Quarantine restrictions

Applications downloaded with a browser may are subject to quarantine restrictions.

Denying launch

If you double-click a quarantined app in Finder, it will refuse to run it. This can be bypassed via Command+clicking on the application, selecting Open in the context menu, and clicking through a warning dialog.

Not only applications, but also libraries can be denied launch. Sample text of an error popup:

“SDL2.framework” cannot be opened because the developer cannot be verified.

macOS cannot verify that this app is free from malware.

Safari downloaded this file today at 06:18.

In the terminal, the error looks as follows:

% ./daemon    
dyld[8822]: Library not loaded: @rpath/SDL2.framework/Versions/A/SDL2
  Referenced from: <71DD614C-D95F-37DD-A29E-765DA0AEEE48> /Users/slipher/Unvanquished/build-newsdl/daemon
  Reason: tried: '/Users/slipher/Unvanquished/build-newsdl/SDL2.framework/Versions/A/SDL2' (code signature in <3E6D5145-6DE8-3734-95A7-AE31ED09A1A9> '/Users/slipher/Unvanquished/build-newsdl/SDL2.framework/Versions/A/SDL2' not valid for use in process: library load disallowed by system policy), '/Users/slipher/Unvanquished/build-newsdl/SDL2.framework/Versions/A/SDL2' (code signature in <3E6D5145-6DE8-3734-95A7-AE31ED09A1A9> '/Users/slipher/Unvanquished/build-newsdl/SDL2.framework/Versions/A/SDL2' not valid for use in process: library load disallowed by system policy), '/Library/Frameworks/SDL2.framework/Versions/A/SDL2' (no such file), '/System/Library/Frameworks/SDL2.framework/Versions/A/SDL2' (no such file, not in dyld cache)
zsh: abort      ./daemon

App Translocation

For quarantined apps that are permitted to launch, there is another possible restriction called App Translocation. If Unvanquished.app is started with app translocation, the beginning of the output looks as follows:

cmdline: -pakpath /private/var/folders/37/cwhvzf2j3_ngll0kwst_3k540000gn/T/AppTranslocation/97281FCC-20CC-45CE-8386-D8DF691593C7/d/pkg
tty console mode disabled
^3Warn: [FS] Ignoring path /private/var/folders/37/cwhvzf2j3_ngll0kwst_3k540000gn/T/AppTranslocation/97281FCC-20CC-45CE-8386-D8DF691593C7/d/pkg: No such file or directory
[FS] Lib path: /private/var/folders/37/cwhvzf2j3_ngll0kwst_3k540000gn/T/AppTranslocation/97281FCC-20CC-45CE-8386-D8DF691593C7/d/Unvanquished.app/Contents/MacOS
[FS] Home path: /Users/slipher/Library/Application Support/Unvanquished
[FS] Pak search path: /Users/slipher/Library/Application Support/Unvanquished/pkg

Daemon is not capable of running under app translocation.

The magic bits

The com.apple.quarantine extended file attribute is the root cause of all quarantine restrictions. It is added by browsers to downloaded applications. When you download an auto-unzipped .app, it is recursively applied to all files and directories within. A file's extended attributes can be viewed with the commandxattr <path>. The quarantine attribute can be (recursively) removed using xattr -d -r <path>.

There is a launch services database flag that prevents denying launch even in the presence of the quarantine attribute. It can be set by clicking through the dialog to launch despite the danger, or by moving the application in Finder.

There is a launch services database flag that disables app translocation for a quarantined file that is allowed to launch. It can be set by moving the application in the Finder.

Launch services database info follows files across moves (whether by Finder or mv). It might be possible to see these launch services database flags somewhere in the output of /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -dump.

Directory permissions

Sometimes you get a popup asking whether you want to allow the app to access, for example, Downloads or Documents. Example message: "Unvanquished" would like to access files in your Downloads folder. The application's file operation blocks while waiting for the user to respond to the dialog. Not sure what relation this has to quarantine restrictions.