A customer reported that one of my Apps was unable to communicate with Photoshop in Catalina. At Security - Automation it is empty and the system doesn’t asks for permission as usual.
I tried to reproduce the error by clearing on my own system with
tccutil reset AppleEvents
And now I’m also unable to re-grant permissions, OS never asks.
Thanks for any help.
Have you tried to restart your computer? I had a couple of users report error -10000 when using an AppleScript. And restarting cured that.
Yes, I tried.
I added also NSAppleEventsUsageDescription
… to info.plist
At debug time I get the message in the string to grant authorization but once wrapped (AppWrapper) it doesn’t works any more.
It’s something related with Hardened Runtime, after disabling and wrapping again it works but unfortunately can’t notarize.
How do you do your AppleScripts? My app extensively uses NSAppleScriptMBS and doesn’t show this error. The app gets the stupid security warnings and is notarized. What do you mean with “can’t notarize”?
I’m using AppleScriptMBS.
If I don’t check Hardened Runtime at AppWrapper I can’t send the package for notarization, the option is disabled in AppWrapper.
After some testing it seems that settings in AppWrapper:
Sandbox - Entitlements only
Enable “Send Apple Events to other applications”
Privacy - Apple Script - My description
solves the issue. I used a plist but didn’t worked.
I would appreciate if I can get some more info about the differences between AppleScriptMBS and NSAppleScriptMBS and why should I use the last one.
Thanks so much.
AppleScriptMBS is the old variation and NSAppleScript is the new one. Why do you use entitlements when you want to notarize?
Good question. Simply because after some testing this seems to work
I read at https://forum.xojo.com/50720-app-wrapper-3-9-and-harden-runtime/0#p411242 that entitlements could “relax” Hardened Runtime and simply tried but ,honestly, Apple is hardening my nerves lately
Apple is hardening everyones nerves lately. The entitlements for notarization are quite different from the ones for the MAS. Are you sure that you didn’t mix those up?
I believe so.
I could test a couple of applications now with this AppWrapper settings and they are working fine, notarized and granting access to Ps.