenced by the project. When the user adds a file to the project, you create and store a bookmark that lets you get back to that file.
The second is more challenging. Many existing file formats, especially in the 3D space, contain references to other files as simple strings. It’s hard to create a decent user experience for this in a sandbox app. See this post and my response to it.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
I wonder how recursive are the security-scoped bookmarks?
Security-scoped bookmark let you save and restore access to a directory, and access to a directory encompasses everything inside it.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"