On Aug 1, 2012, at 11:38 , cocoa-dev-requ...@lists.apple.com wrote: > Date: Wed, 01 Aug 2012 01:07:15 -0500 > From: Charles Srstka <cocoa...@charlessoft.com> > Message-ID: <de24b739-4444-4a0d-b97c-b3c4bf4c2...@charlessoft.com> > > On Jul 31, 2012, at 11:18 PM, Jerry Krinock <je...@ieee.org> wrote: > >> Neither way is 100% reliable. Accessibility probably requires that "Enable >> Access for assistive devices" be on in System Preferences. I don't see why >> we have that stupid checkbox. At least, in 10.8 it's on by default in a new >> account. > > My guess is that Apple probably considered it a security flaw to have > applications able to control applications' GUI elements by default.
Using the checkbox gives blanket permission for all processes, which is rather extreme. A workaround for the "Enable Access" checkbox is to call AXMakeProcessTrusted() on your binary, which sets the setgid bit and uses a special "accessibility" group - needing a complex dance nowadays to ask for the admin password. (And, of course, making the app uneligible for the Mac App Store.) A similar reasoning applies to using event taps. I have an open enhancement request (rdar:///9507141) to use entitlements for this, proposing, for instance: > - com.apple.security.events.keyboard - allows the process to install keyboard > event taps > - com.apple.security.events.mouse - allows the process to install mouse event > taps > - com.apple.security.events.other - allows the process to install > other/special taps > - com.apple.security.accessibility - allows the process to use accessibility > even if turned off in System Preferences. > - This also opens up the possibility of the system alerting the user the > first time an application with these capabilities is run, or even downloaded. Feel free to dupe or expand on this. -- Rainer Brockerhoff <rai...@brockerhoff.net> Belo Horizonte, Brazil "In the affairs of others even fools are wise In their own business even sages err." Weblog: http://www.brockerhoff.net/blog _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
