Article Directory
First, Permission Description
About two rights, I do not see specific proposals to Apple developers.
According to: https://support.apple.com/zh-cn/guide/mac-help/mh32356/mac , for users, these two rights are
Complete Disk Access : display can access the App all the files on your computer, including other App (such as "mail", "information", Safari browser and "family") on the data, the data time machine backup and this Mac part of the management settings for all users.
Files and folders : This display can be accessed on the Mac App different locations of files and folders. If you want to block access to files and folders, deselect the App.
Related url Jump:
/*
Privacy_AllFiles 完全磁盘访问权限
Privacy_Assistive 文件和文件夹
*/
NSString *urlString = @"x-apple.systempreferences:com.apple.preference.security?Privacy_Assistive";
[[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:urlString]];
Second, the 文件和文件夹
authority
1, requires authorization directory
Reference from: https://nektony.com/duplicate-finder-free/folders-permission
文件和文件夹
Rights, mainly for the following few folders (there are other folders like to inform):
- Desttop Folder Desktop folder,
~/Desktop
- Documents Folder "documents" folder,
~/Documents
- Downloads Foder download folder,
~/Downloads
- Removable Volumes removable volume (e.g., U-disk), as
/Volumes/SSWD
- Network Volumes server files
2, authorize action
In the SIP open state, when the above-mentioned application to access the folder, the pop-up window will prompt the user to authorize:
The results will be displayed in the authorization 系统偏好设置
-> 安全性与隐私
-> 隐私
-> 文件和文件夹
in.
3, no authorization directory
Since the directory is not clear what specific authorization is required, so the test the following directories, they are not required files and folders or a full disk access
/Applications
~
~/Library
~/Library/Containers
~/Library/WebKit
~/Library/QuickTime
You can read data~/Pictures
~/Music
~/Library/Mobile Documents
~/Library/Mobile\ Documents/com\~apple\~ScriptEditor2/Documents
Third, the full disk access
1, manual additions and deletions
In the Preferences panel can manually add and remove applications.
Click Add, open the folder to select.
2, and file and folder permissions related
Have full access to disks, files and folders will be displayed.
Has been authorized, full disk access, the access to the desktop, etc., will not continue to require authorization.
3, under the SIP can not command full disk access
1)
tccutil reset all com.ms.VideoEditDemo
2)
$ tccutil reset AllFiles
tccutil: Failed to reset database
$ tccutil reset Assistive
tccutil: Failed to reset database
Above commands is not the same as removing the microphone permission to remove full access to the disk and folder permissions. Manual removal is the best way.
Non-SIP to be tested.
4, judge authorized full access to the disk
provided by @HsiangHo
typedef NS_ENUM(NSUInteger, FDAAuthorizationStatus) {
FDAAuthorizationStatusNotDetermined = 0,
FDAAuthorizationStatusDenied,
FDAAuthorizationStatusAuthorized
} NS_SWIFT_NAME(AuthorizationStatus);
NS_ASSUME_NONNULL_BEGIN
@interface FullDiskAccessAuthorizer : NSObject
+ (instancetype)sharedInstance;
- (FDAAuthorizationStatus)authorizationStatus;
- (void)requestAuthorization;
@end
#import "FullDiskAccessAuthorizer.h"
#import <pwd.h>
#import <Cocoa/Cocoa.h>
static FullDiskAccessAuthorizer *instance;
@implementation FullDiskAccessAuthorizer
+ (instancetype)sharedInstance {
@synchronized (self) {
if(nil == instance) {
instance = [[FullDiskAccessAuthorizer alloc] init];
}
return instance;
}
}
- (FDAAuthorizationStatus)authorizationStatus {
NSString *userHomePath = NSHomeDirectory();
BOOL isSandboxed = (nil != NSProcessInfo.processInfo.environment[@"APP_SANDBOX_CONTAINER_ID"]);
NSLog(@"isSandboxed : %d",isSandboxed);
if (isSandboxed)
{
struct passwd *pw = getpwuid(getuid());
assert(pw);
userHomePath = [NSString stringWithUTF8String:pw->pw_dir];
}
NSString *path = [userHomePath stringByAppendingPathComponent:@"Library/Safari"];
NSLog(@"userHomePath : %@, path : %@",userHomePath,path);
BOOL fileExists = [[NSFileManager defaultManager] fileExistsAtPath:path];
NSArray<NSString *> *paths = [[NSFileManager defaultManager] contentsOfDirectoryAtPath:path error:nil];
NSLog(@"paths : %@",paths);
if (paths == nil && fileExists){
return FDAAuthorizationStatusDenied;
} else if (fileExists) {
return FDAAuthorizationStatusAuthorized;
} else {
return FDAAuthorizationStatusNotDetermined;
}
}
- (void)requestAuthorization {
if (@available(macOS 10.14, *)){
[[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:@"x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles"]];
}
}
@end
Iori 2020-02-10 (a) the patient is willing to speedy recovery