Hi all,
It’s a long time ago that I created an app for mac, but now I’m on it again. My problem is that I do not get Entitlements to work.
I created a .entitlements file with this content :
and added it to user entitlements in the MacOs built section. As well as my signature. The access rights dialogue appears on every launch. If I agree it works. As far as I remember, in the past after giving the rights once it never asked again. In the Mac security settings for automation my app is not listed.
I tried then to do the entitlements in the terminal with this command :
My app simply allows the user to create a bunch of shell commands the easy way. It then saves a file with the commands. By double-clicking the file, the app runs the commands windowless and quits. No deep knowledge required, no complex chmod commands and so on to make batch files executable.
In some cases, the entitlement is not required. To illustrate one case where they are required :
Make a copy of the Photos preferences (not an editable plist, no defauts.write found) and add _oriiginal
Run Photos by holding the option key and select a library (let’s say A)
make a copy of the preferences and add _A
Run Photos by holding the option key and select a library (let’s say B)
make a copy of the preferences and add _B
now my app can create a file that quits Photos if it runs, deletes the Photos preferences file and makes a copy of the Preferences_A and name it as Photos preferences, then run Photos with library A
another file will do the same for library B
The user can now open a specific library in Photos by just double-clicking the right file. This works actually fine, but opens every time the allow access dialogue.
There are a ton of other things the app can do, this is just one example.
That wasn’t my question. I should have been more clear. You also need an NSAppleEventsUsageDescription for the plist:
'AppleScript
command = "/bin/echo 'NSAppleEventsUsageDescription = ""Mail Archiver verwendet AppleScript, um mit Mail und Outlook zu kommunizieren.""; '>>" + appPath + "/Contents/Resources/de.lproj/InfoPlist.strings"
Call DoShellCommand(command)
You’ll get the dialog on every debug run, but only once per built released app. IIRC it’s based on a hash of the signature to know whether it needs to ask again.
Well, we must be doing something different because my app requires both AppleEvents and Full Disk Access. There is no wonderful dialog for each debug run.
In the past, every debug run showed the dialogue again.I suppose the system sees them as different apps. But the compiled version just showed the dialogue once. Now the compiled app asks for it every time and that drives me crazy.
I tried to reset TCC and much more but nothing works. All this was done on my MacBook Air. Now I tried on my Mac Studio and the behaviour is exactly the same. So, now I can exclude problems with the system.
OK, something goes wrong on MacOs. The message requesting access states something like “Your app tries to control other apps…” so I suggested that automation rights are required.
I now simply added the app manually to full disk access and the dialogue never pops up again. Problem solved.
But, now I face another issue. I can’t find a way to automate full disk access request. Many apps show a dialogue, open the settings, and so on. Is there an easy way to do this in Xojo - checking if full disk access is already given and if not requesting it ?
How do you run your AppleScript? The whole purpose of the security in macOS is that the security items are separate. I have 2 projects where I only use AppleScript and those do not need FDA.
Before that I would have pointed you to this example project: GitHub: jo-tools/applescript-automation
This shows how to use AppleScript to automate, determines permission and how to deal with it (e.g. by opening the preferences).
