1 Reply
      Latest reply on Nov 13, 2019 8:52 AM by jcapellman
      yaroslav_p Level 1 Level 1 (0 points)

        Catalina (10.15) behaves differently if a service installed via sudo or Finder.

         

        I want our service to be shown in "Full Disk Access" view of the Security tab (the Security and Privacy pane).

         

        I see that macOS 10.15 handles a service (LaunchDaemon) differently when .pkg is installed via sudo or Finder.

        If a user clicks .pkg file from Finder it is successfully installed and our service is started.

        It tries to access protected folders. Then it shown in "Full Disk Access" view. A user needs to put a tick to

        give required permissions.  It is expected.

        But if I install .pkg using 'sudo /usr/sbin/installer -pkg [pkgname] -target' (it is installed without errors).

        But in that case the service  is not shown in the "Full Disk Access" view.

         

        I tried to solve the issue and found several ways to make the service shown in "Full Disk Access" view.

        1. You need to copy a service bundle to /Applications or ~/Desktop. It becomes visible "Full Disk Access" view.

        2. Invoke 'open' command for the service bundle.

         

        I did some investigations.

        It seems that there is PackageKit API which registers bundles. Different UIDs are used

        when  a package is installed via sudo (with uid 0) and Finder (with user uid).

         

        Our service resides in /Library/Application Support folder. May be OS handles this folder somehow differently.

         

        Is there an official API to register a service bundle to make it visible in "Full Disk Access" view ?

         

        Regards,

        Yaroslav