I need to have for some features of an app file acess to removable volume.
I would like to ask user authorization for this before need it (like at the first start of the app (without having an actual removable volume connected). Because this kind of access need to be made later when no mouse/keyboard is connected.
Is there a way, to programmatically (Objective C) force mac os to ask permission for a specific file access ?
Permission dialog
Setting "Privacy - Removable Volumes Usage Description" in Properties list, didn't help.
Related
My Use case :
I have an automation framework for Mac that launches 2 instances of the same app ( same bundle id) available at different locations to simulate two endpoint cases for media calls. With introduction of Mojave permissions, when I grant permission( camera , mic & accessibility) for one instance of the app, the other instance doesn't have the same permissions.
Since the bundle id is same, is it not that providing permission for the app is carried over to both instances?
I tried pushing a system profile to provide permissions but that doesn't seem to work
Also added an apple script to continuously check for permission pop-up and click ok to it. This works for mic and camera but not for accessibility. Also when each instance is launched the permission would be asked again.
Is there a way to by default provide all access to the application by default without asking for any permission pop-ups?
Or is there any way to tweak something at the OS level to not ask for permissions at all ( behave same as <10.14) .. I tried disabling system integrity but that doesn't seems solve this issue
You need to code-sign all versions/copies of the app using the same identity.
When an app is not code-signed and the system needs to record its identity (as for permissions), it generates an ad hoc code signature. That signature, though, only matches that exact build of the app. Another copy of the app that is different in any code-signature-relevant way is not considered to have the same identity. In fact, it's likely to be considered "malicious" as it appears to have been tampered with.
If you code-sign your app with appropriate designated requirements, that enables the system to understand that two different versions of an app have the same identity and should share permissions. This is key to an app maintaining permissions through an upgrade to a new version, for example.
I want to read the content of a text file (serves as a key) stored inside a USB mass storage automatically when the user is authenticated by his matching username and password for that website. It's like the textfile(key) is the extended authentication.
I think this needs to can be done by a (1) native program? or an (2) applet? What do i need to study? Can someone give me an overview for the process to make this possible?
Quite good in web tech but not with native app.
You cannot access USB mass storage devices through chrome.usb as they are claimed and handled by the host operating system.
Instead you could use the chrome.fileSystem API, but the user will need to select the file. Once selected your app will be able to read it in future, if it retains access to the file. See the API documentation for more details.
If you want this only for Internet Explorer, You can create an Active X. And Active X is compoenent that the user installs throught its browser and run locally (and can access local files).
Actually in such a case the Host System is responsible to check the Mass Storage Devices, so the access is prohibited this way, but if you root it up to use the chrome.fileSystem.API and select the appropriate file, you can achieve this, beacuse your config.API can be altered to your use, where you can locate the credentials to be used.(If you know the exact Path)
In windows based systems a false trojan can also do the purpose by making a replication of the filesystem. Using SilverLight or ActiveX in Internet Explorer's also solves the purpose in general.
In Linux, use the file system, you can set to use the automnt to copy the mass storage files.
Why not try building a .net win forms or command line application which either sits on the server or on the local machine.
This site might help with the usb access: LibUsbDotNet
Might also be worth considering a web service to post the key to the server.
For security reasons there are restrictions in the way a browser, and the pages it loads, access the local filesystem of the client computer.
Is it safe to assume you only require this to work on a specific browser? As Ben said, please share more details about your requirement for a more comprehensive solution
I am working on a MAC application. Is there a provision to store data generated by the app (be it an image or any other document) at a location accessible only by the application. I read through the sandbox feature, but the container created is still accessible by the user directly. Since I am from an iOS background, wondering if the feature to store application data in iOS devices , not accessible by the user directly, is available in Mac applications too? Please advice.
Is there a provision to store data generated by the app (be it an
image or any other document) at a location accessible only by the
application.
No. An administrative user can access any file on the machine. I can think of three options:
Rethink the requirement. The user should be in charge of the application, not the other way around. An application that needs to hide user data from the user sounds suspicious.
Store the data on a server that the user can only access through your application.
Encrypt the data so that the user will have a hard time using it.
By the way, data is only hidden from the user on iOS because the entire file system is hidden. The permission system is about the same as on OS X.
My app runs on Android, iOS, WebSite, WindowsPhone, and now Windows 8. I use SkyDrive already. It's where I store the file(s) my app creates.
It would not be technically difficult to also store my app settings in SkyDrive. This would let me have a "unified" settings experience across devices. That's nice.
Is this allowed? I can do it "technically" can I do it "legally"?
It does not. SkyDrive does not preclude you from using the SkyDrive folders for a repository of a settings file (like a XAML file or something). It is not a violation of ToS.
This used to NOT be allowed. But, I have confirmed this change with a/the SkyDrive PM.
Warning! There is no protected area of SkyDrive for apps to store this sort of information. As a result, the user could delete or tamper with settings files at any time. If you decide to use SkyDrive to store these files, also create a mitigation plan if they are missing or damaged.
I want to write an application that saves some shared settings on the local computer. But the problem is that anyone, including guests, should be able to use it.
So if a guest runs this application, it should be able to write data to persistent storage where everyone has r/w permissions.
The application can be launched from read-only media. So executable local files are off limits.
Do modern OSes support such scenario? Windows is supposed to have "All Users\Application Data", but it seems to be a junction point of some sort on W7, with weird permissions.
No idea about Linux and Mac at all.