Im working on a small text snippet / lorem ipsum app as a side project and the idea is, for instance, whenever and wherever user types "lorem10" I'd like to print/paste 10 random lorem ipsum words.
Eg. "lorem10 " -> ("Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do")
For that to be possible I need to,
- Programmatically press "delete" key to remove the trigger string ("lorem10").
- Programmatically press "cmd + v" for pasting the result string.
This is possible, even in sandbox! But it requires accessibility permission. For instance I can simulate "delete" key press like this:
func delete() {
let eventSource = CGEventSource(stateID: .combinedSessionState)
let keyDownEvent = CGEvent(
keyboardEventSource: eventSource,
virtualKey: CGKeyCode(51),
keyDown: true)
let keyUpEvent = CGEvent(
keyboardEventSource: eventSource,
virtualKey: CGKeyCode(51),
keyDown: false)
let loc = CGEventTapLocation.cghidEventTap
//Triggers system default accessibility access pop-up
keyDownEvent?.post(tap: loc)
keyUpEvent?.post(tap: loc)
}
My question is essentially if this is allowed in Mac App Store? Because requesting accessibillity permission like this is not allowed in sandbox:
func getPermission() {
AXIsProcessTrustedWithOptions([kAXTrustedCheckOptionPrompt.takeUnretainedValue():true] as CFDictionary).
}
But I can simulate one short "shift" or "cmd" key press for instance, and trigger the pop-up inside a sandboxed app and get around this it seems. Is this a bug?
I really hope I can release my app in the Mac App Store, but doing so I just want to be sure Im not using any bug that might get removed in the near future.
My question is essentially if this is allowed in Mac App Store?
The only folks who can give you a definitive answer about what is or isn’t allowed in the App Store is App Review.
Because requesting accessibillity permission like this is not allowed in sandbox
Right. Have you tried using CGRequestPostEventAccess
? And its companion CGPreflightPostEventAccess
?
But I can simulate one short "shift" or "cmd" key press for instance, and trigger the pop-up inside a sandboxed app and get around this it seems. Is this a bug?
No. The last time I looked into this — which was for the Input Monitoring privilege, not the event posting one, so YMMV — the introduction of an explicit user approval of this stuff (in 10.15) means that it’s now allowed in the App Sandbox.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"