Cask Emacs does not work properly with macOS permission system

[mpolden]

I use org-mac-grab-link to copy links to resources in other applications, e.g. files in Finder. However, when using cask Emacs, it simply prints the following error message: do-applescript: Not authorized to send Apple events to Finder.

Calling this function is supposed to trigger the following dialog, which allows me to grant the requested permission:

When the dialog fails to appear, the system logs the following:

tccd  Platform binary prompting is 'Deny' because: is Platform Binary
tccd  target_executable_path_URL: file:///Applications/Emacs.app/Contents/MacOS/Emacs
tccd  AccessRequestIndirect: Policy disallows prompt for org.gnu.Emacs; access to kTCCServiceAppleEvents denied

It appears to have something to do with the code signature of cask Emacs:

~$ codesign -d --entitlements :- /Applications/Emacs.app    
Executable=/Applications/Emacs.app/Contents/MacOS/Emacs
Warning: Specifying ':' in the path is deprecated and will not work in a future release
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.cs.disable-library-validation</key><true/></dict></plist>

If I remove the signature with codesign --remove-signature /Applications/Emacs.app, the expected permission dialog appears and everything works as expected.

[ywwry66]

I just encountered this issue when I was trying to trash files using move-file-to-trash when mac-system-move-file-to-trash-use-finder is set to t. The privacy permission dialog did not pop up. I even reported this to upstream but then realized this is an issue only for the cask binary. If I reinstall from the source brew install emacs-mac the pop-up shows immediately.