Does “Full Disk Access” include access to ”Files and Folders” Privacy settings

permissionprivacy

In MacOS 10.15 new settings have been introduced in Security & Privacy that allow the user to determine access to files and folders for specific applications.
For example access to the 'Desktop' or 'Downloads' folder can now be controlled but also 'Network Volumes' and 'Removable Volumes'.

Is granting 'Full Disk Access' to a process / application sufficient and includes the newer more specific permissions in Catalina for "Files and Folders"?

enter image description here

Best Answer

  • The System Preferences screen is a bit vague (it says "Allows specified apps access to data like Mail, Messages, Safari, Home, Time Machine backups, and certain administrative settings for all users on this Mac.")

    However the Apple developer documentation is more explicit - it says Full Disk Access (SystemPolicyAllFiles) covers all protected file locations including the new ones you mention. From PrivacyPreferencesPolicyControl.Services :

    SystemPolicyAllFiles Allows the application access to all protected files, including system administration files.

    More fine-grained file locations are listed in the link, including those you asked about. Specifically :

    SystemPolicyDesktopFolder Allows the application to access files in the user's Documents folder.

    SystemPolicyDocumentsFolder Allows the application to access files in the user's Downloads folder.

    SystemPolicyNetworkVolumes Allows the application to access files on network volumes.

    SystemPolicyRemovableVolumes Allows the application to access files on removable volumes.

    Note that PrivacyPreferencesPolicyControl says "In the case of conflicting specifications, the most restrictive setting (deny) is used" but it doesn't seem to be possible to grant Full Disk Access and revoke another permission in Files and Folders through System Preferences.