We distribute an macOS app bundle with a main executable, a helper executable, a nested app bundle and an XPCService.
myApp.app
└── Contents
├── _CodeSignature
│ └── CodeResources
├── embedded.provisionprofile
├── Info.plist
├── MacOS
│ ├── myHelperApp.app
│ │ └── Contents...
│ ├── mainExecutable
│ └── helperExecutable
├── PkgInfo
└── XPCServices
└── myXPCService.xpc
└── Contents...
Our mainExecutable
requires FullDiskAccess and the helperExecutable
requires Accessibility Access. Since this a product for enterprise customers, the TCC permissions usually get granted via a PPPC profile.
- What would be a good bundle identifier naming scheme for such a structure?
com.example.myApp
for the main app bundle/executable andcom.example.myApp.helperExecutable
etc. for all additional targets? - When creating the PPPC profile, do I only refer to the bundle identifier of the main bundle
com.example.myApp
? If so, does that mean that every executable in that bundle has these privileges? At least this is what the manual approach would suggest, where the user can drag an entire app bundle to the privacy settings. - The
helperExecutable
gets copied into the bundle during the build process. But when it is run from its Xcode scheme, it is run from the build directory, outside the final bundle. This requires the helper binary to be extra granted Accessibility permissions, at least during development. Is there a better way?
Thanks (Quinn)!