A reader stocks a weblog submit that talks about why Mac operating High Sierra 10.13.2 (and different variations close to it) refuses to let customers uninstall some third-party programs simply. For example, when customers try to uninstall BlueStacks, an Android emulator, the Finder presentations this caution: “The operation can’t be completed because you don’t have the necessary permission.” The blog post looks into the subject: The second that we see the phrase permission, all turns into transparent: it is a permissions downside. So the next move is to choose the offending merchandise in the Finder, press Command-I to carry up the Get Info conversation, and alter the permissions. It does, regardless that, depart the slight puzzle as to why the Finder did not merely urged for authentication as an alternative of cussedly refusing. Sure sufficient, after making an attempt that, the app nonetheless may not move and the mistake message is unchanged. Another atypical factor about this ‘app’ is that it is not an app in any respect. Tucked away in a mysterious folder, new to High Sierra, in /Library/StagedExtensions/Applications, its icon is defaced to suggest that the person cannot even run it. Neither did the person set up it there. Trying to take away it the usage of a traditional Terminal command sudo rm -rf /Library/StagedExtensions/Applications/BlueStacks.app additionally fails, with the file Operation no longer authorized.
High Sierra leaves the person questioning what has took place. There’s not anything in Apple’s scant documentation to give an explanation for how this atypical scenario has arisen, and apparently not anything extra that the person can do to find what is improper, or to do the rest about it. The clue comes from probing round in Terminal, particularly the usage of a command like ls -lO /Library Try that in High Sierra, and you can see drwxr-xr-x@ four root wheel limited 128 2 Jan 13:03 StagedExtensions
There are two related items of knowledge printed: the @ signal presentations that listing has prolonged attributes (xattrs), and the phrase limited that it is secure by means of System Integrity Protection (SIP). A snappy peek within /Library/StagedExtensions/Applications/BlueStacks.app presentations that it is a stub of an app, missing any primary code, nevertheless it does comprise a kernel extension (KEXT) which is additionally secure by means of SIP, by means of distinctive feature of being within a SIP-protected folder. > ls -lO /Library/StagedExtensions/Applications
drwxr-xr-x three root wheel limited 96 2 Jan 13:03 BlueStacks.app So how did this third-party kernel extension finally end up in this mysterious folder, entire with SIP coverage?