Terminal app can access folders that it isn’t allowed
privacySecurityterminal
In the security and privacy pane I didn't allow the terminal app to access anything.
I didn't allow full disk access either.
However, it can show the contents of Desktop by doing cd Desktop, ls. Why?
Best Answer
My first question is: why would you do that to your terminal.app?
To answer your question. Terminal.app is automatically granted Full Disk Access by default and it does not show up in the Full Disk Access tab on the Security Pane.
You can see this by running the following in your term:
sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db 'select * from access'
sudo spctl --master-disable will turn off the Gatekeeper checks, and sudo spctl --master-enable will re-enable them (to the default setting of App Store and signed apps — it doesn't appear that setting it to App Store-only is possible).
Note that it will not throw any error if you run it without sudo permissions, but sudo is in fact required.
What you could do is running a script which uses mdfind to symlink all files with a specific tag into a folder, and then access the files via this folder.
(Replace "Red" with the name of the tag you are looking for)
If several tagged files have the same name only the first one will get linked (you'll get a warning message for the others). And, of course, the commands needs to be rerun every time you add/remove the tag from a file.
PS: There is a small caveat here. Not all applications handle symlinked files the same way. Test first whether an application writes a changed file back to the original place or just replaces the symlink with the updated version.
PPS:
mdfind -0 finds all files/folders matching the query (in this case the tag). The -0 ensures that the string passed to the next command is terminated by an ASCII NUL character (to ensure that file names containing spaces etc get handled correctly)
xargs -0 -n 1 -J % reads one line of input to build and execute a command. -J % sets the placeholder for the input line to %
ln -s % . symlinks the file/folder in % into the current directory (.)
Best Answer
My first question is: why would you do that to your terminal.app?
To answer your question. Terminal.app is automatically granted Full Disk Access by default and it does not show up in the Full Disk Access tab on the Security Pane.
You can see this by running the following in your term:
sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db 'select * from access'
I hope it answers your question.