I have this apple script code that works fine from the Script Editor app:
tell application "Finder" to delete ((POSIX file "/Applications/Symantec Solutions/Symantec Endpoint Protection.app") as alias)
Now, I need to run that from my MDM solution (JAMF), so I'm trying to get it into a bash file as this:
osascript -e "tell application \"Finder\" to delete (POSIX file \"/Applications/Symantec Solutions/Symantec Endpoint Protection.app\") as alias"
but when run it from my editor (CodeRunner) it fails with: execution error: Not authorised to send Apple events to System Events. (-1743)
I think it's related with the Privacy Preferences Policy Control but I cannot make it work.
What I want to accomplish ultimately is that by running a script from my MDM I can get the same dialog that when I drag the app to the bin: "The application “Symantec Endpoint Protection” is hosting system extensions. These extensions will be removed if you continue." which I don't get if I just rm -rf the whole app.
Sorry if I can't be any clearer. Any clues?
Script Editor is (by default) authorized to apple events to other applications. If you want to run an AppleScript that controls other apps from some different context, you have to grant permission to that new context to control other apps. You do this by adding the controlling application to the 'Accessibility' section of System Preferences ➦ Security & Privacy ➦ Privacy.
This gets a bit dicy when you shift contexts a lot. For instance, you seem to be using CodeRunner to execute a shell script to execute OSAScript, which might get a security violation at any level. Try giving permissions to CodeRunner and see if that clears things up.
Thanks a lot Ted, that was the issue, having a lot of contexts chained. I had to tick Finder under CodeRunner in the Automation section of PPPC.
I had a very similar issue with a Python script executing AppleScript in CodeRunner. I just couldn't figure out how to manually add CodeRunner to the Automation section of Security & Privacy in System Preferences.
What ended up working for me, might work for others as well. I had to manually trigger the osascript command within CodeRunner, in order to get the prompt to allow CodeRunner to control Apple Events. Specifically System Events. I did that by creating a new shell script file in CodeRunner and running it.
#!/bin/bash
osascript -e 'tell App "System Events" to display dialog "Testing"'
Upon running that, I was prompted to allow CodeRunner to control System Events. For your particular issue, you'd just want to run the osascript command with AppleScript for Finder instead of System Events
osascript -e 'tell App "Finder to display dialog "Testing This"'
Since you're using an MDM, such as Jamf, you should be able to create a Privacy Preferences Policy Control (PPPC) configuration profile and deploy it to the Mac prior to running the script. You'd just want to ensure that Terminal has access to control Finder or System Events.
The PPPC Utility is a great app for creating those configuration profiles.
Related
I have an Automator Quick Action (QA) which calls a bash script to act on files within a specified folder. It works great when run inside Automator. But invoking the Quick Action from Finder by right clicking on the input folder does nothing with no errors or log files (as far as I can tell). screenshot of Automator code at link. My first bash code, and first question on stack-overflow - thanks to anyone in advance who might be able to assist. Apple silicon mackbook pro; running Mac OS 12.4.
Additional Info: The QA gets a selected folder and passes it to the bash shell script via "$a" argument. The selected folder will contain text files (.SRT) and movie files (.MP4). The bash script does some text parsing and passes on arguments to the Exiftool program which adds GPS metadata to the movie files.
Workaround found: I was able to import the automator workflow into the Mac OS Shortcuts App and the automation ran successfully via a menu bar command on my Mac.
I had the same issue for a long time trying to invoke a python program from bash shell script using quick action. It runs with no error in the editor and would run only if I left the workflow open all of the time in Automator. I eventually stumbled across a permission issue with Automator itself. I hope this could help you maybe?:
1 - Go "System Preferences -> Security & Privacy -> Privacy"
2 - Select "Accessibility" from the left-hand menu.
3 - Unlock to make changes, if necessary, then click the "+" sign at the bottom of the right-hand menu.
4 - Add "Automator" as a trusted app.
Hope it helps!
I'd like to close a specific Xcode project from the command line without closing any other projects (so I can't just use kill). Applescript is problematic in Catalina because of additional permissions needed. Is there any other way to do what I want?
If you want to use the Terminal to control other apps via AppleScript, you must give permission. But this is not difficult, because the system will prompt for the needed permission if you have not given it already.
For example, I just said
$ osascript -e 'tell app "Finder" to close window 1'
and I saw this dialog:
I clicked OK and the window closed, as ordered. No problem. So you'd see something like that for Xcode, you'd grant permission, and that would be that. The permission is recorded in the Security & Privacy pref pane under Automation.
If you prefer to pass thru System Events, the permission is recorded under Accessibility. Note that that is a permission you can grant in advance. But you still need to go thru the dialog so you can give Terminal permission to talk to System Events.
If you deny access in the dialog and you want to be asked again, use tccutil to reset the database. Good discussion here: https://apple.stackexchange.com/questions/384230/how-do-i-reset-screen-recording-permission-on-macos-catalina
I wrote a shell script that I'm distributing to my friends. On my computer, it works great, because I set the default application for shell scripts to be Terminal. However, when my friends open it, the script opens in TextEdit. Is there a way to add an argument to the shell script before it launches so it opens in Terminal instead of a text editor?
Thanks
PS, I did chmod a+x to the file. I also made sure to add #!/bin/sh to the script. I've also been testing with using the extensions .command, .cmd, and .tool. That would solve my problem except then Gatekeeper won't let the script run because I'm not a registered Apple Developer.
If there were a way to make double-clicking a file run it, then that would be the sort of security hole that Gatekeeper is designed to prevent. So, Apple has plugged any such holes they can think of.
Send the file to your friends as a .command file and tell them to right-click or Control-click on it and choose Open. This will change the Gatekeeper dialog to a warning, but with an "Open" button to let them go ahead and open it anyway. The system will prompt them for an administrator password to record the grant of permission in a permanent way. They'll be able to open with a simple double-click from then on.
My (sandboxed) OSX application is trying to launch biber (a bibliography tool for LaTeX). However it fails to launch and I get the following message saying that the application has marked biber as quarantined in Console.App.
25/03/2013 16:44:15.000 kernel[0]: exec of /private/var/folders/s1/70f5my9n6wq0_kk7bcxjslhh0000gn/T/com.abc.XYZ/par-64756e63616e737465656c65/cache-ef42c8d5d44e40bdd24828b0ae70de275e379c88/biber denied since it was quarantined by XYZ and not approved by Gatekeeper, qtn-flags was 0x00000002
This does not happen with any of the other binaries invoked by the application.
This application has an active SSB for the whole harddrive so there are no issues launching, or accessing, external files.
Why and how am I marking that file as quarantined, and how to I remove the quarantine so that it can execute? Thanks for your help.
EDIT If it helps, the contents of that directory are
biber
libperl.dylib
running ls -l#eOd shows them both to have the attribute com.apple.quarantine, however I'm not sure what copied them into that directory, or how they gained that flag. The original copies are not quarantined.
Looks like this 'biber' is not an application download from Mac App Store or identified developers (with Apple Developer ID). So you must manually allow its launch.
Usually there are three ways to do this:
Right click on application and click "Open" from the context menu. There will be a warning, just click "Open". OSX will remember your choice and next time it will open.
You can change Gatekeeper's settings: "System Preferences" -> "Security & Privacy" -> "General" tab. Unlock to make changes. Choose "Anywhere" in the "Allow applications downloaded from" section. Note: it decreases security and there will be a warning about it with the proposal to use first solution.
Remove 'quarantine attribute' from the app. In terminal run command: xattr -d com.apple.quarantine <your_app>
I prefer the last solution. All solutions are for the applications, but I think will also work for the utility.
Say I have two applications running; App A and App B. What would be the easiest way (or indeed is there anyway) to get App B to close automatically when App A is closed? Note that neither of the apps in question have been developed by me and so I have no control over their internal behaviour.
I am open to any suggestions including those that entail the use of Applescript, Automator, Terminal commands and BASH scripting. I would even consider developing a lightweight Mac OS X application to achieve this.
If you don't need B to exit immediately - if it's OK to wait a few seconds - then you could schedule a periodic background task (using cron or even just iCal) that does something like this:
if not exists (processes where name is A)
tell application B to quit
end if
Another option, if you want an immediate response, would be to wrap App A in a script that launches it, waits for it to terminate, and then terminates B (osascript -e "tell application B to quit"). Then you could just always use that script to launch A.
You could even insert the script into the application bundle so that double-clicking runs your script. You would do this by doing "show package contents" on the application, replacing the <CFBundleExecutable> in <app>\Contents\info.plist with your script name, and dropping that script into <app>\Contents\MacOS. Then have the script just run the executable that is already there.
Fantastic question. I spent about 10 minutes looking for an old project where I had registered for notifications for when applications quit but couldn't easily find my code. But I did find a potential alternative for you.
If you download Apple's AppList sample code project, you'll see that it is observing the list of NSRunningApplications and when an app quits, it removes that app from the list of running apps in the window. You can take the technique they're using there and when you detect your "application A" quits, you can send a "quit" Apple Event to "application B".
Since you are running Lion, you can use a Cocoa-AppleScript to access Cocoa methods to add your application as an observer, getting notifications when applications quit.
For example, create a new application from the AppleScript Editor > File > New from Template > Cocoa-AppleScript applet. In the run handler, add the application as an observer to get notifications when an application quits:
set theNotice to current application's NSWorkspaceDidTerminateApplicationNotification
tell current application's NSWorkspace's sharedWorkspace's notificationCenter
addObserver_selector_name_object_(me, "appQuitNotification:", theNotice, missing value)
end tell
Next, add an appQuitNotification handler (this is the handler selector specified in addObserver_selector_name_object_ above), something like:
on appQuitNotification_(aNotification) -- an application quit
-- aNotification's userInfo record contains an NSRunningApplication instance that we can get properties from
set theApplication to (aNotification's userInfo's NSWorkspaceApplicationKey's localizedName()) as text
say "application " & theApplication & " quit" -- for testing
if theApplication is "this" then tell application "that" to quit -- or whatever
end appQuitNotification_
...and you are done. As long as your application is running, it will get notifications from the system when an application quits. Note that these Cocoa-AppleScript applications can't be run directly from the script editor, so they can be a bit of a pain to debug since there is no event log to look at - you will need to add your own dialogs or whatever.