In order to protect my project file from being deleted by unauthorized entities, I used kauth_listen_scope with KAUTH_SCOPE_VNODE option to add new callback function that prevent other from deleting those files.
However, it appears that it's possible to move those files to trash from Finder since it uses the rename system call. this command doesn't trigger vnode authorization event that can be prevented, only fileop event (but these are for detection only).
Perhaps anyone have an alternative about what can be done in order to prevent this action ?
thanks
