Introduced in Catalina to enable ‘privacy by user intent’, these contain header-UUID pairs, with the UUID identifying the app granted access. But UUIDs change with every restart, so can’t be used to track access prior to the current session.
com.apple.macl
How can Privacy & Security show that access by an app to a protected folder is disabled, yet the app can still access that folder? With additional details of privacy controls over storage locations.
Why do so many files now have quarantine and other extended attributes, although they’re not apps, and may never have left that Mac?
When someone reports the most recent version of Safari that will open their webarchives is 18.6, and that’s the only version that you find can’t open some webarchives. You’ll be only too familiar with the culprit.
New version of this GUI utility for inspecting and editing extended attributes, for High Sierra and later.
Which extended attributes are attached to downloaded archives and apps? How do they fit in with provenance tracking?
What’s blocking you from saving that document: permissions, ACLs, privacy, an extended attribute, or what? Here are some clues.
Quarantine flags first appeared in 2007. This explains how they work, what they do, and the differences between app and document quarantine.
All about xattrs: their origin, where they’re stored, how they’re named and typed, how to find and work with them, and their common problems.
Who’s been ghost notarizing other people’s apps, and is Catalina wasting time to check whether shell scripts are notarized?
The Eclectic Light Company 