MacOS:在安装过程中要求“全盘访问”
[英]MacOS: Asking for "Full Disk Access" during installation process
问题描述
Background
背景
I have a daemon which tracks all activity on system.我有一个守护进程,它跟踪系统上的所有活动。 To work correctly it needs "Full Disk Access".要正常工作,它需要“全盘访问”。
Problem问题
If user manually adds daemon to list in "Preferences/Protection and privacy/Privacy/Full Disk Access" everything works as it suppose to.如果用户手动将守护程序添加到“首选项/保护和隐私/隐私/完整磁盘访问”中的列表中,则一切正常。 Problem is that my application is a daemon so it doesn't have access to UI.问题是我的应用程序是一个守护进程,所以它无法访问 UI。 So when it accesses restricted resources user can't be prompted to grant "Full Disk Access".因此,当它访问受限资源时,不会提示用户授予“全盘访问权限”。 As a result user may not be aware that software is not fully operational.因此,用户可能不知道软件未完全运行。
Basically this solution doesn't work (it is not enough for a daemon).基本上这个解决方案不起作用(对于守护进程来说还不够)。
Question题
To solve this issue I want to prompt user to grant "Full Disk Access" during installation process.为了解决这个问题,我想在安装过程中提示用户授予“完整磁盘访问权限”。 I have no idea how to achieve that.我不知道如何实现这一目标。
Is it possible to grant "Full Disk Access" during pkg installation process?是否可以在 pkg 安装过程中授予“完整磁盘访问权限”? If yes how to do it?如果是怎么做?
1 个解决方案
解决方案1
1 2020-03-08 03:07:27
So when it accesses restricted resources user can't be prompted to grant "Full Disk Access"
No apps can prompt to grant "Full Disk Access".没有应用程序可以提示授予“完整磁盘访问权限”。 You can prompt for access to other privileged "Finders and Folders" locations (Desktop, Documents, Downloads, etc.) but not for the Full Disk Access locations (mail database, etc.)您可以提示访问其他特权“查找程序和文件夹”位置(桌面、文档、下载等),但不能提示访问全磁盘访问位置(邮件数据库等)
Your daemon should be able to prompt for "Finders and Folders" access, despite it being a daemon.您的守护程序应该能够提示“查找程序和文件夹”访问,尽管它是一个守护程序。
Granting access to helper apps specifically was discussed at WWDC 2019:在 WWDC 2019 上专门讨论了授予对帮助应用程序的访问权限:
Advances in macOS Security - WWDDC 2019 macOS 安全性的进步 - WWDDC 2019
https://developer.apple.com/videos/play/wwdc2019/701/ https://developer.apple.com/videos/play/wwdc2019/701/
timestamp 31:15时间戳 31:15
And while we're here, I'd like to talk about one of the enhancements that we've made in macOS Catalina to how apps are approved for Full Disk Access, while users can still manually add apps to the list using the plus button here.
One piece of feedback that we've gotten from developers is that it can be awkward for users to locate their app's privileged helpers .
So, now in macOS Catalina, executables that are denied access to files due to a lack of Full Disk Access approval are now pre-populated unchecked.
Here, we see one such helper identified by its executable name.
If that helper were embedded in a bundle, the display name in icon specifying the bundles Info.plist would be displayed instead.
This is the Apple-approved way to request Full Disk Access.这是 Apple 批准的请求完整磁盘访问的方式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.