"The Application Can't Be Opened"

Questions & Suggestions
47

<ObDisclaimer>
I'm an enthusiastic amateur, not a developer or security specialist, so view what follows with a critical eye...
</ObDisclaimer>

A perusal of Howard Oakley's most excellent Eclectic Light blog (IMO a must-read for anyone who's interested in what happens below the surface of macOS), particularly the articles on quarantine, suggests the following are relevant here:

  • Apps and documents are treated differently, eg you can't clear a document's quarantine flag by opening it in the Finder and OKing a dialog
  • How a quarantine flag is evaluated depends on how you open the doc -- Finder double-click and going via LaunchServices is different to explicitly choosing the non-default app via "Open with..."
  • Some apps -- including, but not limited to, sandboxed apps such as Preview -- will add a quarantine flag to a document that has none

Example of the last, where stripping the flag the opening and closing the doc in Preview re-applies it:

iMac:~ nigel$ xattr -d com.apple.quarantine ~/Downloads/Scrivener_Manual-Mac-2.pdf 
iMac:~ nigel$ xattr -p com.apple.quarantine ~/Downloads/Scrivener_Manual-Mac-2.pdf 
xattr: /Users/nigel/Downloads/Scrivener_Manual-Mac-2.pdf: No such xattr: com.apple.quarantine
iMac:~ nigel$ open ~/Downloads/Scrivener_Manual-Mac-2.pdf 
iMac:~ nigel$ # closed from Preview
iMac:~ nigel$ xattr -p com.apple.quarantine ~/Downloads/Scrivener_Manual-Mac-2.pdf 
0082;66002f2b;Preview;
iMac:~ nigel$

In my testing, osascript was barfing on the usual (I was seeing 0081, 0082 or 0083) quarantine flags. But it was fine with either the flag had been deleted or if it had explicitly set to the "has been cleared by Gatekeeper" value -- 00c1.

Importantly for us, sandboxed apps seem happy to leave the 00c1 flag in the 00c- range, rather than changing it back to 008-:

iMac:~ nigel$ xattr -p com.apple.quarantine ~/Downloads/Scrivener_Manual-Mac-2.pdf 
0082;66002f2b;Preview;
iMac:~ nigel$ xattr -w com.apple.quarantine "00c1;66002f2b;Preview" ~/Downloads/Scrivener_Manual-Mac-2.pdf 
iMac:~ nigel$ open ~/Downloads/Scrivener_Manual-Mac-2.pdf 
iMac:~ nigel$ # closed from Preview
iMac:~ nigel$ xattr -p com.apple.quarantine ~/Downloads/Scrivener_Manual-Mac-2.pdf 
00c3;66002f2b;Preview
iMac:~ nigel$

...which should mean that, unlike when deleting com.apple.quarantine, we won't need to keep going back to reset the file's flag.

Putting that all together into a "Set Quarantine Flag" macro that works on a single file selected in the Finder:

Set Quarantine Flag.kmmacros (2.2 KB)

Image

Set Quarantine Flag
Set Quarantine Flag1020×1384 159 KB

...which could easily be adjusted for multiple files, as per @NSSynapse's macro above. Or (and slightly more efficient) you could pass in a list of paths and do the loop in the shell script.

Unfortunately we can't use this automatically as part of a "Try/Catch" surrounding the "Open Finder Selection in..." action since the action itself always succeeds, even though the file's opening is blocked.

As with all quarantine adjustments, this is subverting Apple's intended (or possibly, in this case, broken!) security stance, so use wisely. Has worked in all my testing, so I'd love to hear how others get on with it.

3 Likes