It turns out the issue is a com.apple.macl extended attribute that gets set on the Documents folder and can't be removed, due to SIP.
It turns out the issue is a com.apple.macl extended attribute that gets set on the Documents folder and can't be removed, due to SIP.
Doesn’t seem like a bug to me - it’s just a poor UI. Two different security systems both working properly but only one has a UI to show the protections.
Why would you think it's "working properly"?
The app somehow gained a permanent permission that I didn't give and that I can't remove no matter what I do. That's not working properly in any sense.
>I didn't give
This is not true, you do give consent when you pick a folder to open
It’s working properly in the sense that the Apple-provided file picker UI is designed to give permanent file permission access to an app. But the user thinks that access is temporary. It’s a mismatch between the user’s mental model and what’s actually happening.
> It’s working properly in the sense that the Apple-provided file picker UI is designed to give permanent file permission access to an app.
In the case of sandboxed apps, this is not true. The open panel provides temporary access, and a sandboxed app needs to create a security-scoped bookmark to retain persistent access across launches.
For non-sandboxed apps, it's usually not an issue, because non-sandboxed apps have access to most of the file system by default. The weirdness occurs only for certain files and folders that are restricted by TCC, such as Desktop and Documents. But for non-restricted folders, nothing needs to be done. Observe that if you use the Open from folder... command from Insent on a non-restricted folder, then no com.apple.macl is set on the folder. No special permanent access is granted, because none is required. The only time the system automatically grants permanent access is with TCC-restricted files and folders, so we can't pretend that this is a "normal" thing.
In general, non-sandboxed apps don't even need the open panel for file access. They can just read whatever file they want... except for the TCC-restricted files. The purpose of the open panel in a non-sandboxed app is just to provide a file picker UI to the user.
The security-scoped bookmark is exactly why a user should treat all macOS file access permission prompts as permanent. There is also no UI to show to a user whether an app has created a security-scoped bookmark.
And this is for sandboxed apps. You correctly point out that non-sandboxed apps have even more access. So a user’s mental model should be that all open dialogs grant permanent access.