Can't use Spotlight to open alias to a file on an encrypted volume

Originator:msschmitt
Number:rdar://FB7716702 Date Originated:3/27/2020
Status:Open Resolved:
Product:macOS Product Version:macOS Mojave 10.14.6
Classification:Spotlight Reproducible:Always
 
In macOS you can create a Finder alias to a file on an unmounted encrypted volume (e.g. a disk image), and when you open the alias, it will prompt for the password. The problem is that starting with Mojave, if you use Spotlight to find and open the alias, it generates the password prompt but won't let you type into it.

First we need to create the disk image and alias. The alias must be created on an HFS+ volume due to another issue (see feedback FB7716688).

1. Create and mount a disk image: hdiutil create -size 5m -fs HFS+ -encryption -volname Secure_Disk -attach Secure_Disk-dmg

2. Give it a password: This is the password

3. Create a file on the disk image: echo "This is some secret text">/Volumes/Secure_DIsk/super_secret.txt

4. In the Finder, option-command drag the super_secret.txt file to an HFS+ volume to create a Finder alias to the file.

5. The HFS+ requirement is due to a bug in alias creation; once the alias is created you are free to copy it to an APFS volume. It should be a volume that is indexed by Spotlight.

6. Double-click the alias. It will successfully open the super_secret.txt file. Close the Text Edit window.

7. Dismount the image: hdiutil detach /Volumes/Secure_Disk.

8. Double-click the alias. It will display the "Enter password to access Secure_Disk.dmg". Enter the password from step 2.  Do not save the password in the keychain.

9. The disk image will mount and the file inside will be opened.  This demonstrates that the alias works as expected in the Finder.

10. Close the Text Edit window and eject the disk image again.

11. Open a Spotlight window and search for super_secret. It will find the super_secret.txt alias.

12. Open the alias from the Spotlight window.  It will display the same password prompt as in step 8, but you can't type in the Password box. Nor does it accept using the keyboard Enter for the OK button.

As far as I can tell, it takes all of the specified requirements to create the problem:
- Encrypted volume
- Alias to a file on the volume
- Open alias via Spotlight.

As shown above in step #6, the alias will work if it isn't opened from Spotlight. And Spotlight can search for and open the encrypted volume. It just doesn't work when you search for an *alias* to the volume.

This same procedure worked in High Sierra.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!