My SDL app is asking for permission to read all keystrokes from any application on macOS.

picardph · September 24, 2021, 1:15pm

I am using SDL2.0.16 and when I run my SDL app, macOS asks for permission to allow SDL to receive keystrokes from any application. My searching shows that this should have been fixed in SDL2.0.10 so I’m not sure why I am still getting it. I am running macOS version Big Sur on a M1 MacBook Air. I really can’t ship an app that shows this popup as it will scare away users.

Thanks for your time,
Philip

slouken · September 24, 2021, 3:44pm

Can you debug it to see what API call causes the popup to occur?

picardph · September 24, 2021, 9:06pm

I have not yet had the chance to debug the internals of SDL2 but I did a quick test and can confirm that it comes from SDL_Init with the flag SDL_INIT_EVERYTHING.

nightmareci · September 26, 2021, 4:31pm

I’m having the exact same issue, on Big Sur + M1 Mac. It could be specific to Apple Silicon macOS, because the security model is slightly different/upgraded over Intel macOS. For instance, Apple Silicon Mac apps must be codesigned to work at all, at the very least adhoc signed, but Intel apps on Apple Silicon do work unsigned.

nightmareci · September 26, 2021, 5:45pm

Alright, figured out the API call that produces the request. It happens when you initialize the joystick subsystem. Attached is a source file containing examples that don’t produce the request, then a final example that does.main.c (1.9 KB)

brada · September 26, 2021, 7:07pm

This is false, my company makes an unsigned Mac app and it works fine on both M1 (without rosetta) and Intel.

The only “security” difference I know of is due to hardware. e.g. the M1 memory control unit wont allow memory to be executable and writable at the same time.

nightmareci · September 26, 2021, 7:57pm

% echo 'int main() { return 0; }' >test.c
% clang test.c -o test
% ./test 
% echo $?
0
% codesign --remove-signature test
% ./test 
zsh: killed     ./test

Apple Silicon macOS does not allow unsigned arm64 code to run.

rtrussell · September 27, 2021, 10:32am

That has not been my experience. This is an unsigned arm64 app for the M1, compiled at the command line, and nobody has yet reported any problems running it:

http://www.rtr.myzen.co.uk/bbcbasic_console_macm1.zip

I could sign it, but so far it has not been necessary.

17cupsofcoffee · October 28, 2021, 9:30am

This has been happening for my code as well (though I only heard about it second hand, as I don’t use a Mac myself).

It seems to be tied to the initialization of the joystick/controller subsystems, which seems to be the same conclusion @nightmareci reached.

I’ve raised a GitHub issue for this (though whether it’s an issue or the expected behaviour, I’m not sure yet):

github.com/libsdl-org/SDL

MacOS: Input monitoring permissions requested when joystick/game controller subsystem enabled

opened 09:24AM - 28 Oct 21 UTC

17cupsofcoffee

After upgrading to Big Sur, one of the Mac users of my library which uses SDL2 f…or windowing/input) is getting a keyboard permissions dialog when their game starts up: * https://github.com/17cupsofcoffee/tetra/discussions/289 This only seems to happen when the joystick/controller subsystems are enabled - when they're commented out, the dialog does not show. The user in question is using 2.0.16, but did not have this issue when they were using that version on Catalina. They switched it out for 2.0.14 (built from source), and that did not seem to be affected - so it sounds like this may be an interaction between some new code in 2.0.16 and something that's changed in the OS update. Is this the expected behaviour, or have Apple pulled the rug out from under us? The latter would not surprise me 😄 A few bits of context/background info: * This seems to be a seperate issue from the [Caps Lock one](https://discourse.libsdl.org/t/macos-catalina-keyboard-monitoring-permission/27529) that was fixed last year. * There seems to be [another user on the forums seeing the same behaviour](https://discourse.libsdl.org/t/my-sdl-app-is-asking-for-permission-to-read-all-keystrokes-from-any-application-on-macos/32893), and they also came to the conclusion that it was the joystick subsystem triggering the dialog.