macOS钥匙串ACL如何确定哪些应用有权访问? [英] How does macOS keychain ACL determine which apps have access?
问题描述
当应用程序将项目保存到钥匙串时,macOS将该应用程序添加到访问控制列表中,以便您的应用程序以后可以访问它.如果您尝试从其他应用程序访问该项目,则macOS将显示系统提示,询问用户是否要允许访问.在此处中记录.
When an app saves an item to the keychain, macOS adds that app to the Access Control List so your app can access it later. If you try to access that item from a different app, macOS will show a system prompt asking the user if they want to allow access. This is documented here.
应用名称希望使用您存储在其中的机密信息 钥匙串中的"com.company.appname.key".为此,请输入 登录"钥匙串密码.
App Name wants to use your confidential information stored in "com.company.appname.key" in your keychain. To allow this, enter the "login" keychain password.
macOS如何知道哪些应用程序可以访问?是通过捆绑包ID,签名证书,应用程序在磁盘上的位置还是其他?
How does macOS know which apps have access? Is it by bundle id, signing certificates, location of the app on disk, something else?
在我们的应用程序中,当我们尝试访问仅知道我们创建的应用程序的条目时,会意外地看到此提示,因此我试图弄清为什么macOS认为它是另一个应用程序.当我查看钥匙串访问"中的项目时,它显示了访问控制中始终允许这些应用程序访问"下列出的应用程序名称,但是该图标是通用文件,让我相信它认为该应用程序的新版本不相同应用程序.请注意,我不再安装旧版本.
In our app, we’re seeing this prompt unexpectedly when we try to access an entry we know only our app created so I’m trying to figure out why macOS thinks it's a different app. When I go view the item in Keychain Access it shows our app name listed in Access Control under "Always allow access by these applications" but the icon is a generic file, making me believe it thinks the new version of the app is not the same app. Note that I no longer have the old version installed.
推荐答案
您可以查看具体来说,运输和更新您的产品"部分,其中有这句话(强调我的意思):
Specifically, the section "Shipping and Updating Your Product", which has this to say (emphasis mine):
对产品的新版本进行资格鉴定后,请使用与以前的版本相同的方式对其进行签名,并使用相同的标识符和相同的指定要求.用户的系统认为您产品的新版本与以前的版本是相同的程序.例如,钥匙串服务不会区分您的程序的旧版本和新版本,只要两者都已签名并且唯一标识符保持不变即可. t.
这篇关于macOS钥匙串ACL如何确定哪些应用有权访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
