We distribute an macOS app bundle with a main executable, a helper executable, a nested app bundle and an XPCService.
myApp.app
└── Contents
├── _CodeSignature
│ └── CodeResources
├── embedded.provisionprofile
├── Info.plist
├── MacOS
│ ├── myHelperApp.app
│ │ └── Contents...
│ ├── mainExecutable
│ └── helperExecutable
├── PkgInfo
└── XPCServices
└── myXPCService.xpc
└── Contents...
Our mainExecutable
requires FullDiskAccess and the helperExecutable
requires Accessibility Access. Since this a product for enterprise customers, the TCC permissions usually get granted via a PPPC profile.
- What would be a good bundle identifier naming scheme for such a structure?
com.example.myApp
for the main app bundle/executable andcom.example.myApp.helperExecutable
etc. for all additional targets? - When creating the PPPC profile, do I only refer to the bundle identifier of the main bundle
com.example.myApp
? If so, does that mean that every executable in that bundle has these privileges? At least this is what the manual approach would suggest, where the user can drag an entire app bundle to the privacy settings. - The
helperExecutable
gets copied into the bundle during the build process. But when it is run from its Xcode scheme, it is run from the build directory, outside the final bundle. This requires the helper binary to be extra granted Accessibility permissions, at least during development. Is there a better way?
Thanks (Quinn)!
1. What would be a good bundle identifier naming scheme for such a structure?
com.example.myApp
for the main app bundle/executable andcom.example.myApp.helperExecutable
etc. for all additional targets?
Yes. It’s also best practice to have your code signing identifiers aligned with your bundle identifiers (although I don’t think that TCC strictly requires that). I touch on that last topic in Signing a Mac Product For Distribution (search the page for pig-jato
:-).
You can give your tool a bundle ID bya creating an Info.plist
for it and then embedding that in the tool’s executable with the Create Info.plist Section in Binary build setting (CREATE_INFOPLIST_SECTION_IN_BINARY
).
2. When creating the PPPC profile, do I only refer to the bundle identifier of the main bundle com.example.myApp?
That’s my expectation, although I must admit that I haven’t tested. This makes sense when you think of TCC’s big picture architecture, which has the concept of responsible code. This is something I touch on in On File System Permissions.
3. The
helperExecutable
gets copied into the bundle during the build process. But when it is run from its Xcode scheme, it is run from the build directory, outside the final bundle. This requires the helper binary to be extra granted Accessibility permissions, at least during development. Is there a better way?
Not that I’m aware of.
Thanks (Quinn)!
Dude, you must be psychic!
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"