Check if an app can read certain folders
Solution 1:
macOS App Sandbox
~/Library/Containers
is created by macOS and not the application. Sandboxed applications are effectively chroot
'd into their container. You can learn more in Apple's App Sandbox Design Guide documentation.
Sandboxed applications have a com.apple.security.app-sandbox
entitlement set to true
.
You can view the entitlements of an application using the command line tool codesign
:
codesign --display --entitlements=- /Applications/Safari.app
There is no way to run a shell script using the rights of another application.
macOS's sandboxing approach requires that you trust Apple's implementation.