4 Replies
      Latest reply on May 13, 2019 2:56 AM by heilei
      Smithers Level 1 Level 1 (5 points)

        I'm trying to use the Accessibility API and have this code:

         

         

          NSDictionary *options = @{(__bridge id) kAXTrustedCheckOptionPrompt : @YES};

          BOOL accessibilityEnabled = AXIsProcessTrustedWithOptions((__bridge CFDictionaryRef) options);

         

        This always returns no, however it does not prompt the user for permission nor does it display the app's name in System Preferences > Security & Privacy. What do I need to test this? I could try and add the debug version manually into System Preferences but how do I know that this will work properly when released to the public? Is there any way to test this out? I am not seeing any prompt at all.

        • Re: AXIsProcessTrustedWithOptions not prompting for permission
          cheeseb Level 1 Level 1 (0 points)

          I haven't analyzed your code snippet and can't comment on it. But you should be aware that, when you run your application in debug mode in Xcode, the application that needs to have access authorized is Xcode itself, not your application. So it is Xcode should be added to the Accessibility list, and checking Xcode's checkbox should enable accessibility for Xcode while you debug your application. But yes, an alert should be presented asking for permission -- unless Xcode already has permission.

          • Re: AXIsProcessTrustedWithOptions not prompting for permission
            haikuty Level 1 Level 1 (0 points)

            (adding comment to this old thread in case it saves someone else time finding the answer more easily):


            It appears, in 10.13.3 at least, that applications which are using the app sandbox will not have the alert shown.  If you turn of app sandbox in the project entitlements then the alert is shown.

             

            I filed a bug about this because the point of adding a system prompt to add the application to accessibility and of making this accessibility preference per-app instead of the prevous global setting prior to 10.9 was to make this all explicit and obvious to the user as a way to *increase* security of the system but making it so one has to *turn off* sandboxing in order to use this better approach defeats that since doing so *decreases* security for the user.

             

            Furthermore, even if someone has a convincing argument as to why they need to disable this for sandboxed aps, there's still a bug: the AXIsProcessTrustedWithOptions call documentation (and header file) doesn't document this restriction which means developers waste a bunch of time trying to figure out why it's "broken".

              • Re: AXIsProcessTrustedWithOptions not prompting for permission
                FYVE Level 1 Level 1 (0 points)

                I'm having this same issue. I narrowed it down to the App Sandbox being on like you mentioned. The problem is my Launch at Login function needs App Sandbox enabled.

                 

                Don't know what I should do really. My app needs to be trusted for full functionallity but if that alert is not shown first then the app gets rejected from the App Store. So it's basically no option but cut the Launch at Login function for now and hope it's just a bug that gets fixed.

                • Re: AXIsProcessTrustedWithOptions not prompting for permission
                  heilei Level 1 Level 1 (0 points)

                  Thanks haikuty, you just saved me from a lot of headache. Is this feature/bug documented somewhere (i.e. the fact that sandboxing disables the Accessibility dialog), or did you find this by chance? A really weird design decision from Apple if this is intentional.