How to Enable Read Access to Files in a ~/Library/Group Containers/com.apple.notes

Hello, I currently am designing a data backup solution, and have an unsandboxed launch agent written in DotNet 6 that needs read access to files in order to back them up. It is configured together with its own App Group (with the sandboxed GUI). However, this Launch Agent cannot access files or enumerate directories in ~/Library/Group Containers/com.apple.notes whatsoever (even after enabling full disk access for the calling app, the files are not restricted either). I am trying to access the NoteStore.sqlite and similar files so that the Launch Agent can read the file and upload it to S3. Is there some entitlement I need to add, or access prompt? It seems like there is additional security layers for Sandboxed folders for apps that I'm trying to bypass. What is the recommended solution for my use case?

(For Ventura and Sonoma users)

Up vote post of ajdali Down vote post of ajdali
474 views
Posted by
ajdali
Reply

  • Note: This app is for enterprise, is not released on the app store.

    ajdali
Add a Comment

Replies

This is the new container data aprotection feature in macOS 14. For details, see the WWDC session linked to from Trusted Execution Resources. AFAIK there’s no way to bypass this. It’s another flavour of MAC (as defined by On File System Permissions).

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment