Check if an app can read certain folders

command-line permission

Solution 1:

macOS App Sandbox

~/Library/Containers is created by macOS and not the application. Sandboxed applications are effectively chroot'd into their container. You can learn more in Apple's App Sandbox Design Guide documentation.

Sandboxed applications have a com.apple.security.app-sandbox entitlement set to true.

You can view the entitlements of an application using the command line tool codesign:

codesign --display --entitlements=- /Applications/Safari.app

There is no way to run a shell script using the rights of another application.

macOS's sandboxing approach requires that you trust Apple's implementation.

Related

Microsoft Teams Silencing Soundflower
Adobe Illustrator CS6 on Mojave with Java 8?
Dismiss Calendar notification popups more easily
How do I remove an ssh private key from ssh-agent/keychain
Trying to re-sync Messages between iPhone and Mac
Call the window to active desktop
How can I download my app package directly from app store connect?
Can’t pair Magic Keyboard due to numerical keys not working
Does the Mac mini with M1 support the LG 5k display?
Why doesn't my iPhone 6s plus charge while it is on the cable?
Transfer file from iOS to macOS without internet, natively?
Hardware requirements for HomeKit compatibility?