Accessibility Permission In Sandbox For Keyboard

In general, App Sandbox blocks use of the Accessibility APIs. We call this out in Protecting user data with App Sandbox.

However, there are some exceptions. It seems that you’re trying to monitor keyboard events and that does work in a sandboxed app. Specifically, you need to use an API that relies on System Settings > Privacy & Security > Input Monitoring rather than System Settings > Privacy & Security > Accessibility. That means CGEventTap rather than the NSEvent monitor.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thank you for your reply. I understand that I should be using CGEventTap to try and monitor the input I need.

I am still confused though about if it is possible to trigger actions like shortcuts from my app. For example, if I want to implement a functionality where my app can programmatically trigger a global shortcut, is this possible? When I say global, I mean being able to trigger the shortcut such that it works in whatever app is active, not just my app. I think the way to do this is through the .tapCreate in CGEventTap, but I don't think that can be accessed with just input monitoring permission in sandbox.

Would it be possible to request an exception to allow something like this inside my app?

Thanks again!

Here’s my understanding of your goals:

• You’re distributing a Mac app via the App Store.

• You want that app to watch for keyboard events, even when it’s inactive.

• When it detects a relevant event, your app performs some action.

Is that correct?

If so, then CGEventTap should work for you. The user will need to grant your app the System Settings > Privacy & Security > Input Monitoring privilege, but once they do it’ll be able to use CGEventTap to monitor keyboard events.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hello,

Your understanding is correct about those goals, and I understand I should use CGEventTap for this. However, in addition to doing so, I would like my app to be able to post keyboard events (specifically only shortcuts) as well.

So for a simple example let's say I want to 'remap' the command key to command+option+s (just for example sake). My app should detect when command is pressed, and then be able to "post" the event for the shortcut command+option+s.

I hope this clears things up. Thank you for the help!

I would like my app to be able to post keyboard events (specifically only shortcuts) as well.

OK. I’m glad to say that’s not a showstopper. You can post events using CGEvent.post(…). That uses its own privilege, one that’s also compatible with App Sandox.

However, there’s as a subtlety here. While this privilege shows up in the UI as System Settings > Privacy & Security > Accessibility, it doesn’t give you complete accessibility access. It’s just limited to posting events.

You can see this, very obliquely!, in tccutil, where there are separate services for Accessibility, ListenEvent, and PostEvent.

See this thread for info on TCC service names.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I will look into that, thank you so much!