Reset location permission for app in development - xcode

I am building an app in Xcode that uses Core Location. On first run the app asks the user for permission. I want to revoke this permission to trigger the flow anew.
I cannot find my app in the list of apps under Settings / Location Services.

It's odd that your app isn't in Security & Privacy->Location Services. I don't have an answer to that.
If you do uncheck the permission in that pane, though, you won't start the flow anew. Instead you'll be simulating a rejection of permission (user denied the permission request).
The tccutil command line program ought to be able to manipulate those settings. But I tried tccutil reset All on my machine and it didn't affect Location privacy.
It looks like the property list at /var/db/locationd/clients.plist has the authorized applications. So you might be able to edit that file with the plutil command line tool to remove your application. Or just make a copy, edit with Xcode to remove your application, and swap in that copy for testing.
sudo bash
plutil -p /var/db/locationd/clients.plist

Related

How can I close a specific Xcode project, from the command line, without Applescript?

I'd like to close a specific Xcode project from the command line without closing any other projects (so I can't just use kill). Applescript is problematic in Catalina because of additional permissions needed. Is there any other way to do what I want?
If you want to use the Terminal to control other apps via AppleScript, you must give permission. But this is not difficult, because the system will prompt for the needed permission if you have not given it already.
For example, I just said
$ osascript -e 'tell app "Finder" to close window 1'
and I saw this dialog:
I clicked OK and the window closed, as ordered. No problem. So you'd see something like that for Xcode, you'd grant permission, and that would be that. The permission is recorded in the Security & Privacy pref pane under Automation.
If you prefer to pass thru System Events, the permission is recorded under Accessibility. Note that that is a permission you can grant in advance. But you still need to go thru the dialog so you can give Terminal permission to talk to System Events.
If you deny access in the dialog and you want to be asked again, use tccutil to reset the database. Good discussion here: https://apple.stackexchange.com/questions/384230/how-do-i-reset-screen-recording-permission-on-macos-catalina

How do I have multiple windows users (non-admins) modify and save the same setting(s)?

Apologies if this is a really simple question...
We have a .NET application that is installed by an administrator, and then run by multiple staff on the same computer with their own login credentials (normal user - non-admin).
Application uses MSI installer and is installed to Program Files folder.
The application needs to have some settings about attached devices to the computer saved as preferences so when a user opens the app these settings are set and the user is not asked for preferences each time. These preferences should not be set per user, rather per computer.
However if user A changes one of these settings on the computer, then when user B logs in they should see the changed setting from user A.
Hence the settings need to be per computer, not per user.
Where in windows 7,8,10 etc. can an application save data that is computer specific not user specific, yet allow users without admin rights to change that data?
We have looked at system temp folder but the computers have GPO policy to regularly remove temp folder content.
Any other ideas?
It takes administrator rights to change the permissions on a registry key inside HKLM, but once that's done, anyone in the group given permission can make modifications.
Obviously don't change permissions on any of the standard keys (e.g. HKLM\Software or HKLM\Classes) but in your own application area (HKLM\Software\YouCorp\YouApp\Attached Devices) it's perfectly fine to adjust permissions the way you like.
You'll just have to include "grant write permission on HKLM\Software\YouCorp\YouApp\Attached Devices to the group Users" as one of the actions of your installer.
If you are allergic to the registry, you can do the same with a subdirectory of your application install (e.g. %ProgramFiles%\YouCorp\YouApp\Device Settings)
Given you are using a .Net application, you could store the information in the app.config file associated with the application.

How to grant control from applescript over Finder?

I have applications (in JAVA) that send files to Trash.
This is done by osascript; on one account this works, on another it fails.
Obviously the first account lacks permissions to control Finder, which seems to do the hard work. How do I grant this permission in System Preferences, as I do not see any difference between those accounts in the Privacy list.
;JOOP!
it seems that the terminal command
tccutil reset All
is the only way. Of course this is followed by several requests from the system to grant all kinds of privileges, but at least it gives back control to you.
Greetings. ;JOOP!

Mac App Sandbox testing - how remove existing folder access permissions

I'm currently adding Sandboxing support to my app.
Having give permission to my app to access a folder (by dragging it onto my Window) and I would now like to revoke that permission so that I can retest what happens before that permission is given.
How can I do that?
I'm not yet using URL bookmarks, and yet the permission persists across restarts of the application. I don't know if this is because it's a folder rather than a file?
Before you change the permissions of file or folder, you must store the current one for later use. I have never seen a method or system-call to restore previous permissions after a change.

Authorize a non-admin developer in Xcode / Mac OS

I use a standard user account for my daily tasks on Mac OS. Since upgrading to Snow Leopard I am asked to do the following when a program is run from within Xcode:
"Type the name and password of a user in the 'Developer Tools' group to allow Developer Tools Access to make changes"
While I know the admin username/password, this is annoying (though only required once per login).
The developer tools access is asking for rights to "system.privilege.taskport.debug" from application gdb-i386-apple-darwin.
What is the best way around this?
You need to add your macOS user name to the _developer group. See the posts in this thread for more information. The following command should do the trick:
sudo dscl . append /Groups/_developer GroupMembership <username>
Finally, I was able to get rid of it using DevToolsSecurity -enable on Terminal.
Thanks to #joar_at_work!
FYI: I'm on Xcode 4.3, and pressed the disable button when it launched for the first time, don't ask why, just assume my dog made me do it :)
$ dseditgroup -o edit -u <adminusername> -t user -a <developerusername> _developer
You should add yourself to the Developer Tools group. The general syntax for adding a user to a group in OS X is as follows:
sudo dscl . append /Groups/<group> GroupMembership <username>
I believe the name for the DevTools group is _developer.
Ned Deily's solution works perfectly fine, provided your user is allowed to sudo.
If he's not, you can su to an admin account, then use his dscl . append /Groups/_developer GroupMembership $user, where $user is the username.
However, I mistakenly thought it did not because I wrongly typed in the user's name in the command and it silently fails.
Therefore, after entering this command, you should proof-check it.
This will check if $user is in $group, where the variables represent respectively the user name and the group name.
dsmemberutil checkmembership -U $user -G $group
This command will either print the message user is not a member of the group or user is a member of the group.
Answer suggested by #Stacy Simpson:
We are struggling with the issue described in these threads and none of the resolutions seem to work:
Stop "developer tools access needs to take control of another process for debugging to continue" alert
Authorize a non-admin developer in Xcode / Mac OS
As I'm new to SO, I cannot post in either thread. (The first one is actually closed and I disagree with the localization reasoning...)
Anyway, we created a work-around using AppleScript that folks may be interested in. The script below should be executed asynchronously prior to launching your automated test:
osascript <script name> <password> &
Here is the script:
on run argv
# Delay for 10 seconds as this script runs asynchronously to the automation process and is kicked off first.
delay 10
# Inspect all running processes
tell application "System Events"
set ProcessList to name of every process
# Determine if authentication is being requested
if "SecurityAgent" is in ProcessList then
# Bring this dialogue to the front
tell application "SecurityAgent" to activate
# Enter provided password
keystroke item 1 of argv
keystroke return
end if
end tell
end run
Probably not very secure, but it's the best work-around we've come up with to allow tests to run without requiring user intervention.
Hopefully, I can get enough points to post the answer; or, someone can unprotect this question. Regards.
For me, I found the suggestion in the following thread helped:
Stop "developer tools access needs to take control of another process for debugging to continue" alert
It suggested running the following command in the Terminal application:
sudo /usr/sbin/DevToolsSecurity --enable
Here is a better solution from
Mac OS X wants to use system keychain when compiling the project
Open Keychain Access.
In the top-left corner, unlock the keychain (if it is locked).
Choose the System keychain from the top-left corner.
Find your distribution certificate and click the disclosure triangle.
Double-click ‘Private key’ under your distribution certificate.
In the popup, go to the Access Control tab.
Select ‘Allow all applications to access this item’.
Save the changes.
Close all windows.
Run the application.
I am on Snow Leopard and this one didn't quite work for me. But the following procedure worked:
First added another account with admin privileges by ticking "Allow user to administer this computer" under Accounts, for example an account with username test
Logged into the test account
Launched Xcode, compiled and ran my iPhone project. All ok, no errors were thrown related to permissions
Logged out of the test account
Logged in with the another account having admin privileges
Took away the admin priviliges from the test account by removing the tick from "Allow user to administer this computer" under Accounts
Logged back into the test account
Deleted the iPhone project directory and again checked out from the repository (in my case svn)
Launched Xcode, compiled and ran the project. I didn't get any errors and the App ran well in the iPhone Simulator.
After you run:
sudo dscl . append /Groups/_developer GroupMembership <username>
per the answer above, you may still get prompted to enter in your own password:
We need authorization from an admin user to run the debugger.
This will only happen once per login session.
What it really means is any _developer groupmember user so just your non-admin user/password will work here but to get rid of it completely (no prompts after a reboot) you'll also need to run:
sudo DevToolsSecurity -enable
(running it with sudo as an admin user/as root will make it so you can do it remotely without a gui password prompt)

Resources