Hello,
It is possible to restrict Documents folder access with TCC.
But when an applications shows a standard "file open" dialog, it is possible to access this directory to open a file.
macOS allows file access in this case because it is an intentional action from user. So i suppose there is a kind of whitelist for all files path opened through "file open" dialog.
I would like to know how i can access this whitelist and how i can remove entries.
Thanks
I would like to know how i can access this [allowlist] and how i can remove entries.
There is no public API for that.
The implementation is based on a number of criteria, including:
Security-scoped URLs
Security-scoped bookmarks
An extended attribute in the file system
Security-scoped bookmarks were introduced to allow a sandboxed app to retain access to a file system item. They rely on the developer to tweak their app to add bookmark support as part of the sandboxing process. MAC works with all apps, so it uses an extended attribute to provide similar functionality.
Note I’m using terms from On File System Permissions.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"