Fix: Full Disk Access permission check using actual file read

2026-05-01 09:32:15 +02:00
parent 979f309497
commit cfa9b581fc
2 changed files with 30 additions and 21 deletions
--- a/macos/Permissions.mm
+++ b/macos/Permissions.mm
@@ -49,30 +49,38 @@ void Permissions::openAccessibilitySettings() {

 bool Permissions::checkFullDiskAccess() {
    // There's no official API to check Full Disk Access.
-    // We try to read a protected file that requires FDA permission.
-    // Safari bookmarks is a commonly used test file.
+    // Try to actually read a protected file that requires FDA.

-    NSArray* testPaths = @[
-        [NSHomeDirectory() stringByAppendingPathComponent:@"Library/Safari/Bookmarks.plist"],
-        [NSHomeDirectory() stringByAppendingPathComponent:@"Library/Safari/CloudTabs.db"],
-        @"/Library/Application Support/com.apple.TCC/TCC.db",
-        [NSHomeDirectory() stringByAppendingPathComponent:@"Library/Application Support/com.apple.TCC/TCC.db"]
-    ];
+    NSString* testPath = [NSHomeDirectory() stringByAppendingPathComponent:@"Library/Safari/Bookmarks.plist"];

    NSFileManager* fm = [NSFileManager defaultManager];
-    for (NSString* path in testPaths) {
-        if ([fm fileExistsAtPath:path]) {
-            // File exists, try to read it
-            if ([fm isReadableFileAtPath:path]) {
-                return true;  // Can read protected file = FDA granted
-            } else {
-                return false; // File exists but can't read = FDA not granted
-            }
+    if ([fm fileExistsAtPath:testPath]) {
+        // Try to actually read the file (more reliable than isReadableFileAtPath)
+        NSData* data = [NSData dataWithContentsOfFile:testPath];
+        if (data != nil) {
+            NSLog(@"FDA check: OK (can read Safari bookmarks)");
+            return true;
+        } else {
+            NSLog(@"FDA check: FAILED (Safari bookmarks exists but unreadable)");
+            return false;
        }
    }

-    // If none of the test files exist, assume FDA is granted
-    // (edge case: fresh system without Safari history)
+    // Safari bookmarks doesn't exist, try TCC database
+    testPath = @"/Library/Application Support/com.apple.TCC/TCC.db";
+    if ([fm fileExistsAtPath:testPath]) {
+        NSData* data = [NSData dataWithContentsOfFile:testPath];
+        if (data != nil) {
+            NSLog(@"FDA check: OK (can read TCC.db)");
+            return true;
+        } else {
+            NSLog(@"FDA check: FAILED (TCC.db exists but unreadable)");
+            return false;
+        }
+    }
+
+    // No test files exist, assume OK
+    NSLog(@"FDA check: SKIPPED (no test files found)");
    return true;
 }