My app allows scanning any selected directory, but I noticed that even when I enable Full Disk Access in the System Preferences, when enumerating the contents of any of the subdirectories of another user's home folder (Documents, Downloads etc.) a permission error is returned. Even when running the app from the Terminal with sudo nothing changes. Using sudo du works. Is this a limitation of macOS apps?
First up, read my On File System Permissions post because it explains a bunch of terminology.
To read an arbitrary user’s home directory you need:
BSD privileges
MAC privileges
Full Disk Access should be sufficient for the MAC side, but combining that with sudo doesn’t end well. You have to first decide on a BSD privilege escalation strategy, then figure out how to grant the resulting code Full Disk Access. With regards the former, see BSD Privilege Escalation on macOS
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"