codesigning and app permissions for programs that need filesystem access

[nate at manicmind.earth]

I am running the latest Big Sur update. I was on Catalina last week and it had the same behavior.

> On Apr 23, 2021, at 9:12 PM, Andrew Janke <apjanke.floss at gmail.com> wrote:
> 
> What version of macOS are you running? The SIP and sandboxing stuff
> changes from version to version...
> 
>> On 4/23/21 8:12 PM, Nathaniel W Griswold wrote:
>> Do apps like emacs need to be ad-hoc codesigned to access privileged folders like Documents?
>> 
>> The first time i installed the emacs-app-devel subport, it prompted me the first time i used it for accessibility control and access to folders like ~/Documents. Everything worked fine.
>> 
>> But then i upgraded it and find-file started failing when accessing ~/Documents. The gui open still worked, though. I noticed in the system console errors that tccd was having trouble transferring info in the system databases about the app, so i ad-hoc codesigned Emacs.app and relaunched, and it reprompted me for access and everything started working as normal again.
>> 
>> But did i have to do this? Are features like access to ~/Documents supposed to work without code signing? I did notice some errors in the console about a missing file /private/var/db/DetachedSignatures (what i understand from googling to be a system sqlite db). I think this might be used for unsigned apps that need features like this, like for this exact situation, but i don’t have it on my system for some reason and these errors don’t cause it to be created.
>> 
>> Anyone know about this?
>> 
>> Nate
>>