I am on OSX 10.14, XCode 10, objective-c
I am currently developing a workflow for explaining the user why he needs to accept automation for my app, explaining how to manually activate it and so on.
For testing reasons it would be great to remove my listed app in the system preferences so i can test this process multiple times.
E.g. in the picture: How can i completely remove Google Chrome for example?
EDIT:
Im not able to open the TCC database where this information is stored:
These permissions are stored in the TCC database, for your current user:
~/Library/Application Support/com.apple.TCC/TCC.db
This is a SQLite database, so you can edit them with the editor of your choice.
The table is called access.
Applications listed in Automation will have kTCCServiceAppleEvents as service.
You can simply remove them and save the database.
EDIT
This is not the global TCC database stored in /Library, which is protected by SIP.
Note the ~, meaning it's in your user's folder: /Users/xxx/Library/...
This one is editable even with SIP enabled.
EDIT 2
So looks like the local TCC database is also protected.
Filesystem protection is only affective for apps built against the macOS 10.14 SDK - that's why I was able to edit it with some third party client.
So I guess the only solution is to disable SIP unfortunately.
I can confirm that the database can be edited if SIP is removed, both with sqlite3 as well as UI tools like SQLiteManager.
Related
My Use case :
I have an automation framework for Mac that launches 2 instances of the same app ( same bundle id) available at different locations to simulate two endpoint cases for media calls. With introduction of Mojave permissions, when I grant permission( camera , mic & accessibility) for one instance of the app, the other instance doesn't have the same permissions.
Since the bundle id is same, is it not that providing permission for the app is carried over to both instances?
I tried pushing a system profile to provide permissions but that doesn't seem to work
Also added an apple script to continuously check for permission pop-up and click ok to it. This works for mic and camera but not for accessibility. Also when each instance is launched the permission would be asked again.
Is there a way to by default provide all access to the application by default without asking for any permission pop-ups?
Or is there any way to tweak something at the OS level to not ask for permissions at all ( behave same as <10.14) .. I tried disabling system integrity but that doesn't seems solve this issue
You need to code-sign all versions/copies of the app using the same identity.
When an app is not code-signed and the system needs to record its identity (as for permissions), it generates an ad hoc code signature. That signature, though, only matches that exact build of the app. Another copy of the app that is different in any code-signature-relevant way is not considered to have the same identity. In fact, it's likely to be considered "malicious" as it appears to have been tampered with.
If you code-sign your app with appropriate designated requirements, that enables the system to understand that two different versions of an app have the same identity and should share permissions. This is key to an app maintaining permissions through an upgrade to a new version, for example.
My app is rejected by
2.3 Apps that do not perform as advertised by the developer will be rejected
It said that the file copied into "~/Library/Fonts" failed.
It works when test by myself, I find that it will get permission fail when using the sandbox mode, did Apple reviewer will accept this feedback?
thanks
Apps must work in the sandbox no exceptions allowed.
A sandboxed application cannot write to ~/Library/Fonts.
Either store the font in the app bundle and use it from there, or put up a standard file dialog asking the user to grant permission to write to ~/Library/Fonts by selecting it.
If you get stuck doing either of those ask a specific question on them showing what you've tried. Such a question is unlikely to be seen as off topic.
HTH
I want to read the content of a text file (serves as a key) stored inside a USB mass storage automatically when the user is authenticated by his matching username and password for that website. It's like the textfile(key) is the extended authentication.
I think this needs to can be done by a (1) native program? or an (2) applet? What do i need to study? Can someone give me an overview for the process to make this possible?
Quite good in web tech but not with native app.
You cannot access USB mass storage devices through chrome.usb as they are claimed and handled by the host operating system.
Instead you could use the chrome.fileSystem API, but the user will need to select the file. Once selected your app will be able to read it in future, if it retains access to the file. See the API documentation for more details.
If you want this only for Internet Explorer, You can create an Active X. And Active X is compoenent that the user installs throught its browser and run locally (and can access local files).
Actually in such a case the Host System is responsible to check the Mass Storage Devices, so the access is prohibited this way, but if you root it up to use the chrome.fileSystem.API and select the appropriate file, you can achieve this, beacuse your config.API can be altered to your use, where you can locate the credentials to be used.(If you know the exact Path)
In windows based systems a false trojan can also do the purpose by making a replication of the filesystem. Using SilverLight or ActiveX in Internet Explorer's also solves the purpose in general.
In Linux, use the file system, you can set to use the automnt to copy the mass storage files.
Why not try building a .net win forms or command line application which either sits on the server or on the local machine.
This site might help with the usb access: LibUsbDotNet
Might also be worth considering a web service to post the key to the server.
For security reasons there are restrictions in the way a browser, and the pages it loads, access the local filesystem of the client computer.
Is it safe to assume you only require this to work on a specific browser? As Ben said, please share more details about your requirement for a more comprehensive solution
I'm implementing a BlackBerry 10 Cascade application. There I have given following permissions in the bar-descriptor.xml.
<permission>run_when_backgrounded</permission>
<permission>access_internet</permission>
Then I clean, build and run the application using QNX Momentics IDE. Next go to the System Settings -> Security and Privacy -> Application Permissions and select "Permissions All" from the drop-down. But I cannot see my application listed there. I am using Dev Alpha device for my testing. I have used even Device-Release for Build Configuration.
What could be the mistake I have done?
I got a response from BlackBerry Forum. The place I've mentioned in the question lists applications that needs user permissions only. Other applications, whose permissions listed in the bar-descriptor.xml don't need user confirmation, aren't listed there. You can see the answer given by peter9477 in BB forum from here.
Is there a way I can add support for syncing my program's settings with Windows Live Mesh, so that it would appear in the list below?
That's where I would like to see my program offering to "Turn on syncing for your settings". Is there some sort of a plugin API for this?
Unfortunately not. Microsoft struggled with opening this thing up to developers, and I believe something similar actually was available for some time during the old Mesh beta days (before they renamed Sync to Mesh). I doubt they will ever allow it since Mesh is being replaced with SkyDrive (I'm pretty sure they actually announced it, but I can't find where, but this basically says the same: http://www.zdnet.com/blog/microsoft/is-microsofts-live-mesh-on-its-way-to-the-graveyard/12540). Setting syncing like you want is available to Windows 8 Metro apps through Skydrive and Microsoft Account/Live ID roaming (http://blogs.msdn.com/b/b8/archive/2011/09/26/signing-in-to-windows-8-with-a-windows-live-id.aspx and API: http://msdn.microsoft.com/en-us/library/windows/apps/windows.storage.applicationdata.roamingfolder.aspx)
But of course, in exchange for that you restrict your audience to Windows 8 users.