I need to know if the current user is being managed by Mac OS X Parental Controls (more specifically, the app age restrictions) in order to block some contents of the app. How can I do that? Any of these will be enough.
Methods that can be achieved with Objective-C, but not necessarily using Objective-C, like bash commands or AppleScript commands, are also accepted.
EDIT: The app age restriction can be found here: https://ibb.co/mOZyww
First, I'm not sure what you mean by
app age restrictions
On macOS 10.13, I only see the option to restrict applications to a whitelist; I can't configure restrictions based on age.
Anyway, parental controls are stored in the local directory services, in the mcx_attributes attribute for the user in question.
(mcx refers to the old Managed Preference framework)
You can browse this via the UI using Directory Utility or via dscl (using the mcx plugin).
If you run dscl, you can then browse the directory services using cd, ls, etc.
For example, I can navigate to my testuser:
cd /Local/Default/Users/testuser
And then dump the parental controls with mcxexport
-mcxexport .
This will give you the configured parental controls in XML format.
Check out dscl . -mcxhelp for more information.
Updated
Toggling the "Restrict: Apps to:" setting updates this preferences key:
<key>gamesLimit</key>
<dict>
<key>state</key>
<string>always</string>
<key>value</key>
<integer>300</integer>
</dict>
You would have to play around with it to figure out the corresponding values (e.g. 300 == Age 12+)
Related
I'm trying to add a URL to my system startup. I want to do this via the registry because it fits some other things I'm hoping to do later. Here's my code at the moment;
My.Computer.Registry.SetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\", "LinkLoad", "https://www.url.link")
I'm trying to do this via vb.net if at all possible. I have given the application administrative privileges but for some reason this hasn't work. The new registry key isn't in position (and to be honest I'm not 100% sure this would work in loading the webpage!).
[FYI the link in the above code is junk, I didn't think it was important to include the actual link I want to load!)
I use Com4j to let my Java app comunicate with iTunes on Windows, I saw that my generated classes dont contain methods to let me update movement and work fields like I can update other fields such as artist or album.
So I regenned the classes using
c:\Code\jthink\opensrc\com4j-20120426-2>java -jar tlbimp.jar -o C:\Code\jthink\SongKong\src\main\java -p com.jthink.songkong.itunes "C:\Program Files\iTunes\iTunes.exe"
against the latest 12.6 iTunes exe and they still arent here. (I would expect them in IITFileOrCDTrack.java) am I doing something wrong or does this mean that iTunes have to explicity code to expose there new fields and they have decided not to.
So does that mean iTunes has to explicity code a new COM interface to make these fields accessible to other programs
Note these new fields are available via applescript on a Mac machine
As stated in above comment you basically have two options:
File a bug with Apple and wait (possibly indefinitely)
Use the grouping field instead
Personally, I have found the grouping field to accomplish the role of 'subcategory'. While I realize it is less ideal than having the ability to utilize both movement and work fields, I have been able to accomplish my desired functionality via grouping thus far.
I have an Application for the Mac that I want to publish on in the app store.
I order to get it published I need to put in a sandbox.
The app access Sqlite files outside the sandbox which the user selects from a openpanel.
The App works fine when is performs a select but it fails on inserts and updates.
I can remember reading something about some function you could call that could give you write access to files outside the sandbox but for the life I can remember what is was Can anyone enlighten me ?
Regards Christian Arild Stœr Andersen
Add "com.apple.security.files.bookmarks.app-scope" with boolean value YES in entitlement file of your project. Add follow "With Sandboxing" section of this link --
http://cocoaintheshell.com/2012/09/saving-sandboxing/
When you resolve your URL, by using URLByResolvingBookmarkData: method, you will get the url something like this --
file://localhost/Users/XYZ/Downloads/MyAudio.mp3?applesecurityscope=353734653735396237656239646134396537363331633063393765356234363035353666326332393b30303030303030303b3030303034534534343030303032303b636f6d2e6170706c652e6170702d73616e64626f782e726561642d77726974653b30303030303030313b30313030303030323b303030303030303030303035633134613b2f75736572732f69706874656368322f646f776e6c6f616473
For more information search for -- "NSURLBookmarkCreationWithSecurityScope"
I'm a bit confused about where the application should send a bunch of files. Let me suppose that an application accepts a number of images with NSOpenPanel at a time from the user. The application applies graphic filters to them. And it's now ready to save processed files. Before they forced us to sandbox applications, we were allowed to export processed files to application folder in Application Support without NSSavePanel. If you wanted to save files elsewhere, then you had to use NSSavePanel. If the application is sandboxed, it cannot send files to NSApplicationSupportDirectory/{app name}(which points to the containers folder assigned to this application)? My first sandboxed application was rejected a few days ago merely because a text field showed a path to container's application support folder. So if you have a bunch of files to export, you have to prompt the user to ask where to save each file? AppSandboxDesignedGuide, which Apple, Inc. has issued, has nothing to say exactly about where to save files except that it says "Your app has unrestricted read/write access to the container and its subdirectories." I think this PDF guide is a printed version of this web site. I'm asking this question here because I have some doubts and reviewers were often wrong at least when I submitted applications to them two years ago.
Thank you for your advice.
If the files are only for the application itself to use you can save the files in "Application Support/", which under the sandbox is under your container, just as before - just use the APIs to construct the path to that folder (and create it, it doesn't exist automatically, just as before).
If you are outputting files for the user to access then you don't put them in the container - that folder is meant to be hidden from ordinary users, though yours is the first time I've heard that even showing the path got you a rejection, but Apple are pretty random.
Here are three choices of where to put your files:
First is to ask the user. This is what you would normally do anyway, you shouldn't just dump files somewhere.
Second is a situation that the sandbox makes harder - when where the file should is is implicit, e.g. a graphic conversion program might sensibly output the converted file with the same name but different extension in the same folder as the original. This was finally addressed by Apple around 10.8.3 or something with "Related Items" - Apple's docs for this are here. Essentially in the Document Types in the Info.plist you must list all the extensions you handle - both in and out - and add a NSIsRelatedItemType key with the value of YES to all those you might convert between. E.g. For TextEdit .rtf, .rtfd and .txt are flagged in this way so TextEdit can open as one format and save as another.
Third, if you wish to put all your files in one location, say in a "Converted Items" folder. Then you ask the user once to specify this folder and then save a security-scoped bookmark to that folder in your applications defaults or elsewhere in your app's container. On subsequent executions you can access this bookmark and regain access to the folder. For an introduction to this start with Apple's Security-Scoped Bookmarks and Persistent Resource Access. This is really no harder than pre-sandbox as any decent app would always ask for the location of the folder from the user, the difference is the need to save the security-scoped bookmark so the user doesn't need to give permission every time.
HTH.
I need a way to get & keep permission to write to a specific directory in OS X. How can that be done while abiding with the new Sandbox requirements?
The recipe:
Ask the user to select the directory - use a standard open dialog limited to directory selection. Apart from a few special directories (music, pictures etc.) there is no way to gain access apart from asking the user.
Create a security-scoped bookmark using the URL returned by the standard open dialog, just search the Apple docs for "security-scoped bookmark".
Persist that bookmark, either in user preferences or in the Application Support folder for your app.
On application launch, or before you need access, read in the saved bookmark and activate - you'll find out how to do this in the Apple docs as above.