feat: add FullDiskAccessVerifier and update CFBundleVersion to 6416;

ref: #206

Author: dz0ny

Pareto Security.xcodeproj/project.pbxproj

@@ -61,6 +61,8 @@
 		4F080D1D26C50D2800686786 /* ParetoSecurityTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4FC81A4B26C41DC8006EABA8 /* ParetoSecurityTests.swift */; };
 		4F0BD11F284891670098316A /* ClipButton.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4F0BD11E284891670098316A /* ClipButton.swift */; };
 		4F0BD120284891670098316A /* ClipButton.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4F0BD11E284891670098316A /* ClipButton.swift */; };
+		4F0CC3FA2E6F014200A0BE70 /* FullDiskAccessVerifier.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4F0CC3F92E6F014200A0BE70 /* FullDiskAccessVerifier.swift */; };
+		4F0CC3FB2E6F014200A0BE70 /* FullDiskAccessVerifier.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4F0CC3F92E6F014200A0BE70 /* FullDiskAccessVerifier.swift */; };
 		4F103008269EE136008C1E86 /* SettingsView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4F103007269EE135008C1E86 /* SettingsView.swift */; };
 		4F103012269F1C65008C1E86 /* LaunchAtLogin in Frameworks */ = {isa = PBXBuildFile; productRef = 4F103011269F1C65008C1E86 /* LaunchAtLogin */; };
 		4F1192FD2D6DC4F4002CA181 /* ViewInspector in Frameworks */ = {isa = PBXBuildFile; productRef = 4F1192FC2D6DC4F4002CA181 /* ViewInspector */; };
@@ -364,6 +366,7 @@
 		4F020DDE2853503400D8D4E9 /* DebugView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DebugView.swift; sourceTree = "<group>"; };
 		4F0371BB26CD00B700B35E43 /* Boot.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Boot.swift; sourceTree = "<group>"; };
 		4F0BD11E284891670098316A /* ClipButton.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ClipButton.swift; sourceTree = "<group>"; };
+		4F0CC3F92E6F014200A0BE70 /* FullDiskAccessVerifier.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = FullDiskAccessVerifier.swift; sourceTree = "<group>"; };
 		4F103007269EE135008C1E86 /* SettingsView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SettingsView.swift; sourceTree = "<group>"; };
 		4F14487326D8EA5E00A5BA34 /* Updater.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Updater.swift; sourceTree = "<group>"; };
 		4F14487B26D8EDB000A5BA34 /* Bundle.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Bundle.swift; sourceTree = "<group>"; };
@@ -719,6 +722,7 @@
 		4FB7C67F26AFF22C00FB1C41 /* Extensions */ = {
 			isa = PBXGroup;
 			children = (
+				4F0CC3F92E6F014200A0BE70 /* FullDiskAccessVerifier.swift */,
 				4F7ACFC22DE080AB003400E8 /* HelperTool.swift */,
 				4F7ACFAF2DE074FF003400E8 /* HelperProtocol.swift */,
 				4FDDE1962D53BA3200D9E853 /* String.swift */,
@@ -1178,6 +1182,7 @@
 				4F2E09AE2BA330A80031422E /* Apps.swift in Sources */,
 				4F38D8C9273AC5AE00671756 /* IntroView.swift in Sources */,
 				4F37E71D2718122E00A2B254 /* Defaults.swift in Sources */,
+				4F0CC3FA2E6F014200A0BE70 /* FullDiskAccessVerifier.swift in Sources */,
 				4FDDE1982D53BA3200D9E853 /* String.swift in Sources */,
 				4F37E71E2718122E00A2B254 /* Autologin.swift in Sources */,
 				4F38D8CF273AC62500671756 /* EndView.swift in Sources */,
@@ -1325,6 +1330,7 @@
 				4F2E09AD2BA330A80031422E /* Apps.swift in Sources */,
 				4F38D8C8273AC5AE00671756 /* IntroView.swift in Sources */,
 				4F47221026B08A0E0071CE2A /* Defaults.swift in Sources */,
+				4F0CC3FB2E6F014200A0BE70 /* FullDiskAccessVerifier.swift in Sources */,
 				4FDDE1992D53BA3200D9E853 /* String.swift in Sources */,
 				4F868DD126A5C51C005B876E /* Autologin.swift in Sources */,
 				4F38D8CE273AC62500671756 /* EndView.swift in Sources */,

Pareto/Checks/Application Updates/ParetoUpdated.swift

@@ -27,26 +27,26 @@ class ParetoUpdated: ParetoCheck {
     override var TitleOFF: String {
         "Pareto Security is outdated"
     }
-    
+
     override var infoURL: URL {
         var components = URLComponents()
         components.scheme = "https"
         components.host = "paretosecurity.com"
         components.path = "/check/\(UUID)"
-        
+
         // Add version parameters
         var queryItems = [URLQueryItem]()
-        
+
         // Add current and latest version information
         if !currentVersion.isEmpty {
             queryItems.append(URLQueryItem(name: "current_version", value: currentVersion))
         }
         if !latestVersion.isEmpty {
             queryItems.append(URLQueryItem(name: "latest_version", value: latestVersion))
         }
-        
+
         components.queryItems = queryItems
-        
+
         return components.url!
     }
 
@@ -108,11 +108,11 @@ class ParetoUpdated: ParetoCheck {
                 }
 
                 let latestVersionString = latestRelease.tag_name.replacingOccurrences(of: "v", with: "")
-                
+
                 // Store versions for URL construction
-                self.currentVersion = appVersion
-                self.latestVersion = latestVersionString
-                
+                currentVersion = appVersion
+                latestVersion = latestVersionString
+
                 let isUpToDate = appVersion == latestVersionString
 
                 os_log("Latest release is older than 10 days. App version: %{public}s, Latest version: %{public}s, Up to date: %{public}@",
@@ -125,10 +125,10 @@ class ParetoUpdated: ParetoCheck {
                     appVersion = String(appVersion.split(separator: "-")[0])
                 }
                 let latestVersionString = latestRelease.tag_name.replacingOccurrences(of: "v", with: "")
-                
+
                 // Store versions for URL construction
-                self.currentVersion = appVersion
-                self.latestVersion = latestVersionString
+                currentVersion = appVersion
+                latestVersion = latestVersionString
 
                 os_log("Latest release is within 10 days grace period. Published: %{public}s, Days ago: %{public}f, App version: %{public}s, Latest version: %{public}s",
                        latestRelease.published_at, abs(publishedDate.timeIntervalSinceNow) / (24 * 60 * 60), appVersion, latestVersionString)
@@ -144,7 +144,7 @@ class ParetoUpdated: ParetoCheck {
 
     override func checkPasses() -> Bool {
         // Disable this check when running in SetApp or when beta channel is enabled
-        
+
         #if SETAPP_ENABLED
             // Always pass for SetApp builds as updates are handled by SetApp
             return true
@@ -153,7 +153,7 @@ class ParetoUpdated: ParetoCheck {
             if Defaults[.showBeta] {
                 return true
             }
-            
+
             // Create a semaphore to wait for the async operation to complete
             let semaphore = DispatchSemaphore(value: 0)
 

Pareto/Extensions/FullDiskAccessVerifier.swift

@@ -0,0 +1,50 @@
+//
+//  FullDiskAccessVerifier.swift
+//  Pareto Security
+//
+//  Created by Claude on 2025-09-08.
+//
+
+import Foundation
+import os.log
+
+enum FullDiskAccessVerifier {
+    static func hasFullDiskAccess() -> Bool {
+        let tmPlistPath = "/Library/Preferences/com.apple.TimeMachine.plist"
+        
+        // Check if file exists
+        guard FileManager.default.fileExists(atPath: tmPlistPath) else {
+            os_log("FDA check: Time Machine plist does not exist")
+            return false
+        }
+        
+        // Try to read as NSDictionary
+        if let dict = NSDictionary(contentsOfFile: tmPlistPath) {
+            if dict.count > 0 {
+                os_log("FDA check: Successfully read Time Machine plist with %d entries", dict.count)
+                return true
+            }
+        }
+        
+        // Try using FileHandle
+        if let handle = FileHandle(forReadingAtPath: tmPlistPath) {
+            defer { handle.closeFile() }
+            let data = handle.readData(ofLength: 10)
+            if !data.isEmpty {
+                os_log("FDA check: Read Time Machine plist via FileHandle")
+                return true
+            }
+        }
+        
+        // Try to read raw data
+        if let data = try? Data(contentsOf: URL(fileURLWithPath: tmPlistPath)) {
+            if !data.isEmpty {
+                os_log("FDA check: Successfully read Time Machine plist data (%d bytes)", data.count)
+                return true
+            }
+        }
+        
+        os_log("FDA check: Cannot read Time Machine plist - No Full Disk Access")
+        return false
+    }
+}

Pareto/Info.plist

@@ -26,7 +26,7 @@
 		</dict>
 	</array>
 	<key>CFBundleVersion</key>
-	<string>6408</string>
+	<string>6416</string>
 	<key>LSApplicationCategoryType</key>
 	<string>public.app-category.utilities</string>
 	<key>LSMinimumSystemVersion</key>

Pareto/Views/Settings/AboutSettingsView.swift

@@ -141,19 +141,19 @@ struct AboutSettingsView: View {
                 }
                 return
             }
-            
+
             // Check if we can get the helper status from launchctl
             let launchctlOutput = await Task {
                 runCMD(app: "/bin/launchctl", args: ["print", "system/co.niteo.ParetoSecurityHelper"])
             }.value
-            
+
             if launchctlOutput.contains("state = not running") {
                 await MainActor.run {
                     self.helperVersion = "Needs authorization in System Settings"
                 }
                 return
             }
-            
+
             // Set a timeout for the helper version fetch
             let timeoutTask = Task {
                 try? await Task.sleep(nanoseconds: 2_000_000_000) // 2 second timeout
@@ -163,7 +163,7 @@ struct AboutSettingsView: View {
                     }
                 }
             }
-            
+
             await helperManager.getHelperVersion { version in
                 timeoutTask.cancel()
                 Task { @MainActor in

Pareto/Views/Settings/PermissionsSettingsView.swift

@@ -21,7 +21,7 @@ struct PermissionsSettingsView: View {
     @Default(.myChecksURL) var myChecksURL
     @Default(.hideWhenNoFailures) var hideWhenNoFailures
     @StateObject private var helperToolManager = HelperToolManager()
-    @ObservedObject fileprivate var checker = PermissionsChecker()
+    @StateObject private var checker = PermissionsChecker()
 
     func authorizeOSAClick() {
         NSWorkspace.shared.open(URL(string: "x-apple.systempreferences:com.apple.preference.security?Privacy_Automation")!)

Pareto/Views/Welcome/PermissionsView.swift

@@ -33,7 +33,7 @@ class PermissionsChecker: ObservableObject {
     func start() {
         timer?.invalidate() // cancel timer if any
         timer = Timer.scheduledTimer(withTimeInterval: 2.0, repeats: true) { _ in
-            self.fdaAuthorized = TimeMachineHasBackupCheck.sharedInstance.isRunnable
+            self.fdaAuthorized = FullDiskAccessVerifier.hasFullDiskAccess()
             self.osaAuthorized = self.osaIsAuthorized()
             self.firewallAuthorized = HelperToolUtilities.isHelperInstalled()
             self.ran = true
@@ -47,7 +47,7 @@ class PermissionsChecker: ObservableObject {
 
 struct PermissionsView: View {
     @Binding var step: Steps
-    @ObservedObject fileprivate var checker = PermissionsChecker()
+    @StateObject private var checker = PermissionsChecker()
 
     private var canContinue: Bool {
         // OSA is always required