codesigning and app permissions for programs that need filesystem access
Nathaniel W Griswold
nate at manicmind.earth
Sat Apr 24 00:12:37 UTC 2021
Do apps like emacs need to be ad-hoc codesigned to access privileged folders like Documents?
The first time i installed the emacs-app-devel subport, it prompted me the first time i used it for accessibility control and access to folders like ~/Documents. Everything worked fine.
But then i upgraded it and find-file started failing when accessing ~/Documents. The gui open still worked, though. I noticed in the system console errors that tccd was having trouble transferring info in the system databases about the app, so i ad-hoc codesigned Emacs.app and relaunched, and it reprompted me for access and everything started working as normal again.
But did i have to do this? Are features like access to ~/Documents supposed to work without code signing? I did notice some errors in the console about a missing file /private/var/db/DetachedSignatures (what i understand from googling to be a system sqlite db). I think this might be used for unsigned apps that need features like this, like for this exact situation, but i don’t have it on my system for some reason and these errors don’t cause it to be created.
Anyone know about this?
More information about the macports-dev