[bug][v2] Adding OS specific paths in fs scope breaks scope checks for all paths

[wvq]

Describe the bug

Can't set below permissions on macOS, error: "error deserializing scope: unknown path".
but included in ../gen/schemas/macOS-schema.json.

{
  "permissions": [
    "fs:allow-exe-meta",
    "fs:allow-exe-meta-recursive",
    "fs:allow-exe-read",
    "fs:allow-exe-read-recursive",
    "fs:allow-exe-write",
    "fs:allow-exe-write-recursive"
]

Reproduction

No response

Expected behavior

No response

Full tauri info output

[⚠] Environment
    - OS: Mac OS 13.6.4 X64
    ✔ Xcode Command Line Tools: installed
    ✔ rustc: 1.76.0 (07dca489a 2024-02-04) (Homebrew)
    ✔ cargo: 1.76.0
    ⚠ rustup: not installed!
      If you have rust installed some other way, we recommend uninstalling it
      then use rustup instead. Visit https://rustup.rs/
    ⚠ Rust toolchain: couldn't be detected!
      Maybe you don't have rustup installed? if so, Visit https://rustup.rs/
    - node: 18.18.2
    - npm: 9.8.1

[-] Packages
    - tauri [RUST]: 2.0.0-beta.11
    - tauri-build [RUST]: 2.0.0-beta.9
    - wry [RUST]: 0.37.0
    - tao [RUST]: 0.26.1
    - @tauri-apps/api [NPM]: 2.0.0-beta.5
    - @tauri-apps/cli [NPM]: 2.0.0-beta.9

[-] App
    - build-type: bundle
    - CSP: unset
    - frontendDist: ../dist
    - devUrl: http://localhost:1420/
    - framework: Vue.js
    - bundler: Vite

Stack trace

No response

Additional context

No response

[Phippe]

I don't think this is macOS specific, I have the same problem on Windows. I try to access the path example_files\FolderName\filename.xlsx (inside src-tauri), first by checking whether it exists, then by calling readFile on it. For both functions, I get the same error: "error deserializing scope: unknown path". The failed exists call is kinda ironic with this error message 😄

This access previously (Tauri version 1.5) worked for me, but for version 2, I wanted to start fresh and work my way back, so my app might still lack some permission/scopes. If I get it running again, I'll report back here.

src-tauri/capabilities/main.json:

{
    "$schema": "../gen/schemas/desktop-schema.json",
    "identifier": "main-capability",
    "description": "Capability for the main window",
    "windows": ["main"],
    "permissions": [
        "app:default",
        "event:default",
        "fs:default",
        "fs:allow-exe-read-recursive",
        "log:default",
        "menu:default",
        "path:default",
        "resources:default",
        "tray:default",
        "window:default",
        "window:allow-set-title"
    ]
}

Before adding "fs:allow-exe-read-recursive", Tauri would recognize the path, but then deny it due to lacking permissions.

tauri info:

[✔] Environment
    - OS: Windows 10.0.22621 X64
    ✔ WebView2: 122.0.2365.92
    ✔ MSVC: Visual Studio Community 2022
    ✔ rustc: 1.75.0 (82e1608df 2023-12-21)
    ✔ cargo: 1.75.0 (1d8b05cdd 2023-11-20)
    ✔ rustup: 1.26.0 (5af9b9484 2023-04-05)
    ✔ Rust toolchain: stable-x86_64-pc-windows-msvc (default)
    - node: 20.11.1
    - pnpm: 8.15.5
    - yarn: 1.22.21
    - npm: 10.5.0

[-] Packages
    - tauri [RUST]: 2.0.0-beta.13
    - tauri-build [RUST]: 2.0.0-beta.10
    - wry [RUST]: 0.37.0
    - tao [RUST]: 0.26.1
    - @tauri-apps/api [NPM]: 2.0.0-beta.5
    - @tauri-apps/cli [NPM]: 2.0.0-beta.9

[-] App
    - build-type: bundle
    - CSP: unset
    - frontendDist: ../dist
    - devUrl: http://localhost:1420/
    - framework: Vue.js
    - bundler: Vite

[CalvinWilkinson]

The executable directory is only supported on Linux. Calling path.executableDir() on Windows or macOS returns "unknown path". In my case, what I actually wanted was the resource directory.

Edit: Even though I admit it's my bad for not reading the docs, I do wish there were a more descriptive error message. "Unknown path" didn't tell me much, so for the longest time I thought it was some kind of scope issue.

I agree that messages in the browser console and those emitted by the backend should be descriptive and understandable.
Otherwise, it will be challenging to figure out what is going on. I had to literally comment out code and use a "process of elimination" strategy to narrow down that the code having the issue was the exists() function.

I get the same error when using the exists() function from the @tauri-apps/plugin-fs plugin with Tauri v2.0.0-rc.0.

The difference is that I get it when using the app config path.

So using the following permissions setup does not help me:

"permissions": [
    {
        "identifier": "fs:scope-appconfig",
        "allow": [
            { "path": "$APPCONFIG"},
            { "path": "$APPLOG"}
        ]
    },
    "core:app:default",

    "fs:allow-exe-read",
    "fs:allow-exe-read-recursive",
    "fs:allow-exe-write",
    "fs:allow-exe-write-recursive",
    "fs:allow-exists",
    "fs:scope-appconfig",

    "core:path:default",
    "core:path:",


    "updater:default",
    "process:default",
    "store:allow-get",
    "store:allow-set",
    "store:allow-save",
    "store:allow-load"
]