Skip to content

Prompt to access data from other apps #16844

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dkocher opened this issue Feb 2, 2025 · 10 comments · Fixed by #16846 · May be fixed by #17043
Closed

Prompt to access data from other apps #16844

dkocher opened this issue Feb 2, 2025 · 10 comments · Fixed by #16846 · May be fixed by #17043
Assignees
@dkocher
Milestone
9.1.3

Comments

@dkocher
Copy link
Contributor

dkocher commented Feb 2, 2025
edited
Loading

Since building with Xcode 16.2 Build version 16C5032a, the Transparency Consent and Control (TCC) of macOS triggers a warning for kTCCServiceSystemPolicyAppData when accessing the group container ~/Library/Group Containers/G69SCX94XU.duck.

Image

Relevant log trace


2025-02-02 12:45:32.158957+0100 0xa0781    Info        0x66b771             1070   0    tccd: [com.apple.TCC:access] -[TCCDAccessIdentity matchesCodeRequirement:]: SecStaticCodeCheckValidity() static code (0xb563a6a00) from ch.sudo.cyberduck : identifier "ch.sudo.cyberduck" and (anchor apple generic and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = G69SCX94XU) or certificate root = H"a1fb64aab7a4441436d50b91f310bf8c3dafc22c"); status: 0
2025-02-02 12:45:32.158985+0100 0xa0781    Info        0x66b771             1070   0    tccd: [com.apple.TCC:access] Session authorization eval: 5
2025-02-02 12:45:32.158997+0100 0xa0781    Info        0x66b771             1070   0    tccd: [com.apple.TCC:access] DB pid: 17531 pid_version: 50347 boot_uuid: 5E838996-27AC-4973-A174-4352774F3726
2025-02-02 12:45:32.159011+0100 0xa0781    Info        0x66b771             1070   0    tccd: [com.apple.TCC:access] Request pid: 17533 pid_version: 50352 boot_uuid: 5E838996-27AC-4973-A174-4352774F3726
2025-02-02 12:45:32.159022+0100 0xa0781    Default     0x66b771             1070   0    tccd: [com.apple.TCC:access] Session scoped auth is invalid for client: ch.sudo.cyberduck
2025-02-02 12:45:32.159100+0100 0xa0781    Info        0x66b771             1070   0    tccd: [com.apple.TCC:access] -[TCCDAccessIdentity matchesCodeRequirement:]: SecStaticCodeCheckValidity() static code (0xb563a6a00) from ch.sudo.cyberduck : anchor apple; status: -67050
2025-02-02 12:45:32.159111+0100 0xa0781    Info        0x66b771             1070   0    tccd: [com.apple.TCC:access] For ch.sudo.cyberduck: matches platform requirements: No
2025-02-02 12:45:32.169797+0100 0xa0781    Info        0x66b771             1070   0    tccd: [com.apple.TCC:access] -[TCCDPlatformMacOS promptingPolicyForIdentity:accessingService:withAttributionChain:]: promptPolicy = 0; isApplePlatformBinary = 0
2025-02-02 12:45:32.169857+0100 0xa0781    Info        0x66b771             1070   0    tccd: [com.apple.TCC:access] Handling access request to kTCCServiceSystemPolicyAppData, from Sub:{ch.sudo.cyberduck}Resp:{TCCDProcess: identifier=ch.sudo.cyberduck, pid=17533, auid=502, euid=502, binary_path=/Users/dkocher/Desktop/Cyberduck Nightly.app/Contents/MacOS/Cyberduck}, ReqResult(Auth Right: Unknown (Service Policy), promptType: 1,DB Action:None)
2025-02-02 12:45:32.172832+0100 0xa0781    Debug       0x66b771             1070   0    tccd: [com.apple.TCC:access] -[TCCDAccessIdentity designatedRequirementData]: DR for identifier ch.sudo.cyberduck with static code 0xb563a6a00: identifier "ch.sudo.cyberduck" and (anchor apple generic and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = G69SCX94XU) or certificate root = H"a1fb64aab7a4441436d50b91f310bf8c3dafc22c")
2025-02-02 12:45:32.172891+0100 0xa0781    Debug       0x66b771             1070   0    tccd: [com.apple.TCC:access] Access Subject: Sub:{ch.sudo.cyberduck}Resp:{TCCDProcess: identifier=ch.sudo.cyberduck, pid=17533, auid=502, euid=502, binary_path=/Users/dkocher/Desktop/Cyberduck Nightly.app/Contents/MacOS/Cyberduck}: DR: identifier "ch.sudo.cyberduck" and (anchor apple generic and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = G69SCX94XU) or certificate root = H"a1fb64aab7a4441436d50b91f310bf8c3dafc22c")
2025-02-02 12:45:32.173108+0100 0xa0781    Default     0x66b771             1070   0    tccd: [com.apple.TCC:access] AUTHREQ_PROMPTING: msgID=648.717, service=kTCCServiceSystemPolicyAppData, subject=Sub:{ch.sudo.cyberduck}Resp:{TCCDProcess: identifier=ch.sudo.cyberduck, pid=17533, auid=502, euid=502, binary_path=/Users/dkocher/Desktop/Cyberduck Nightly.app/Contents/MacOS/Cyberduck},
2025-02-02 12:45:32.173134+0100 0xa0781    Default     0x66b771             1070   0    tccd: [com.apple.TCC:access] got authorization choices for staged prompting request: legacy SPI: 0 service: kTCCServiceSystemPolicyAppData currentAuth: 1 desiredAuth: 2
2025-02-02 12:45:32.173147+0100 0xa0781    Default     0x66b771             1070   0    tccd: [com.apple.TCC:access] aButtonAuth: 5 bButtonAuth: 0 cButtonAuth: 1
2025-02-02 12:45:32.174472+0100 0xa0781    Default     0x66b771             1070   0    tccd: [com.apple.TCC:access] found general usage key: (null)
2025-02-02 12:45:32.174514+0100 0xa0781    Info        0x66b771             1070   0    tccd: [com.apple.TCC:access] /Users/dkocher/Desktop/Cyberduck Nightly.app/Contents/MacOS/Cyberduck (offset 114688) linked against SDK version 0xf0200, platform: 1
2025-02-02 12:45:32.174532+0100 0xa0781    Info        0x66b771             1070   0    tccd: [com.apple.TCC:access] No usage string found (key:NSAppDataUsageDescription) for client[17533] in bundle:/Users/dkocher/Desktop/Cyberduck Nightly.app
2025-02-02 12:45:32.174544+0100 0xa0781    Debug       0x66b771             1070   0    tccd: [com.apple.TCC:access] Usage key:NSAppDataUsageDescription service sdk version: 0xffffffff;  client[17533](/Users/dkocher/Desktop/Cyberduck Nightly.app) sdk version: 0xf0200
2025-02-02 12:45:32.174554+0100 0xa0781    Default     0x66b771             1070   0    tccd: [com.apple.TCC:access] usage description: (null), minSDKVersionAuthSpecific: 0x0, client_sdk_verison: 0xf0200
2025-02-02 12:45:32.174574+0100 0xa0781    Info        0x66b771             1070   0    tccd: [com.apple.TCC:access] Per-App Default Purpose String key: REQUEST_DEFAULT_PURPOSE_STRING_SERVICE_kTCCServiceSystemPolicyAppData, client[17533](/Users/dkocher/Desktop/Cyberduck Nightly.app) sdk version: 0xf0200: usage string: 'Keeping app data separate makes it easier to manage your privacy and security.'
2025-02-02 12:45:32.174589+0100 0xa0781    Info        0x66b771             1070   0    tccd: [com.apple.TCC:access] display_prompt: called for ch.sudo.cyberduck for service kTCCServiceSystemPolicyAppData
2025-02-02 12:45:32.174669+0100 0xa0781    Debug       0x66b771             1070   0    tccd: [com.apple.TCC:access] notification_dictionary: {
    AlertHeader = "\U201cCyberduck Nightly.app\U201d would like to access data from other apps.";
    AlertMessage = "Keeping app data separate makes it easier to manage your privacy and security.";
    AlternateButtonTitle = "Don\U2019t Allow";
    DefaultButtonTitle = Allow;
    EnsureVisibilityForProcessID = 17533;
    IconURL = "file:///private/var/folders/1f/t_d5xh9x4js1j0gt3z7tsmbh0000gp/T/com.apple.tccd/kTCCServiceSystemPolicyAppData.png";
    LocalizationURL = "file:///System/Library/PrivateFrameworks/TCC.framework/";
    SBUserNotificationDefaultButtonTag = 32;
}
@dkocher dkocher added this to the 9.1.3 milestone Feb 2, 2025
@dkocher dkocher self-assigned this Feb 2, 2025
@dkocher
Copy link
Contributor Author

dkocher commented Feb 2, 2025
edited
Loading

Not reproducible when building with Xcode 15.4 Build version 15F31d.

@dkocher
Copy link
Contributor Author

dkocher commented Feb 3, 2025

Reproducible with Xcode 16.1 Build version 16B40.

@dkocher
Copy link
Contributor Author

dkocher commented Feb 3, 2025

Reproducible with Xcode 16.0 Build version 16A242d.

@dkocher
Copy link
Contributor Author

dkocher commented Feb 3, 2025

All tests run on 15.3 (24D60)

Darwin silverbullet.local 24.3.0 Darwin Kernel Version 24.3.0: Thu Jan  2 20:24:16 PST 2025; root:xnu-11215.81.4~3/RELEASE_ARM64_T6000 arm64

@dkocher
Copy link
Contributor Author

dkocher commented Feb 3, 2025
edited
Loading 

2025-02-02 12:45:32.159100+0100 0xa0781    Info        0x66b771             1070   0    tccd: [com.apple.TCC:access] -[TCCDAccessIdentity matchesCodeRequirement:]: SecStaticCodeCheckValidity() static code (0xb563a6a00) from ch.sudo.cyberduck : anchor apple; status: -67050

Error code 67050 implies errSecCSReqFailed.

The designated requirement is set to

silverbullet:cyberduck dkocher$ codesign -d -r- osx/target/Cyberduck.app
Executable=…/Cyberduck.app/Contents/MacOS/Cyberduck
designated => identifier "ch.sudo.cyberduck" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = G69SCX94XU

and assesement is ✅

silverbullet:cyberduck dkocher$ spctl -v --assess --type execute --raw osx/target/Cyberduck.app
osx/target/Cyberduck.app: accepted

and strict verification

silverbullet:cyberduck dkocher$ codesign --verbose=4 --deep --strict osx/target/Cyberduck.app
osx/target/Cyberduck.app: satisfies its Designated Requirement

@dkocher dkocher mentioned this issue Feb 3, 2025
Merged
@dkocher
Copy link
Contributor Author

dkocher commented Feb 3, 2025

The prompt is shown when first attempting to read from ~/Library/Group Containers/G69SCX94XU.duck/ which denotes the shared container directory as specified with com.apple.security.application-groups in the codesign entitlements.

@dkocher
Copy link
Contributor Author

dkocher commented Feb 3, 2025

The documentation 1 notes the group name can be arbitrary, e.g. <team identifier>.<group name>. Cyberduck uses G69SCX94XU.duck by default.

Interestingly enough the alert is not shown when a group name matching the bundle identifier is used, e.g. G69SCX94XU.ch.sudo.cyberduck.

Footnotes

  1. https://developer.apple.com/documentation/BundleResources/Entitlements/com.apple.security.application-groups

@dkocher
Copy link
Contributor Author

dkocher commented Feb 4, 2025

Opened case #102530667781 with Apple Developer Support.

@dkocher
Copy link
Contributor Author

dkocher commented Feb 4, 2025
edited
Loading

The problem can also be reproduced when signing with a Development certificate type.

@dkocher
Copy link
Contributor Author

dkocher commented Feb 4, 2025

Additionally the alert is not shown when a group container G69SCX94XU.group.duck is accessed. Don't know how this relates to the registration of App Group Identifier where the identifier is always prefixed with group..

dkocher added a commit that referenced this issue Feb 11, 2025
@dkocher
Merge pull request #16846 from iterate-ch/bugfix/GH-16844
624dd60 
Review code signing entitlements
@dkocher dkocher mentioned this issue Apr 16, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dkocher dkocher

Labels
None yet
Projects
None yet
Milestone
9.1.3
1 participant
@dkocher