uninstall: Removing authorizationdb right

[mhaeuser]

Output of brew config

N/A

Output of brew doctor

N/A

Description of issue

For attack surface reduction, my application creates a custom Authorization right shared between the GUI application and its daemon, so that true administrator rights are never gained or transferred. To remove it during uninstallation, the following command must be executed: sudo security authorizationdb remove me.mhaeuser.batterytoolkitd.manage.

There are two ways this is done right now. First, there is an option in the GUI to disable the daemon, which performs this via Authorization API calls. I'm not sure this could be nicely turned into a CLI argument. Second, there is an uninstallation script that runs the command mentioned above. However, this script is explicitly meant to quickly purge the application during debugging or in case the in-GUI method fails for some reason. I would not like to bundle said script with the application or invoke it from Homebrew.

I do not see any way to nicely run such a command from a cask's uninstall property. The only way seems to be to indeed bundle a script that would only execute this one command, but that would feel a bit awkward. All other cleanup tasks, like deleting the properties files and unregistering the daemon, can be declared very nicely in comparison. I cannot find a sample cask that performs this action either. What would you recommend as the cleanest approach to this? Thank you in advance!

[majal]

Bump! Just to push this request up in Homebrew's latest discussions. Feel free to delete this comment once this post gets attention.