Catalina Entitlements or Permissions (was Possible Catalina problem)

Paul Dupuis paul at researchware.com
Mon Jun 15 07:55:20 EDT 2020


We're having some macOS Catalina permissions/entitlements issues

We have applications that we deliver for Catalina where the application 
(LiveCode standalone) is code-signed. It is then packaged in an 
installers (LiveCode standalone) and the installer is code signed. That 
is then placed in a DMG, which is code-signed, notarized, and stapled.

This has worked for us since October when Catalina was released.

It still works, except sometimes, after successful downloading and 
installation, when the applications is first launched, Catalina does not 
ask for the permissions the Application needs. Instead certain handler 
throw an execution error. The handlers that produce the errors on 
startup when Catalina fails to ask for permissions have the following in 
common:

The set the defaultFolder to folders such as:

/Library/PreferencePanes
/Users/<username>/Library/Preferences -- this is using the code: the 
home folder & "/Library/PreferencePanes/"
or
/private/var/folders/fj/0llnt4vs44vfzy4r97k_wngc0000gp/T/TemporaryItems 
-- this is 'the temporary folder' on Mojave or Catalina. On Mavericks 
and earlier teh temporaty folder was 
/Users/<USER>/Library/Caches/TemporaryItems

After setting the defaultFolder, the code gets 'the files' or 'the 
folders' and fails (actually we've not pinned down whether it fails on 
set the defaultFolder OR on the call to 'the files/folders')

Going to Apple (menu) > System Preferences (menu item) > Security & 
Privacy (control) > Privacy (tab) and selecting Full Disk Access and 
adding our applications prevents these errors from occuring.

The issue is clearly with Catalina failing to detect and ask for the 
correct permissions. This is a known issue a number of developers have 
run into. See https://forums.developer.apple.com/thread/125438 as one 
example where an Apple support person admits that detecting what 
permissions a process is requesting that is tied back to your user 
visible app (something Apple calls 'responsibility tracking') is really 
hard.

For iOS and Android, you can specify entitlements or requested 
permissions in the Standalone Builder Settings. How do you do this for 
macOS Catalina?

Does anyone know if there is a way to specify entitlements for a macOS 
desktop app built in LiveCode? I have been googling and googling and can 
seem to find anything. I found one discussion on stackExchange that seem 
to imply that the PLIST file could be edited to specify entitlements. I 
have tried the Apple Developer site, but SO MUCH of it is orient towards 
people with lots of Apple Developer experience and focuses of C and 
SWIFT and Apple specific technologies I don't understand.

I can edit the XML in a PLIST file in the standalone bundle IF I only 
knew what to add?





More information about the use-livecode mailing list