I try to use SMJobBless function to authenticate for my application can do write on /Library/Fonts but not working,
if (![self blessHelperWithLabel:#"com.apple.bsd.SMJobBlessHelper" error:&error]) {
NSLog(#"Something went wrong! %# / %d", [error domain], (int) [error code]);
} else {
//Access to this point.
/* At this point, the job is available. However, this is a very
* simple sample, and there is no IPC infrastructure set up to
* make it launch-on-demand. You would normally achieve this by
* using XPC (via a MachServices dictionary in your launchd.plist).
*/
NSLog(#"Job is available!");
bool result = false;
result = [[NSFileManager defaultManager] isWritableFileAtPath:#"/Library/Fonts"];
[self->_textField setHidden:false];
}
My application printed "Job is available" but when i check authorities write on /Library/Fonts, result is false
Please tell me reason and resolve it.
The idea of SMJobBless is that privileged functionality is separated from the main application and run in a helper application.
Therefore, in the case of your example code, you're just using the helper app to test authentication, when in actuality, you should be doing the privileged task of checking if the path is writable from the helper app, as the helper app is provided with the privileged access.
Then if you're going to write to the fonts folder, the privileged helper app should do that, not your main application.
Related
I'm kind of getting some more understanding with basic SwiftUI but now I wanted to extend my application to actually do some stuff regarding system components for me. Basically I want to run an AppleScript from inside my app which creates a signature in Mac Mail. The script itself is pretty simple:
// Generates a signature in Mac Mail
tell application "Mail"
set newSig to make new signature with properties {name:"The Signature Name"}
set content of newSig to "My New Signature Content"
end tell
I have created a view with a button which should execute the script:
import SwiftUI
struct SomeView: View {
#State var status = ""
var body: some View {
VStack(alignment: .center) {
Button(action: {
let source = """
tell application \"Mail\"
set newSig to make new signature with properties {name: \"The Signature Name\"}
set content of newSig to \"My New Signature Content\"
end tell
"""
var error: NSDictionary?
if let scriptObject = NSAppleScript(source: source) {
if let output: NSAppleEventDescriptor = scriptObject.executeAndReturnError(&error) {
self.status = output.stringValue ?? "some default"
} else if (error != nil) {
self.status = "error: \(error)"
}
}
}) {
Text("Generate").font(.callout)
}
Text("\(self.status)")
}
}
}
struct SomeView_Previews: PreviewProvider {
static var previews: some View {
SomeView()
}
}
Everything executes but I get the error
AppleScript run error = {
NSAppleScriptErrorAppName = Mail;
NSAppleScriptErrorBriefMessage = "Application isn\U2019t running.";
NSAppleScriptErrorMessage = "Mail got an error: Application isn\U2019t running.";
NSAppleScriptErrorNumber = "-600";
NSAppleScriptErrorRange = "NSRange: {0, 0}";
}
After some research i found this article which describes the problem quite well. Apparently this error is because the app is running in a sandbox and within the sandbox Mail is indeed not running. I kind of get Apple's idea not to let applications do whatever they want without the user's consent...
Anyway, unfortunately this article describes the solution using Objective C and this is something I have even less of a clue than SwiftUI.
Can anybody tell me how to run (or copy my script.scpt file to the accessible library folder and the run) a script from within a SwitUI View? This would be so much help!
Thanks!!!
I have played around quite a bit with this manner and after having numerous discussions and trial & errors on that subject, I want to present 2 solutions (until now it seems that these are the only possible solutions for a sandboxed application).
First of all, if you don't consider to distribute your app on the App Store, you can forget about the following, since you just have to deactivate the Sandbox and you are basically free to do whatever you want!
In case your planning to distribute a Sandboxed App, the only way of running a script and interacting with other apps on the user's system is to run a script file from the Application Script folder. This folder is a designated folder in the user library structure: /Users/thisUser/Library/Application Scripts/com.developerName.appName/. Whatever script goes in here you have the right to run from your application appName.
You basically have two options to get your script file into that folder:
Option 1 - Install the Script File
This is (in my opinion) clearly the option you should go for if your script is static (does not require any additional user data from your application). All you have to do is
Select the project (1)
click on Build Phases (2)
add the Copy Files setting (if not already present)
choose the script file location in your app (singing might be a good option when distributing via AppStore)
add the Application Script folder of your application to the destination. Therefore, choose Absolute Path and enter Users/$USER/Library/Application Scripts/$PRODUCT_BUNDLE_IDENTIFIER in the Path field.
You can also select the Copy only when installing option if your script is entirely static but in case you have changes on the script when the application is closed and reopened and you want to update the script, leave this option blank (I have not tested this!).
After this is done you can execute the script via NSUserScriptTask. A more detailed description of how you could implement this is given here.
Option 2 - Giving access to the folder and copy the file on demand
This is certainly the solution when your script file updates dynamically according to e.g. user inputs. Unfortunately, this is a bit of a hassle and does not have (in my opinion) satisfying solutions. To do so, you will have to grant access to the folder (in this case Application Scripts/). This is done via NSOpenPanel. A really good tutorial how to implement this is given here.
Per default you will have read permission to that folder only. Since you are trying to copy a file into that folder you will have to change that to read/write in your Capabilities as well.
I hope this will help some people to "shine some light into the dark"! For me this was quite a bit of a journey since there is only very little information out there.
from OS X 10.11 and iOS 9.0 Apple provided this framework Contacts:
https://developer.apple.com/library/prerelease/mac/documentation/Contacts/Reference/Contacts_Framework/index.html#//apple_ref/doc/uid/TP40015328
and I would like to access contacts from Mac, but I cannot do anything, because the app does not have access to contacts:
switch CNContactStore.authorizationStatusForEntityType(.Contacts) {
case .Authorized:
print("Authorized")
NSUserDefaults.standardUserDefaults().setBool(true, forKey: "contactsAllowed")
case .Denied:
print("Denied")
NSUserDefaults.standardUserDefaults().setBool(false, forKey: "contactsAllowed")
case .NotDetermined:
print("Not Determined")
case .Restricted:
print("Restricted")
}
The app never prompts to allow access to contacts, neither can I select it in System Preferences (it does not show up).
Has anyone any idea how to acccess them on Mac (on iOS it works well)?
Any call to instance of CNContactStore should trigger request. If not try
Reboot (actually this helped me; I was granted access)
Turn on sandboxing
Resetprivacy settings "sudo tccutil reset AddressBook"
Call it on main thread
Instance of CNContactStore call:
[[CNContactStore alloc] init];
Privacy
Users can grant or deny access to contact data on a per-application
basis. Any call to CNContactStore will block the application while the
user is being asked to grant or deny access. Note that the user is
prompted only the first time access is requested; any subsequent
CNContactStore calls use the existing permissions. To avoid having
your app’s UI main thread block for this access, you can use either
the asynchronous method [CNContactStore
requestAccessForEntityType:CNEntityTypeContacts completionHandler:] or
dispatch your CNContactStore usage to a background thread.
Are you trying this from the playground? This won't work.
Try this method in your project:
func getContactImage(name:String) -> NSImage?
{
let store = CNContactStore()
do
{
let contacts = try store.unifiedContactsMatchingPredicate(CNContact.predicateForContactsMatchingName(name), keysToFetch:[CNContactImageDataKey])
if contacts.count > 0
{
if let image = contact[0].imageData
{
return NSImage.init(data: image)
}
}
}
catch
{
}
return nil
}
Anyway your question led me on the path to find a way to get the contacts image, so thanks for that.
Two iOS: AppA and AppB
Both Apps are created by me and I would like to share one single file between both of the apps.
i.e. AppA launches on deviceA and the User saves data on fileA. Later the User launches AppB on the same (deviceA) and also saves data on fileA. Both apps are saving data on the same file.
I'm aware that I can use NSUserDefaults and share Keychain between apps, but that's not what I'm looking for.
I read up on document extensions provider and app groups, but I'm confused if I can use these for this scenario? Or is there any other way to accomplish this?
You can do it using Application Group Container Directory:
NSFileManager *fm = [NSFileManager defaultManager];
NSString *appGroupName = #"Z123456789.com.example.app-group"; /* For example */
NSURL *groupContainerURL = [fm containerURLForSecurityApplicationGroupIdentifier:appGroupName];
NSError* theError = nil;
if (![fm createDirectoryAtURL: groupContainerURL withIntermediateDirectories:YES attributes:nil error:&theError]) {
// Handle the error.
}
You could just upload the files after saving to your server and make both apps request updates for the file whenever they are launched.
Hope that helps :)
Is it possible to communicate with a launch daemon running as root and an application over XPC? When my daemon is running as my user I can communicate with it fine, when run as root it stops receiving my messages. Is this intended security inside Mac OS X?
I need to use low level xpc (for running on Lion as well). I know I can create a priviliged and signed helper tool that is running as root for my app. Will I be able to communicate with it with another process as well over XPC or sockets?
Thanks!
Small extract from my daemon code:
int main()
{
Logger::Start(Poco::Path::expand("/Users/Shared/Me/Service.log"));
Logger::LogInfo("Starting xpc_main...");
void* observer = nullptr;
CFStringRef observedObject = CFSTR("com.me.service.close");
CFNotificationCenterRef center = CFNotificationCenterGetDistributedCenter();
CFNotificationCenterAddObserver(center, observer, notificationCallback, CFSTR("ClientClosing"), observedObject, CFNotificationSuspensionBehaviorDeliverImmediately);
xpc_connection_t listener = xpc_connection_create_mach_service("com.me.service", NULL, XPC_CONNECTION_MACH_SERVICE_LISTENER);
xpc_connection_set_event_handler(listener, ^(xpc_object_t event)
{
// New connections arrive here. You may safely cast to
// xpc_connection_t. You will never receive messages here.
// The semantics of this handler are similar to those of
// of the one given to xpc_main().
Logger::LogInfo("Event Handler on listener is called");
eventHandler((xpc_connection_t)event);
});
Logger::LogInfo("call xpc_connection_resume...");
xpc_connection_resume(listener);
CFRunLoopRun();
Logger::LogInfo("Main Program is Exiting...");
return 0;
}
The problem is that CFNotificationCenterGetDistributedCenter works only on the same user, root user will not send message to other logged in users..
You'll need to switch to CFNotificationCenterGetDarwinNotifyCenter.
Please note however, that you can't pass any data using this center.
I cannot seem to locate any documentation on this, so hopefully someone can confirm the behavior I am seeing with Apple's sample SMJobBless code.
I was under the impression that it would only ask for an admin password if it detected a that a new version of the helper tool needed to be installed.
However, this impression is apparently incorrect.
The behavior I am seeing under 10.6 is that if I launch the app for the first time, it will ask for the password. If I launch almost immediately, it won't. However, if I wait a long enough time, it will ask for the password again. During all of this, the helper tool does not change.
Can anyone point to documentation that defines this as the correct behavior?
If anyone is interested, this (probably) turned out to be a bug and one has been filed. rdar://10280469
The way the system currently works is that it will ask for an admin password every time regardless of whether or not the SMJobBless function needs to install the helper tool or not. The bug is (probably) that a admin password request should not be made if the helper tool does not need to be installed (for example, it is already installed and has the same version as the one in the app bundle).
So, what this means is that the determination of whether or not the helper tool needs to be installed needs to be made before a call to SMJobBless and SMJobBless should only be called if it is already known the helper tool needs to be installed.
In my case, I only need to check whether the tool is installed (SMJobCopyDictionary handles this) and, if the tool is installed, whether or not it's version is older then the version of the tool in my app bundle.
Some (incomplete) code to check whether the tool is installed and what the versions are is below.
There is another alternative to do a version check of the helper tool which is for the helper tool to receive a request for it's version and for it to send a version reply back. Personally, I like the method below, but wanted to mention this alternative as it may be the best path in some situations.
NSDictionary* installedHelperJobData;
installedHelperJobData = (NSDictionary*)SMJobCopyDictionary( kSMDomainSystemLaunchd, (CFStringRef)#"com.apple.bsd.SMJobBlessHelper" );
NSString* installedPath = [[installedHelperJobData objectForKey:#"ProgramArguments"] objectAtIndex:0];
NSURL* installedPathURL = [NSURL fileURLWithPath:installedPath];
NSDictionary* installedInfoPlist = (NSDictionary*)CFBundleCopyInfoDictionaryForURL( (CFURLRef)installedPathURL );
NSString* installedBundleVersion = [installedInfoPlist objectForKey:#"CFBundleVersion"];
NSInteger installedVersion = [installedBundleVersion integerValue];
NSLog( #"installedVersion: %ld", (long)installedVersion );
NSBundle* appBundle = [NSBundle mainBundle];
NSURL* appBundleURL = [appBundle bundleURL];
NSURL* currentHelperToolURL = [appBundleURL URLByAppendingPathComponent:#"Contents/Library/LaunchServices/com.apple.bsd.SMJobBlessHelper"];
NSDictionary* currentInfoPlist = (NSDictionary*)CFBundleCopyInfoDictionaryForURL( (CFURLRef)currentHelperToolURL );
NSString* currentBundleVersion = [currentInfoPlist objectForKey:#"CFBundleVersion"];
NSInteger currentVersion = [currentBundleVersion integerValue];
NSLog( #"currentVersion: %ld", (long)currentVersion );