检测用户是否启用了此 API 的可靠方法是什么?
即使禁用了屏幕录制 API,CGWindowListCreateImage也会返回有效的对象。有多种可能的组合(kCGWindowListOptionIncludingWindow、kCGWindowListOptionOnScreenBelowWindow),只有一些会返回NULL。
- (CGImageRef)createScreenshotImage
{
NSWindow *window = [[self view] window];
NSRect rect = [window frame];
rect.origin.y = NSHeight([[window screen] frame]) - NSMaxY([window frame]);
CGImageRef screenshot = CGWindowListCreateImage(
rect,
kCGWindowListOptionIncludingWindow,
//kCGWindowListOptionOnScreenBelowWindow,
0,//(CGWindowID)[window windowNumber],
kCGWindowImageBoundsIgnoreFraming);//kCGWindowImageDefault
return screenshot;
}
唯一可靠的方法是通过CGDisplayStreamCreate这是有风险的,因为Apple每年都会更改隐私设置。
- (BOOL)canRecordScreen
{
if (@available(macOS 10.15, *)) {
CGDisplayStreamRef stream = CGDisplayStreamCreate(CGMainDisplayID(), 1, 1, kCVPixelFormatType_32BGRA, nil, ^(CGDisplayStreamFrameStatus status, uint64_t displayTime, IOSurfaceRef frameSurface, CGDisplayStreamUpdateRef updateRef) {
;
});
BOOL canRecord = stream != NULL;
if (stream) {
CFRelease(stream);
}
return canRecord;
} else {
return YES;
}
}
这里介绍的所有解决方案都以某种方式存在缺陷。问题的根源在于,您了解窗口的权限(通过窗口列表中的名称)与了解窗口进程所有者的权限(例如 WindowServer 和 Dock)之间没有相关性。您查看屏幕上像素的权限是两组稀疏信息的组合。
这是一个启发式方法,涵盖了macOS 10.15.1的所有情况:
BOOL canRecordScreen = YES;
if (@available(macOS 10.15, *)) {
canRecordScreen = NO;
NSRunningApplication *runningApplication = NSRunningApplication.currentApplication;
NSNumber *ourProcessIdentifier = [NSNumber numberWithInteger:runningApplication.processIdentifier];
CFArrayRef windowList = CGWindowListCopyWindowInfo(kCGWindowListOptionOnScreenOnly, kCGNullWindowID);
NSUInteger numberOfWindows = CFArrayGetCount(windowList);
for (int index = 0; index < numberOfWindows; index++) {
// get information for each window
NSDictionary *windowInfo = (NSDictionary *)CFArrayGetValueAtIndex(windowList, index);
NSString *windowName = windowInfo[(id)kCGWindowName];
NSNumber *processIdentifier = windowInfo[(id)kCGWindowOwnerPID];
// don't check windows owned by this process
if (! [processIdentifier isEqual:ourProcessIdentifier]) {
// get process information for each window
pid_t pid = processIdentifier.intValue;
NSRunningApplication *windowRunningApplication = [NSRunningApplication runningApplicationWithProcessIdentifier:pid];
if (! windowRunningApplication) {
// ignore processes we don't have access to, such as WindowServer, which manages the windows named "Menubar" and "Backstop Menubar"
}
else {
NSString *windowExecutableName = windowRunningApplication.executableURL.lastPathComponent;
if (windowName) {
if ([windowExecutableName isEqual:@"Dock"]) {
// ignore the Dock, which provides the desktop picture
}
else {
canRecordScreen = YES;
break;
}
}
}
}
}
CFRelease(windowList);
}
如果未设置canRecordScreen,则需要设置某种对话框,警告用户他们只能看到菜单栏、桌面图片和应用自己的窗口。以下是我们如何在应用程序 xScope 中呈现它。
是的,我仍然对这些保护措施的引入感到痛苦,很少考虑可用性。
Apple 提供了直接的低级 API 来检查访问权限和授予访问权限。无需使用棘手的解决方法。
/* Checks whether the current process already has screen capture access */
@available(macOS 10.15, *)
public func CGPreflightScreenCaptureAccess() -> Bool
使用上述功能检查屏幕捕获访问权限。
如果未授予访问权限,请使用以下函数提示访问
/* Requests event listening access if absent, potentially prompting */
@available(macOS 10.15, *)
public func CGRequestScreenCaptureAccess() -> Bool
截图取自文档
@marek-H发布了一个很好的例子,可以在不显示隐私警报的情况下检测屏幕录制设置。 顺便说一句,@jordan-h提到,当应用程序通过beginSheetModalForWindow发出警报时,此解决方案不起作用。
我发现SystemUIServer进程总是创建一些带有名称的窗口:AppleVolumeExtra,AppleClockExtra,AppleBluetoothExtra ...
在"隐私"偏好设置中启用屏幕录制之前,我们无法获取这些窗口的名称。当我们至少可以获得这些名称之一时,这意味着用户已启用屏幕录制。
因此,我们可以检查窗口的名称(由SystemUIServer进程创建)以检测屏幕录制首选项,并且在macOS Catalina上工作正常。
#include <AppKit/AppKit.h>
#include <libproc.h>
bool isScreenRecordingEnabled()
{
if (@available(macos 10.15, *)) {
bool bRet = false;
CFArrayRef list = CGWindowListCopyWindowInfo(kCGWindowListOptionAll, kCGNullWindowID);
if (list) {
int n = (int)(CFArrayGetCount(list));
for (int i = 0; i < n; i++) {
NSDictionary* info = (NSDictionary*)(CFArrayGetValueAtIndex(list, (CFIndex)i));
NSString* name = info[(id)kCGWindowName];
NSNumber* pid = info[(id)kCGWindowOwnerPID];
if (pid != nil && name != nil) {
int nPid = [pid intValue];
char path[PROC_PIDPATHINFO_MAXSIZE+1];
int lenPath = proc_pidpath(nPid, path, PROC_PIDPATHINFO_MAXSIZE);
if (lenPath > 0) {
path[lenPath] = 0;
if (strcmp(path, "/System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer") == 0) {
bRet = true;
break;
}
}
}
}
CFRelease(list);
}
return bRet;
} else {
return true;
}
}
我不知道专门用于获取屏幕录制权限状态的 API。除了创建CGDisplayStream并检查 nil 之外,macOS Security WWDC 演示文稿还提到,除非授予权限,否则不会返回来自CGWindowListCopyWindowInfo()API 的某些元数据。因此,这样的事情似乎确实有效,尽管它具有依赖该函数的实现细节的相同问题:
private func canRecordScreen() -> Bool {
guard let windows = CGWindowListCopyWindowInfo([.optionOnScreenOnly], kCGNullWindowID) as? [[String: AnyObject]] else { return false }
return windows.allSatisfy({ window in
let windowName = window[kCGWindowName as String] as? String
return windowName != nil
})
}
截至11月19日,chockenberry有正确的答案。
正如@onelittlefish指出的那样,如果用户未在隐私窗格中启用屏幕录制访问,则会省略kCGWindowName。此方法也不会触发隐私警报。
- (BOOL)canRecordScreen
{
if (@available(macOS 10.15, *)) {
CFArrayRef windowList = CGWindowListCopyWindowInfo(kCGWindowListOptionOnScreenOnly, kCGNullWindowID);
NSUInteger numberOfWindows = CFArrayGetCount(windowList);
NSUInteger numberOfWindowsWithName = 0;
for (int idx = 0; idx < numberOfWindows; idx++) {
NSDictionary *windowInfo = (NSDictionary *)CFArrayGetValueAtIndex(windowList, idx);
NSString *windowName = windowInfo[(id)kCGWindowName];
if (windowName) {
numberOfWindowsWithName++;
} else {
//no kCGWindowName detected -> not enabled
break; //breaking early, numberOfWindowsWithName not increased
}
}
CFRelease(windowList);
return numberOfWindows == numberOfWindowsWithName;
}
return YES;
}
从MacOS 10.15.7开始,获取可见窗口的窗口名称的启发式方法并不总是有效,因此我们知道我们有屏幕捕获权限。有时我们只是找不到可以查询的有效窗口,并且会错误地推断我们没有权限。
但是,我找到了另一种直接查询(使用 sqlite)Apple TCC 数据库的方法 - 保留权限的模型。屏幕录制权限可以在"系统级"TCC数据库(驻留在/Library/Application Support/com.apple.TCC/TCC.db)中找到。如果您使用 sqlite 打开数据库,并查询:SELECT allowed FROM access WHERE client="com.myCompany.myApp" AND service="kTCCServiceScreenCapture",您将获得答案。
与其他答案相比有两个缺点:
- 若要打开此 TCC.db 数据库,你的应用必须具有">完全磁盘访问权限"权限。它不需要以"root"权限运行,如果您没有"完全磁盘访问权限",root 权限将无济于事。
- 运行大约需要 15 毫秒,这比查询窗口列表慢。
好的一面 - 它是对实际事物的直接查询,并且在查询时不依赖于任何窗口或进程。
以下是执行此操作的一些代码草案:
NSString *client = @"com.myCompany.myApp";
sqlite3 *tccDb = NULL;
sqlite3_stmt *statement = NULL;
NSString *pathToSystemTCCDB = @"/Library/Application Support/com.apple.TCC/TCC.db";
const char *pathToDBFile = [pathToSystemTCCDB fileSystemRepresentation];
if (sqlite3_open(pathToDBFile, &tccDb) != SQLITE_OK)
return nil;
const char *query = [[NSString stringWithFormat: @"SELECT allowed FROM access WHERE client="%@" AND service="kTCCServiceScreenCapture"",client] UTF8String];
if (sqlite3_prepare_v2(tccDb, query , -1, &statement, nil) != SQLITE_OK)
return nil;
BOOL allowed = NO;
while (sqlite3_step(statement) == SQLITE_ROW)
allowed |= (sqlite3_column_int(statement, 0) == 1);
if (statement)
sqlite3_finalize(statement);
if (tccDb)
sqlite3_close(tccDb);
return @(allowed);
}
最有利的答案并不完全正确,他遗漏了一些问题,比如共享状态。
我们可以在WWDC(https://developer.apple.com/videos/play/wwdc2019/701/?time=1007)中找到答案。
以下是WWDC的一些摘录: 窗口名称和共享状态不可用,除非用户已预先批准应用进行屏幕录制。这是因为某些应用程序将敏感数据(例如帐户名称或更可能的网页URL)放在窗口名称中。
- (BOOL)ScreeningRecordPermissionCheck {
if (@available(macOS 10.15, *)) {
CFArrayRef windowList = CGWindowListCopyWindowInfo(kCGWindowListOptionOnScreenOnly, kCGNullWindowID);
NSUInteger numberOfWindows = CFArrayGetCount(windowList);
NSUInteger numberOfWindowsWithInfoGet = 0;
for (int idx = 0; idx < numberOfWindows; idx++) {
NSDictionary *windowInfo = (NSDictionary *)CFArrayGetValueAtIndex(windowList, idx);
NSString *windowName = windowInfo[(id)kCGWindowName];
NSNumber* sharingType = windowInfo[(id)kCGWindowSharingState];
if (windowName || kCGWindowSharingNone != sharingType.intValue) {
numberOfWindowsWithInfoGet++;
} else {
NSNumber* pid = windowInfo[(id)kCGWindowOwnerPID];
NSString* appName = windowInfo[(id)kCGWindowOwnerName];
NSLog(@"windowInfo get Fail pid:%lu appName:%@", pid.integerValue, appName);
}
}
CFRelease(windowList);
if (numberOfWindows == numberOfWindowsWithInfoGet) {
return YES;
} else {
return NO;
}
}
return YES;
}
上面的答案不起作用。以下是正确答案。
private var canRecordScreen : Bool {
guard let windows = CGWindowListCopyWindowInfo([.optionOnScreenOnly], kCGNullWindowID) as? [[String: AnyObject]] else { return false }
return windows.allSatisfy({ window in
let windowName = window[kCGWindowName as String] as? String
let isSharingEnabled = window[kCGWindowSharingState as String] as? Int
return windowName != nil || isSharingEnabled == 1
})
}
为我工作。 代码来自: https://gist.github.com/code4you2021/270859c71f90720d880ccb2474f4e7df
import Cocoa
struct ScreenRecordPermission {
static var hasPermission: Bool {
permissionCheck()
}
static func permissionCheck() -> Bool {
if #available(macOS 10.15, *) {
let runningApplication = NSRunningApplication.current
let processIdentifier = runningApplication.processIdentifier
guard let windows = CGWindowListCopyWindowInfo([.optionOnScreenOnly], kCGNullWindowID)
as? [[String: AnyObject]],
let _ = windows.first(where: { window -> Bool in
guard let windowProcessIdentifier = (window[kCGWindowOwnerPID as String] as? Int).flatMap(pid_t.init),
windowProcessIdentifier != processIdentifier,
let windowRunningApplication = NSRunningApplication(processIdentifier: windowProcessIdentifier),
windowRunningApplication.executableURL?.lastPathComponent != "Dock",
let _ = window[String(kCGWindowName)] as? String
else {
return false
}
return true
})
else {
return false
}
}
return true
}
static func requestPermission() {
if #available(macOS 10.15, *) {
CGWindowListCreateImage(CGRect(x: 0, y: 0, width: 1, height: 1), .optionOnScreenOnly, kCGNullWindowID, [])
}
}
}
# how to use
# print("hasPermission: ", ScreenRecordPermission.hasPermission)