Reliable test for Full Disk Access?

On Mojave, my app needs a way to determine if the user has already added the app to the "Full Disk Access" list in System Preferences. (And if not, instruct him to do so).


So far I've been using the following empirical test:


int c = open("/Library/Application Support/com.apple.TCC/TCC.db", O_RDONLY);

if (c == -1 && (errno == EPERM || errno == EACCES)) {

// no full disk access

}


However it turns out that on a small percentage of systems, this test gives NO even when the app is already in the "Full Disk Access" list.

I also noticed that on such systems, the folder /Library/Application Support/com.apple.TCC/ has access permissions 700 (drwx------), as opposed to "normal" systems where this folder has permissions 755 (drwxr-xr-x@). I guess this may be the reason why the test fails.


Anyway, is there any API or a more reliable test to see if my app has been added to the "Full Disk Access" list in System Preferences?

Post not yet marked as solved Up vote post of Sheldon15 Down vote post of Sheldon15
12k views
Posted by
Sheldon15
Reply
Add a Comment

Replies

There is no way to do this. I think Apple would argue this is precisely the point; the user must actively, specifically grant this permission. It would defeat the whole purpose if an app could just enable it.

Posted by
demitri
Post not yet marked as solved Up vote reply of demitri Down vote reply of demitri
Add a Comment

Please read the question carefully. The question is not how to let an app enable the full disk access, that would indeed defeat the purpose. The question is how an app could *test* if it has full disk access or not. And if not, give some hints for the user, when necessary. That's a legitimate case.

Posted by
Sheldon15
Post not yet marked as solved Up vote reply of Sheldon15 Down vote reply of Sheldon15

  • Supporting:

    BOOL accessibilityPermissionsGranted = AXIsProcessTrusted();

    checks app can use Accessibility APIs on other apps, while

        [[UNUserNotificationCenter currentNotificationCenter] getNotificationSettingsWithCompletionHandler:^(UNNotificationSettings * _Nonnull settings) {
        BOOL TCCGranted = (settings.authorizationStatus == UNAuthorizationStatusAuthorized);
    }];

    tells app can send user notifications. APIs exist for Camera, Microphone etc. WHY NOT FDA?

    suMac
Add a Comment
I second this request.
Posted by
LowTide
Up vote reply of LowTide Down vote reply of LowTide
Add a Comment

Reviving this thread since I also need an API for testing if my APP has FDA. This is a security app, so upon installation we request the user to grant us Full Disk Access, but some users may miss this prompt and thus not grant the access. We need a way to test in the app if we have FDA or not, so that we can give out some hint about it.

So far I've only found threads asking for such an API, but I haven't found an official one released. I opened an enhancement suggestion to Apple in the hopes that they will right such: FB13511819 (Need an API to recognize if an app has Full Disk Access)

In the meanwhile I'll experiment with the other suggestions in this thread.

Posted by
yoavre
Up vote reply of yoavre Down vote reply of yoavre
Add a Comment

Hello, Plus one here.

Can Apple fix this issue that has been reported (FB13511819) years ago?

Best regards,

Luca Severini

Posted by
lseverini
Up vote reply of lseverini Down vote reply of lseverini
Add a Comment