LiveCode Forums.

The final one before this app goes beta. I am looking for a better solution to this problem than the one I have created so far.

When my app starts it checks the documents folder for a file and adjusts some buttons in the app accordingly. macOS poses an alert saying "such-and-such program would like to access files in your Documents folder." with options "Don't Allow" and "Ok". Which is all fine, the user decides and we carry on (I have yet to test the "Don't Allow" option, I suspect my app is dead in the water at that point as it uses that location for a backup and some scratch files).

However later I want to access the Safari bookmarks file located in /Library/Safari/. The macOS does not present an alert allowing the user to authorise this, but instead just returns an empty zero-byte file to my app. I detect this and put up my own alert which at present just says
If the user then goes to the Full Disk Access privacy tab they will see my app listed there without a checkmark beside it and if they check it then the app will function properly. It reads the bookmarks file and allows you to sort the folders in various ways (Safari itself does not currently provide a mechanism for sorting folders, other than drag and drop, which can be quite tedious if you have a lot of folders -- I have a lot of folders. 190 and counting!!).

My app does have an info section and I provide the steps required to do this yourself:

1. Open System Preferences
2. Select the Privacy tab in the Security & Privacy section
3. From the left hand menu select "Full Disk Access"
4. Check the box next to "SafariSorter"

But I am looking for a more elegant solution (maybe using a pList or entitlements setting)?

I should add that I know that Apple does not want to encourage people to play with the Safari bookmarks file, but they do not restrict access if the user provides authorisation. I am just looking for a cleaner way to allow a user to provide that permission.

Thanks for any ideas you might have. For a guy who has 190 bookmark folders and 10's of thousands of bookmarks, sorting this mess was greatly facilitated by having this app, so at the very least I have a personal solution. Although, it might be nice to share it with the world.

Mark

I don't know, is it really 'thorny'?

i have a number of paid apps on mac where there is a requirement to to do just what you do - ie allow full disk access through security settings.
In fact many of these apps provide a graphic step-by-step guide at startup to ensure the less computer literate users do this properly.

I suspect may mac users will to some extent be familiar with this...


S.

stam wrote: ↑

Sat Jul 02, 2022 12:22 pm

I don't know, is it really 'thorny'?

Hi Stam,

To the extent there does not appear to be an elegant way to facilitate the user providing access (as happens, for example, with the Documents folder access I presented earlier) then I do think it is problematic to deal with. Really this is down to the OS needing to ensure the user provides authorisation for the access (as they do, for example, with camera use).

stam wrote: ↑

Sat Jul 02, 2022 12:22 pm

i have a number of paid apps on mac where there is a requirement to to do just what you do - ie allow full disk access through security settings.
In fact many of these apps provide a graphic step-by-step guide at startup to ensure the less computer literate users do this properly.

I would love to see some screen shots of this, if possible. I'll also send you a link so you can see my current approach and ask you to comment on possible improvements.

But while I am on the topic of "thorny" issues, do you know if it is possible to detect if an app is running (ie. open) on a Mac from another app? I am sure there is a way since sometimes when I run something (say, a disk scanner) it will ask me to close some app, for example. However, I'm not sure there is a way to do this from LC at present. Have you ever run across anything like that?

Thanks
Mark

We ran into this as well. There is (or was as of Big Sur, I have not checked recently for any changes) no Entitlements you can add to you app's entitlement list to allow Full Disk Access. According to Apple, only users can grant this. And as you have already seen, the OS does not prompt for such access.

The closest we came up with was a URI to open the System Preferences and Privacy and Security tab for the user:

If you have a link or a button that executes:
launch url "x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles//"

It will open the correct panel. The user still needs to scroll to the Full Disk Access, unlock the setting with their admin password, and manually add the app.

Hope this helps a little. If anyone does find some Entitlement for Full Disk Access, please post it!

paul@researchware.com wrote: ↑

Sun Jul 03, 2022 2:29 pm

The closest we came up with was a URI to open the System Preferences and Privacy and Security tab for the user:

If you have a link or a button that executes:
launch url "x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles//"

It will open the correct panel. The user still needs to scroll to the Full Disk Access, unlock the setting with their admin password, and manually add the app.

Paul, thank you. That is incredibly useful information and does present the user with many fewer steps to have to wrangle with.

Much appreciated,
Mark

PS do you happen to know of a way to detect if a specific application, like say Safari, is "open"?

marksmithhfx wrote: ↑

Mon Jul 04, 2022 9:46 am

PS do you happen to know of a way to detect if a specific application, like say Safari, is "open"?

Not off the top of my head. If you launch url "x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles//" no browser is opened, just the System Preferences window.

This article gives a few command line commands for macOS that return a list of open processes/apps. See https://macreports.com/how-to-tell-what ... -your-mac/ and scroll down.

I've not tried any of them, but I expect you could use shell() to get a list of open processes and then filter or search it for Safari.

marksmithhfx wrote: ↑

Mon Jul 04, 2022 9:46 am

PS do you happen to know of a way to detect if a specific application, like say Safari, is "open"?

AppleScript will help you do this (since your target OS is MacOS) - see the discussion on StackOverflow: https://stackoverflow.com/questions/142 ... pplescript

HTH
Stam

shell("top") will return a list of running processes.

paul@researchware.com wrote: ↑

Mon Jul 04, 2022 1:04 pm

This article gives a few command line commands for macOS that return a list of open processes/apps. See https://macreports.com/how-to-tell-what ... -your-mac/ and scroll down.

I've not tried any of them, but I expect you could use shell() to get a list of open processes and then filter or search it for Safari.

Thanks Paul. The command seems to look most promising because if Safari is "launched" it is using up some memory even if it is not currently using any cpu... so it reliably shows up in that list.

I tried thinking I might parse it after, but it hung LC. Any alternatives you can think of?

Mark

BTW, I also tried and had no better luck.

Mark

FourthWorld wrote: ↑

Mon Jul 04, 2022 5:47 pm

shell("top") will return a list of running processes.

Thanks Richard. LC 9.6.8 rc2 using assuming it goes into the it variable also hangs livecode. Is there an alternative I'm not thinking of?

Thanks
Mark

A correction. The above unix commands do not crash LC but they do block LC because they are non-terminating. I did manage to redirect the output at the terminal level to a text file and it just filled that to about 5 MB's in a few seconds. But, after a short course in Unix commands I did manage to hobble this together:
This produces a 2 col output after "1" iteration that is about 16k in size, and yes, Safari showed up, so mission accomplished.

All 11 columns are listed below (but not all rows), but -ncols can be used to trim this to just 2. BTW, if all columns are captured the resulting output is about 190k in size so trimming is worthwhile if you are directing this to a variable.
Thanks to all for the suggestions, it's been very useful. However this approach does take some time to execute... in my experience about .5 seconds on a MacBook Pro so I'll be on the hunt for something that takes a millisecond or two if possible.

But this is a solution so thank you, thank you, thank you.

Mark

I thought I would be clever and try this:
Now, Safari was NOT running but I still got "Yes" because

SafariBookmarksSyncAgent
com.apple.Safari.SafeBrowsing.Service and
SafariLaunchAgent

were running [which is a load of cack as I NEVER use Safari - so those things are merrily slurping RAM for no good reason].

HOWEVER:
the addition of a SPACE makes ALL the difference.

Just checked WITH & WITHOUT Safari running.

Fekking Apple:

am 'off' to try and prevent

SafariBookmarksSyncAgent
com.apple.Safari.SafeBrowsing.Service and
SafariLaunchAgent

running in the background.

AND 50,000 DropBox Finder Extensions!

richmond62 wrote: ↑

Tue Jul 05, 2022 1:01 pm

I thought I would be clever and try this:

Code: Select all

on mouseUp
   if (shell("top -o rsize -ncols 2 -l 1")) contains "safari" then
      put "Yes"
   else
      put "No"
      end if
end mouseUp

Richmond, well done!! That was my next task; to try and wrangle the output into something useful and here you've done it for me on a single line. Sheesh, the things I have yet to learn about LC. Anyway, I shall be stealing your solution, including the spaces trick

Mark