Is it possible to get a write permission to /Library/ for OSX app with "com.apple.security.temporary-exception.files.absolute-path.read-write "

Question

From documentation from apple "com.apple.security.temporary-exception.files.absolute-path.read-write " Enables read/write access to the specified files or directories at specified absolute paths." with all sand boxing criteria met.

https://developer.apple.com/library/mac/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/AppSandboxTemporaryExceptionEntitlements.html

Is this possible with SMJobBless or executing an apple script which gives permission to a Library file path ?

Apple distribution guidelines says OS X application should be sandboxed. https://developer.apple.com/library/mac/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html#//apple_ref/doc/uid/TP40011183-CH1-SW1

Answer 1

This question has several answers to it.

• Yes, it is possible to write into /Library/ with a temporay exception
• Applications must be sandboxed when distributed thru Mac App Store
• Otherwise they should but it's not mandatory
• When adding a temporary exception to write into /Library/ you will not pass the review into Mac App Store
• SMJobBless and AppleScript will not help to write into files you don't have permission

There are other ways to accomplish your goals:

• Ask user to get permission to write using NSOpenPanel
• Distribute outside Mac App Store

Finally: What exactly you'd like to write? Probably there are other APIs to change the behaviour.