How does TCC rely on the bundle ID esp. with multiple targets?

We distribute an macOS app bundle with a main executable, a helper executable, a nested app bundle and an XPCService.

myApp.app
└── Contents
   ├── _CodeSignature
   │  └── CodeResources
   ├── embedded.provisionprofile
   ├── Info.plist
   ├── MacOS
   │  ├── myHelperApp.app
   │  │  └── Contents...

   │  ├── mainExecutable
   │  └── helperExecutable
   ├── PkgInfo
   └── XPCServices
      └── myXPCService.xpc
         └── Contents...

Our mainExecutable requires FullDiskAccess and the helperExecutable requires Accessibility Access. Since this a product for enterprise customers, the TCC permissions usually get granted via a PPPC profile.

  1. What would be a good bundle identifier naming scheme for such a structure? com.example.myApp for the main app bundle/executable and com.example.myApp.helperExecutable etc. for all additional targets?
  2. When creating the PPPC profile, do I only refer to the bundle identifier of the main bundle com.example.myApp? If so, does that mean that every executable in that bundle has these privileges? At least this is what the manual approach would suggest, where the user can drag an entire app bundle to the privacy settings.
  3. The helperExecutable gets copied into the bundle during the build process. But when it is run from its Xcode scheme, it is run from the build directory, outside the final bundle. This requires the helper binary to be extra granted Accessibility permissions, at least during development. Is there a better way?

Thanks (Quinn)!

Up vote post of wriker Down vote post of wriker
1.1k views
Posted by
wriker
Reply
Add a Comment

Accepted Reply

1. What would be a good bundle identifier naming scheme for such a structure? com.example.myApp for the main app bundle/executable and com.example.myApp.helperExecutable etc. for all additional targets?

Yes. It’s also best practice to have your code signing identifiers aligned with your bundle identifiers (although I don’t think that TCC strictly requires that). I touch on that last topic in Signing a Mac Product For Distribution (search the page for pig-jato :-).

You can give your tool a bundle ID bya creating an Info.plist for it and then embedding that in the tool’s executable with the Create Info.plist Section in Binary build setting (CREATE_INFOPLIST_SECTION_IN_BINARY).

2. When creating the PPPC profile, do I only refer to the bundle identifier of the main bundle com.example.myApp?

That’s my expectation, although I must admit that I haven’t tested. This makes sense when you think of TCC’s big picture architecture, which has the concept of responsible code. This is something I touch on in On File System Permissions.

3. The helperExecutable gets copied into the bundle during the build process. But when it is run from its Xcode scheme, it is run from the build directory, outside the final bundle. This requires the helper binary to be extra granted Accessibility permissions, at least during development. Is there a better way?

Not that I’m aware of.

Thanks (Quinn)!

Dude, you must be psychic!

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved

  • As always, thank you very much. I really don't know what Apple or rather all of us developers would do without you. I've read the pig-jato example, just wanted to make sure it transfers to a more complicated structure.

    wriker
Add a Comment

Replies

1. What would be a good bundle identifier naming scheme for such a structure? com.example.myApp for the main app bundle/executable and com.example.myApp.helperExecutable etc. for all additional targets?

Yes. It’s also best practice to have your code signing identifiers aligned with your bundle identifiers (although I don’t think that TCC strictly requires that). I touch on that last topic in Signing a Mac Product For Distribution (search the page for pig-jato :-).

You can give your tool a bundle ID bya creating an Info.plist for it and then embedding that in the tool’s executable with the Create Info.plist Section in Binary build setting (CREATE_INFOPLIST_SECTION_IN_BINARY).

2. When creating the PPPC profile, do I only refer to the bundle identifier of the main bundle com.example.myApp?

That’s my expectation, although I must admit that I haven’t tested. This makes sense when you think of TCC’s big picture architecture, which has the concept of responsible code. This is something I touch on in On File System Permissions.

3. The helperExecutable gets copied into the bundle during the build process. But when it is run from its Xcode scheme, it is run from the build directory, outside the final bundle. This requires the helper binary to be extra granted Accessibility permissions, at least during development. Is there a better way?

Not that I’m aware of.

Thanks (Quinn)!

Dude, you must be psychic!

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved

  • As always, thank you very much. I really don't know what Apple or rather all of us developers would do without you. I've read the pig-jato example, just wanted to make sure it transfers to a more complicated structure.

    wriker
Add a Comment