what is the purpose of mds folder on a Mac
Solution 1:
I think in this particular case MDS stands for Module Directory Services, as explained in this apple doc. As far as I can tell this is unrelated to Spotlight's mds (which stands for metadataserver).
You use the search object created by this function in subsequent calls to the SecPolicySearchCopyNext function to obtain trust policy objects. Policies are stored in the Module Directory Services (MDS) database. MDS is described in detail in “Part 8: Module Directory Service (MDS)” of Common Security: CDSA and CSSM, version 2 (with corrigenda) from The Open Group (http://www.opengroup.org/security/cdsa.htm).
Going to that link, we have the following extra information
The Module Directory Services (MDS), which is a standalone service outside of CDSA, implements a database describing CDSA components available from the local platform. Applications and CDSA components can query MDS to obtain the compatibility information and numerous other attributes describing features of the CDSA components. This information can be used as the basis for selecting appropriate and compatible components at runtime.
We can see the source for some of pieces of MDS in Security.framework here and see indeed there are the implementations of the "DL interfaces supported by MDS" as enumerated here
So from the above, if I understand correctly from skimming the docs we can say that at a high level MDS is a database used by the Security.framework component of OSX to manage policies.
Now what about the specific per-app example you noted? We see here that mDNSResponder
needs read-write access to pieces of MDS:
; Our Module Directory Services cache
(allow file-read-data (regex #"^/private/var/tmp/mds/"))
(allow file-read* file-write* (regex #"^/private/var/tmp/mds/[0-9]+(/|$)"))
(allow file-read-data (regex #"^/private/var/db/mds/"))
(allow file-read* file-write* (regex #"^/private/var/db/mds/[0-9]+(/|$)"))
(allow file-read* file-write* (regex #"^/private/var/folders/[^/]+/[^/]+/C/mds(/|$)"))
(allow file-read* file-write* (regex #"^/private/var/folders/[^/]+/[^/]+/-Caches-/mds(/|$)")) ; Required on 10.5 and 10.6
and that second-to-last line matches the file path you noted. So that could be one reason why such a file exists.
Deleting it should not pose any issue since it is part of the cache directory.