Reputation: 37512
MacOS: Asking for "Full Disk Access" during installation process
Background
I have a daemon which tracks all activity on system. To work correctly it needs "Full Disk Access".
Problem
If user manually adds daemon to list in "Preferences/Protection and privacy/Privacy/Full Disk Access" everything works as it suppose to. Problem is that my application is a daemon so it doesn't have access to UI. So when it accesses restricted resources user can't be prompted to grant "Full Disk Access". As a result user may not be aware that software is not fully operational.
Basically this solution doesn't work (it is not enough for a daemon).
Question
To solve this issue I want to prompt user to grant "Full Disk Access" during installation process. I have no idea how to achieve that.
Is it possible to grant "Full Disk Access" during pkg installation process? If yes how to do it?
Upvotes: 3
Views: 3502
Answers (1)
Reputation: 34983
So when it accesses restricted resources user can't be prompted to grant "Full Disk Access"
No apps can prompt to grant "Full Disk Access". You can prompt for access to other privileged "Finders and Folders" locations (Desktop, Documents, Downloads, etc.) but not for the Full Disk Access locations (mail database, etc.)
Your daemon should be able to prompt for "Finders and Folders" access, despite it being a daemon.
Granting access to helper apps specifically was discussed at WWDC 2019:
Advances in macOS Security - WWDDC 2019
https://developer.apple.com/videos/play/wwdc2019/701/
timestamp 31:15
And while we're here, I'd like to talk about one of the enhancements that we've made in macOS Catalina to how apps are approved for Full Disk Access, while users can still manually add apps to the list using the plus button here.
One piece of feedback that we've gotten from developers is that it can be awkward for users to locate their app's privileged helpers.
So, now in macOS Catalina, executables that are denied access to files due to a lack of Full Disk Access approval are now pre-populated unchecked.
Here, we see one such helper identified by its executable name.
If that helper were embedded in a bundle, the display name in icon specifying the bundles Info.plist would be displayed instead.
This is the Apple-approved way to request Full Disk Access.
Upvotes: 4
Related Questions
- macOS Catalina: trying to install content to the system volume
- How do I disable selection of an alternate volume in my OS X installer package?
- Make pkgbuild install in user home directory
- Installation failed with postinstall script Mac OSX
- Mac installer overwrites ALL copies of file
- macOS Installer "Show Files" only "The file listing isn't available"
- Can macOS flat file pkg installer throw error dialog?
- osx - remove files as part of pkg installation
- installation is getting failed when i click cancel of authentication page
- OSX - installer fails when run from command line