|
|
|
|
|
|
by fragmede
283 days ago
|
|
|
We don't have to theorize. MacOS has TCC, which was first added in 2012 in Mountain Lion and later versions added more grants. It's not a proper capability system, but it's still a security system that came after traditional Unix primitives. Later macOS versions added a sandbox as well, and programs can't reach outside of that sandbox willy nilly. So macOS programs can't navigate to ~/Photos without the user hitting allow, possibly in system preferences, not just as a pop-up. The external APIs themselves haven't changed. Without recompiling, if I want to enumerate photos using the appropriate framework, the newer version of the framework code will ask the TCC system which popups up a "allow access to Photos" dialog. If my program tries to read the photo db file with a standard open(), it's going to get permission denied. (you can grant programs full disk access of you so choose.) |
|
|
It's very good they are doing it and we're all more secure thanks to that, but it’s not a caps-based system designed from scratch.