Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: KiyoshiYamazaki
KiyoshiYamazaki Author
User level: Level 1
12 points

Applications started from launchd on macOS Catalina cannot access files

Hi, I'm developing a command line tool that periodically checks the contents of removable disks.This program is automatically executed using launchd in order to run at OS startup.

It worked fine until macOS 10.14, but an access error occurred in 10.15.


Error:

Sandbox: dirtest(4673) System Policy: deny(1) file-read-data /Volumes/USB HDD


If this program is executed directly from the terminal, no access error will occur.


Question:

Why can't a program started from launchd have file access to a removable disk?

Is there a better solution?


Supplementary information:

This program allows access to Removable Volumes in the Security & Privacy system settings.

However, the access right seems to be invalidated when started from launchd.




A simple program to reproduce this problem:


Here's the *.plist file:


And here's the startup script:

MacBook Pro 15", OS X 10.11

Posted on Oct 20, 2019 6:59 AM

Reply

Similar questions

3 replies
User profile for user: KiyoshiYamazaki
KiyoshiYamazaki Author
User level: Level 1
12 points

Oct 22, 2019 6:32 PM in response to Barney-15E

HI, Thank you for your reply.


>See the section about Launch Daemons and Agents in the release notes


I confirmed this, but I have a question for you.


In the explanation of the release notes, it was written as follows.


The following launchd property list keys are affected: KeepAlive, PathState, QueueDirectories, Sockets, SockPathName, StandardErrorPath, StandardInPath, StandardOutPath, and WatchPaths.


My plist does not use these keys.

Can you specifically point out which key needs to be modified and how?

Reply
User profile for user: Barney-15E
Barney-15E
User level: Level 10
112,668 points

Oct 22, 2019 7:08 PM in response to KiyoshiYamazaki

I don’t think that list has anything to do with the underlying protection scheme.

As I read that, processes spawned under launchd at startup are prevented from accessing user data.


I would say you need to write a launch agent that runs at login (as the user), and asks for permission to get access. I’m not sure if it needs to be an app using entitlements or if the user could then just add it to privacy.


I could entirely be wrong in my interpretation.

Reply

Applications started from launchd on macOS Catalina cannot access files

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up