Add security access groups to System Events for Accessibility APIs

Originator:craig.hockenberry
Number:rdar://16224269 Date Originated:3/4/2014
Status:Open Resolved:
Product:OS X Product Version:
Classification:Enhancement Request Reproducible:Always
 
A temporary exception is currently needed for an app that wants to arrange and organize windows in another app. There are several tools on the Mac App Store that aid the user in this way:

https://itunes.apple.com/us/app/cinch/id412529613?mt=12
https://itunes.apple.com/us/app/divvy-window-manager/id413857545?mt=12

As an example of how I'd like this enhancement to work, assume there's an app that assists a web developer by resizing Safari windows to specific sizes for testing responsive web designs. The app would use AppleScript that looks something like this:

	tell application "System Events"
		tell process "Safari"
			set theWindow to window 1
			set position of theWindow to {100, 100}
			set size of theWindow to {800, 600}
		end tell
	end tell

That app needs the following temporary exception in its entitlements:

	<key>com.apple.security.temporary-exception.apple-events</key>
	<array>
		<string>com.apple.systemevents</string>
	</array>

In addition, user intent is controlled by System Preferences with Accessibility settings. (Accessibility > "Enable access for assistive devices" on 10.8 or Security & Privacy > Privacy > Accessibility > "Allow the apps below to control your computer" on 10.9).

Disallowing an app from controlling another is a good idea (I sure don't want an app selecting menu items for me!) and the App Sandbox Design Guide's statements about accessibility make complete sense:

https://developer.apple.com/library/mac/documentation/security/conceptual/AppSandboxDesignGuide/DesigningYourSandbox/DesigningYourSandbox.html#//apple_ref/doc/uid/TP40011183-CH4-SW6

That being said, automatically moving windows around on my screen is something that helps me do my job and something I can explicitly control using Accessibility in System Preferences. As a user, this type of "controlling my app" means "making my work easier".

I propose that an access group identifier be added to the Processes Suite in the "sdef" for /System/Library/CoreServices/System Events.app that just allows the rect of window to be adjusted. Something like this:

	<access-group identifier="com.apple.systemevents.window" access="rw">
		<property name="position" code="posn" type="list" description="the position of the UI element" />
		<property name="size" code="ptsz" type="list" description="the size of the UI element" />
	</access-group>

Ideally, privileges would be limited to just these properties on the window UI element. (Most of the other elements and properties on the process and window objects are read-only already.)

Then an app that wants to use the System Events to place windows can add it to their scripting targets:

	<key>com.apple.security.scripting-targets</key>
	<dict>
		<key>com.apple.systemevents</key>
		<array>
			<string>com.apple.systemevents.window</string>
		</array>
	</dict>

And we all live happily ever after.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!