I have an application that needs to copy, remove, modify, etc. files in the Library/Application Support directory and writeToFile:atomically to those files. The problem with this is that I have to have authorization for such events, and there doesn't seem to be any straight forward way to achieve this. I've read many questions, answers, and tried code samples; unfortunately they all seem to deal with using privileged helper tools, tend to be more related to commmand line functions using NSTask, or they just haven't worked. Here's a quick example of what I would like to do:
NSFileManager *fileManager = [[NSFileManager alloc] init];
if ([fileManager fileExistsAtPath:sourceFile]) {
NSError *error = nil;
if (![fileManager copyItemAtPath:sourceFile
toPath:destFile
error:&error]) {
// Deal with error
}
}
[fileManager release];
It's really simple stuff I want to do, so why does it seem so difficult just to access data in certain directories? If someone can provide an example or applicable way to do this that would be highly appreciated — thank you.
Part of the Unix security model is that a process can not obtain more privileges than it had when it was created. So, it follows that authorizing privileged operations requires launching a new process with privileges rather than simply obtaining privileges for the current process.
Update: Apple's recommended technique uses SMJobBless() and is demonstrated with this sample code: https://developer.apple.com/library/mac/#samplecode/SMJobBless/Introduction/Intro.html