@@ -395,6 +395,35 @@ impl TestCx<'_> {
395395 // We don't want to hang when calling `quit` while the process is still running
396396 let mut script_str = String :: from ( "settings set auto-confirm true\n " ) ;
397397
398+ // macOS has a system for restricting access to files and peripherals
399+ // called Transparency, Consent, and Control (TCC), which can be
400+ // configured using the "Security & Privacy" tab in your settings.
401+ //
402+ // This system is provenance-based: if Terminal.app is given access to
403+ // your Desktop, and you launch a binary within Terminal.app, the new
404+ // binary also has access to the files on your Desktop.
405+ //
406+ // By default though, LLDB launches binaries in very isolated
407+ // contexts. This includes resetting any TCC grants that might
408+ // otherwise have been inherited.
409+ //
410+ // In effect, this means that if the developer has placed the rust
411+ // repository under one of the system-protected folders, they will get
412+ // a pop-up _for each binary_ asking for permissions to access the
413+ // folder - quite annoying.
414+ //
415+ // To avoid this, we tell LLDB to spawn processes with TCC grants
416+ // inherited from the parent process.
417+ //
418+ // Setting this also avoids unnecessary overhead from XprotectService
419+ // when running with the Developer Tool grant.
420+ //
421+ // TIP: If you want to allow launching `lldb ~/Desktop/my_binary`
422+ // without being prompted, you can put this in your `~/.lldbinit` too.
423+ if self . config . host . contains ( "darwin" ) {
424+ script_str. push_str ( "settings set target.inherit-tcc true\n " ) ;
425+ }
426+
398427 // Make LLDB emit its version, so we have it documented in the test output
399428 script_str. push_str ( "version\n " ) ;
400429
0 commit comments