Using NSAppleScript With AXMakeProcessTrusted -- and/or, How To Indirectly Launch A Secure Agent
Using NSAppleScript With AXMakeProcessTrusted -- and/or, How To Indirectly Launch A Secure Agent
- Subject: Using NSAppleScript With AXMakeProcessTrusted -- and/or, How To Indirectly Launch A Secure Agent
- From: Tobias Zimmerman <email@hidden>
- Date: Sat, 31 Jan 2009 16:44:45 -0500
- Thread-topic: Using NSAppleScript With AXMakeProcessTrusted -- and/or, How To Indirectly Launch A Secure Agent
I have a somewhat complex problem I am hoping the list can help me with.
Ultimately, what I am trying to do is grant my application rights to use the
Accessibility API without forcing users to turn on ³Enable access for
assistive devices². My application uses AppleScripts (primarily calling
System Events) to move the front window of any application between displays.
So, I have read up on the AXMakeProcessTrusted function, and seen the
example at http://caffeinatedcocoa.com/blog/?p=12 on how to use this
function. The problem is, using that approach causes the AppleScripts in my
application to fail with the error 2709 (can¹t access dictionary).
First question: I have seen a message saying that AXMakeProcessTrusted was
broken in Tiger. Was it fixed in Leopard? It seems to work correctly, save
causing my AppleScripts to fail.
Next question: Are the AppleScripts failing because the application process
has elevated rights due to AXMakeProcessTrusted, or is it because the
application links to the Security Framework? I have seen posts/messages
that suggest both. If I can get my application the status of
AXProcessIsTrusted without linking to the Security Framework, will the
AppleScripts work? (And is this a bug or a security feature?)
Third question: Assuming the answers to the first two questions are
favorable, how would you more experienced and wise developers go about doing
something like this? How can I do a one-time operation as root without
linking the Security Framework into my main application? It seems to me I
need to include two separate agents in my app one that is run with normal
permissions from the main app (thus, no need to link to the Security
Framework or give the main app generally elevated permissions), and then a
second one, called from the first agent with privileges, that actually
executes the AXMakeProcessTrusted function on the main app. Does this seem
right? I am a novice programmer, but I have looked at both NSTask and the
NSWorkspace - launchedApplication: method and can¹t discern the easier way
to go in terms of passing the main app¹s path to the first, and then the
second agent applications. I am not even sure of the proper build settings
for a project using two helpers in this manner. Could I use a shell/perl
script as the middle agent?
Sorry for the longwinded/semi-ranging question(s), but any and all advice
the more experienced can offer would be really really appreciated.
(I have looked at AuthSample, MoreAuthSample, BetterAuthorizationSample and
AuthorizedTasksInCocoa¹ (from
http://www.sheepsystems.com/sourceCode/authTasksCocoa.html) and none of them
suggested an easy and straight forward solution to me.)
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden