craftwa.re

A walk outside the sandbox

Home Blog Cheat Sheets MacOS Tips Area 51 About

Mojave Permissions to Poke Around

|

Overview

  • We keep hearing that macOS 10.14 Mojave introduced a lot of new security features but what exactly are they? Some of the new security additions focus around data privacy by minimizing online fingerprint and tracking, new permissions for apps and better passowrd management for Safari.
  • Mojave introduced new restrictions even for user directories. Applications won’t be able to access folders like Mail, Messages and Time Machine backups unless explicitely granted permissions!

What does it mean in practice?

  • A very important aspect is that an application cannot prompt for this permission. It must be granted it manually. The process is however, very simple:
    1. Open System Preferences
    2. Go to Security & Privacy
    3. Click on the Privacy Tab
    4. Click Full Disk Access section in the sidebar

After unlocking the interface, just drag-and-drop an application here, or use the + button to add manually.

Mojave privacy settings

  • Notice that the protected folders have no special attributes or permissions:
~ ls -ald@ ~/Library/Safari
drwxr-xr-x@ 41 liv  staff  1312 11 Oct 13:31 /Users/liv/Library/Safari
	com.apple.quarantine	  -1
  
~ xattr ~/Library/Safari
com.apple.quarantine

~ ls -al ~/Library/Safari
ls: Safari: Operation not permitted