Catalina Entitlements or Permissions (was Possible Catalina problem)

Paul Dupuis paul at researchware.com
Tue Jun 16 18:28:50 EDT 2020 

Hi Panos,

Thank you very much. The discussion in the bug entry answered  lot of my 
questions. I have one last thing I hope you or someone can point me two, 
which is a list of Apple macOS "entitlements"

 From the bug entry I see:

	<key>com.apple.security.device.audio-input</key>
	<true/>
	<key>com.apple.security.device.camera</key>
	<true/>

I need to figure out the ones for email access, finder integration 
(drag/drop), internet access, and disk access.

We've seen Catalina ask the user for:

 1. HyperRESEARCH requests access to the Internet (if Apple Firewall is
    turned on). - We assume this is because out app needs to check for
    new versions and updates and for license management.
 2. HyperRESEARCH requests access to the "Finder". - We assume this is
    to receive AppleEvents (system messages) if a Study file is double
    clicked or dragged and dropped on HyperRESEARCH to open the Study.
 3. HyperRESEARCH requests access to your "Contacts". We assume this is
    for access to send an email for an error report if an error occurs.
    Our App does not accessing any names or addresses.

I have tried Google for macOS or Catalina and entitlements but all I 
seem to be able to find is articles from the user's perspective, not 
developers information.




On 6/15/2020 12:21 PM, panagiotis merakos via use-livecode wrote:
> Hello Paul,
>
> I guess you can sign the standalone mac app with entitlements, i.e. use a
> file that will contain all the necessary entitlements, and include it in
> the params passed to the codesign command. See this report for more details:
>
> https://quality.livecode.com/show_bug.cgi?id=22660
>
> Kind regards,
> Panos
> --
>
> On Mon, 15 Jun 2020 at 14:56, Paul Dupuis via use-livecode <
> use-livecode at lists.runrev.com> wrote:
>
>> We're having some macOS Catalina permissions/entitlements issues
>>
>> We have applications that we deliver for Catalina where the application
>> (LiveCode standalone) is code-signed. It is then packaged in an
>> installers (LiveCode standalone) and the installer is code signed. That
>> is then placed in a DMG, which is code-signed, notarized, and stapled.
>>
>> This has worked for us since October when Catalina was released.
>>
>> It still works, except sometimes, after successful downloading and
>> installation, when the applications is first launched, Catalina does not
>> ask for the permissions the Application needs. Instead certain handler
>> throw an execution error. The handlers that produce the errors on
>> startup when Catalina fails to ask for permissions have the following in
>> common:
>>
>> The set the defaultFolder to folders such as:
>>
>> /Library/PreferencePanes
>> /Users/<username>/Library/Preferences -- this is using the code: the
>> home folder & "/Library/PreferencePanes/"
>> or
>> /private/var/folders/fj/0llnt4vs44vfzy4r97k_wngc0000gp/T/TemporaryItems
>> -- this is 'the temporary folder' on Mojave or Catalina. On Mavericks
>> and earlier teh temporaty folder was
>> /Users/<USER>/Library/Caches/TemporaryItems
>>
>> After setting the defaultFolder, the code gets 'the files' or 'the
>> folders' and fails (actually we've not pinned down whether it fails on
>> set the defaultFolder OR on the call to 'the files/folders')
>>
>> Going to Apple (menu) > System Preferences (menu item) > Security &
>> Privacy (control) > Privacy (tab) and selecting Full Disk Access and
>> adding our applications prevents these errors from occuring.
>>
>> The issue is clearly with Catalina failing to detect and ask for the
>> correct permissions. This is a known issue a number of developers have
>> run into. See https://forums.developer.apple.com/thread/125438 as one
>> example where an Apple support person admits that detecting what
>> permissions a process is requesting that is tied back to your user
>> visible app (something Apple calls 'responsibility tracking') is really
>> hard.
>>
>> For iOS and Android, you can specify entitlements or requested
>> permissions in the Standalone Builder Settings. How do you do this for
>> macOS Catalina?
>>
>> Does anyone know if there is a way to specify entitlements for a macOS
>> desktop app built in LiveCode? I have been googling and googling and can
>> seem to find anything. I found one discussion on stackExchange that seem
>> to imply that the PLIST file could be edited to specify entitlements. I
>> have tried the Apple Developer site, but SO MUCH of it is orient towards
>> people with lots of Apple Developer experience and focuses of C and
>> SWIFT and Apple specific technologies I don't understand.
>>
>> I can edit the XML in a PLIST file in the standalone bundle IF I only
>> knew what to add?
>>
>>
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

More information about the use-livecode mailing list