I'm implementing a BlackBerry 10 Cascade application. There I have given following permissions in the bar-descriptor.xml.
<permission>run_when_backgrounded</permission>
<permission>access_internet</permission>
Then I clean, build and run the application using QNX Momentics IDE. Next go to the System Settings -> Security and Privacy -> Application Permissions and select "Permissions All" from the drop-down. But I cannot see my application listed there. I am using Dev Alpha device for my testing. I have used even Device-Release for Build Configuration.
What could be the mistake I have done?
I got a response from BlackBerry Forum. The place I've mentioned in the question lists applications that needs user permissions only. Other applications, whose permissions listed in the bar-descriptor.xml don't need user confirmation, aren't listed there. You can see the answer given by peter9477 in BB forum from here.
Related
I've started hardening the physical folder configurations of our existing ASP.NET Core/ASP.NET 5.0 apps and I was wondering if anyone can point me to some official documentation from MS on this topic.
After some tests, I've noticed that the app pool account has to have read and execute permissions on the folder where the site is hosted. A simple read won't cut it.
After some trial and error, these are the minimum permissions under which a simple ASP.NET 5.0 can run:
Can anyone explain why all these permissions are required? For instance, why is "read extended attributes" required?
Thanks.
If you want to give the application pool permission to read or execute the folder where the application is located, you can follow the steps below.
Right click the site and click Edit Permissions...
Select Security, Edit, Add. Type in application pool's name.
Click OK. Then check the permission for application pool.
My Use case :
I have an automation framework for Mac that launches 2 instances of the same app ( same bundle id) available at different locations to simulate two endpoint cases for media calls. With introduction of Mojave permissions, when I grant permission( camera , mic & accessibility) for one instance of the app, the other instance doesn't have the same permissions.
Since the bundle id is same, is it not that providing permission for the app is carried over to both instances?
I tried pushing a system profile to provide permissions but that doesn't seem to work
Also added an apple script to continuously check for permission pop-up and click ok to it. This works for mic and camera but not for accessibility. Also when each instance is launched the permission would be asked again.
Is there a way to by default provide all access to the application by default without asking for any permission pop-ups?
Or is there any way to tweak something at the OS level to not ask for permissions at all ( behave same as <10.14) .. I tried disabling system integrity but that doesn't seems solve this issue
You need to code-sign all versions/copies of the app using the same identity.
When an app is not code-signed and the system needs to record its identity (as for permissions), it generates an ad hoc code signature. That signature, though, only matches that exact build of the app. Another copy of the app that is different in any code-signature-relevant way is not considered to have the same identity. In fact, it's likely to be considered "malicious" as it appears to have been tampered with.
If you code-sign your app with appropriate designated requirements, that enables the system to understand that two different versions of an app have the same identity and should share permissions. This is key to an app maintaining permissions through an upgrade to a new version, for example.
I am on OSX 10.14, XCode 10, objective-c
I am currently developing a workflow for explaining the user why he needs to accept automation for my app, explaining how to manually activate it and so on.
For testing reasons it would be great to remove my listed app in the system preferences so i can test this process multiple times.
E.g. in the picture: How can i completely remove Google Chrome for example?
EDIT:
Im not able to open the TCC database where this information is stored:
These permissions are stored in the TCC database, for your current user:
~/Library/Application Support/com.apple.TCC/TCC.db
This is a SQLite database, so you can edit them with the editor of your choice.
The table is called access.
Applications listed in Automation will have kTCCServiceAppleEvents as service.
You can simply remove them and save the database.
EDIT
This is not the global TCC database stored in /Library, which is protected by SIP.
Note the ~, meaning it's in your user's folder: /Users/xxx/Library/...
This one is editable even with SIP enabled.
EDIT 2
So looks like the local TCC database is also protected.
Filesystem protection is only affective for apps built against the macOS 10.14 SDK - that's why I was able to edit it with some third party client.
So I guess the only solution is to disable SIP unfortunately.
I can confirm that the database can be edited if SIP is removed, both with sqlite3 as well as UI tools like SQLiteManager.
My app is rejected by
2.3 Apps that do not perform as advertised by the developer will be rejected
It said that the file copied into "~/Library/Fonts" failed.
It works when test by myself, I find that it will get permission fail when using the sandbox mode, did Apple reviewer will accept this feedback?
thanks
Apps must work in the sandbox no exceptions allowed.
A sandboxed application cannot write to ~/Library/Fonts.
Either store the font in the app bundle and use it from there, or put up a standard file dialog asking the user to grant permission to write to ~/Library/Fonts by selecting it.
If you get stuck doing either of those ask a specific question on them showing what you've tried. Such a question is unlikely to be seen as off topic.
HTH
I am attempting to write a small, lightweight client, using vb.net winforms, that can install without needing elevated privileges. Before I ask my questions, let me give you a bit of an idea of what it is supposed to do.
The app will start when Windows loads, set like this from the install, with a system/notification tray icon that can be clicked on to load up specific functionality. The application install from a website, or possibly a file share, haven't quite decided yet. This client will initially request user credentials for one of our web programs, and it will talk to an already built web service to determine what functionalities of our services they have licensed access to. After this, credentials will be encrypted and saved to the users pc locally. Every five minutes, the client will pass the credentials to the websites they have access to and check to see the status of jobs that are being processed, and download available reports if needed.
So, here is what I am trying to understand. If I configure this app as a ClickOnce application, once it installs from the url or shared drive, the user will not need to do anything else, correct? Or do they have to visit that url every time they boot up to reinstall/run the client?
Another thing, I wanted to get some opinions on the best ways to do some of the things this app will be doing. I have a good idea of where I am going with it, but I have no idea of which solution to go with yet.
For instance, what is the best way to store user passed credentials on their system for a "remember me"?
Also, is the best way to have the client install with automatically starting on windows startup to configure it to create a shortcut of itself in the windows startup folder?
I am trying to keep this as lightweight as possible, and using a very small GUI, so it shouldn't be too intrusive, so any ideas on how to ensure that, while keeping it from needing admin privs to install, will also help.
If I configure this app as a ClickOnce application, once it installs
from the url or shared drive, the user will not need to do anything
else, correct? Or do they have to visit that url every time they boot
up to reinstall/run the client?
Well if they need to reinstall it, they would have to download the setup.exe file again, but why would users need to do that? CilckOnce supports automatic updates. Visiting url is certainly not needed for running the program.
what is the best way to store user passed credentials on their system
for a "remember me"?
Probably storing them as application settings. Haven't used visual studio 2012, but in visual studio 2010 you have to right-click on project in solutions explorer, go to project propeties and then create variables in Settings tab. Then you can access those variables in code using My.Settings.variableName. Not sure about security though, if you need any.
As for privileges, I think you just need a privilege to install a program. Maybe you should publish a primitive clickOnce application and experiment with it and that will answer all your other questions about clickOnce.