Good evening,
I have been scouring the forums (and others) for a few days, and can't quite seem to find a definitive answer to this, so wanted to message and check for my specific instance.
I have created a Mac app that is running AppleScript (i.e. push a button and it triggers).
It works perfectly under notarisation / 'hardened runtime'...
The issue however, is that when I introduce sandboxing (the idea of sandboxing in this instance being for both security purposes, as well as posting to the mac app store), it stops functioning as it either:
- doesn't think System Events is running
OR
- a permissions issue occurs
From exploration, in order to run a script in a sandboxed enviroment you can use:
- temporary exception entitlement (which is largely prohibited from the app store, and therefore not desirable in this instance)
OR
- scripting targets: com.apple.security.scripting-targets
Apple provide an app for Mail:
<key>com.apple.security.scripting-targets</key>
<dict>
<key>com.apple.mail</key>
<array>
<string>com.apple.mail.compose</string>
</array>
</dict>
However I am trying to understand if / how this could be used with System Events, e.g.
<key>com.apple.security.scripting-targets</key>
<dict>
<key>com.apple.systemevents</key>
<array>
<string>com.apple.systemevents.WHATEVER</string>
</array>
</dict>
And if so, how would I go about finding the list of 'Scripting access groups' for System Events?
Further question - If there is not a set of 'Scripting access groups' available for System Events, does this therefore mean that it is impossible to call System Events from a Sandboxed app?
Thank you in advance for your support.