permissions

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 5, 2026 License: MIT Imports: 2 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var EntitlementMapping = map[Permission][]string{
	Camera:          {"com.apple.security.device.camera"},
	Microphone:      {"com.apple.security.device.microphone"},
	Location:        {"com.apple.security.personal-information.location"},
	ScreenRecording: {},
	Accessibility:   {"com.apple.security.temporary-exception.apple-events", "com.apple.security.automation.apple-events"},
	Files:           {"com.apple.security.files.user-selected.read-only"},
	Network:         {"com.apple.security.network.client"},
	Sandbox:         {"com.apple.security.app-sandbox"},
}

EntitlementMapping maps permissions to their corresponding entitlements. These entitlements are added to the app bundle's entitlements.plist file to declare the app's permission requirements.

Note: ScreenRecording has no public entitlement - it's purely TCC-controlled. The app must be signed and trigger the TCC prompt at runtime.

View Source 
var PermissionDependencies = map[Permission][]Permission{}

PermissionDependencies defines which permissions require other permissions. Currently used for validating app groups which require sandbox permission.

View Source 
var TCCServiceMapping = map[Permission]string{
	Camera:          "Camera",
	Microphone:      "Microphone",
	Location:        "Location",
	ScreenRecording: "ScreenCapture",
	Accessibility:   "Accessibility",
}

TCCServiceMapping maps permissions to their TCC service names for tccutil. These are used when resetting TCC permissions via command line tools.

Functions

func GetEntitlements 

func GetEntitlements(perms []Permission) []string

GetEntitlements returns the entitlement strings for the given permissions. These entitlements should be included in the app bundle's entitlements.plist file to declare the app's permission requirements to macOS.

Duplicate entitlements are automatically removed from the result.

func GetTCCServices 

func GetTCCServices(perms []Permission) []string

GetTCCServices returns the TCC service names for permissions that support tccutil reset. These service names can be used with the `tccutil reset` command to clear previously granted permissions for testing purposes.

Note that not all permissions have corresponding TCC services that can be reset.

func PermissionDescription 

func PermissionDescription(perm Permission) string

PermissionDescription returns a human-readable description of the permission. These descriptions explain what each permission grants access to.

func PermissionToString 

func PermissionToString(perm Permission) string

PermissionToString converts a Permission to its string representation. This is useful for serialization and debugging.

func RequiresTCC 

func RequiresTCC(perms []Permission) bool

RequiresTCC returns true if any of the permissions require TCC prompts. TCC (Transparency, Consent, Control) prompts are the system dialogs that ask users to grant permission for camera, microphone, location, etc.

This is useful for determining whether the app needs to be launched in a way that triggers proper TCC dialog presentation.

func ValidateAppGroups 

func ValidateAppGroups(groups []string, perms []Permission) error

ValidateAppGroups checks if app groups configuration is valid. App groups require sandbox permission to be enabled and must follow proper naming conventions.

App group identifiers must:

  • Start with "group."
  • Be at least 7 characters long ("group." + identifier)
  • Have sandbox permission enabled

func ValidatePermissions 

func ValidatePermissions(perms []Permission) error

ValidatePermissions checks if the provided permissions are valid and compatible. It verifies that all permissions are recognized and that any dependency requirements are satisfied.

For example, certain features may require specific permissions to be enabled together for proper functionality.

Types

type Permission 

type Permission string

Permission represents a macOS system permission that can be requested. These correspond to TCC (Transparency, Consent, Control) permission types. 

const (
	Camera          Permission = "camera"           // Camera access (com.apple.security.device.camera)
	Microphone      Permission = "microphone"       // Microphone access (com.apple.security.device.audio-input)
	Location        Permission = "location"         // Location services (com.apple.security.personal-information.location)
	ScreenRecording Permission = "screen-recording" // Screen recording/capture (requires TCC approval)
	Accessibility   Permission = "accessibility"    // Accessibility (simulating input, etc.)
	Files           Permission = "files"            // File system access with user selection
	Network         Permission = "network"          // Network client/server access
	Sandbox         Permission = "sandbox"          // App sandbox with restricted file access
)

Core permissions covering 95% of use cases.

func AllPermissions 

func AllPermissions() []Permission

AllPermissions returns a slice of all available permissions. This is useful for documentation, testing, or building UI that allows users to select from available permissions.

func PermissionFromString 

func PermissionFromString(s string) (Permission, bool)

PermissionFromString converts a string to a Permission type. This is useful when parsing permission names from configuration files or command line arguments.

Returns the Permission and a boolean indicating whether the conversion was successful (i.e., whether the string represents a valid permission).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.