diff options
author | Tor Arne Vestbø <tor.arne.vestbo@qt.io> | 2024-03-08 13:29:55 +0100 |
---|---|---|
committer | Tor Arne Vestbø <tor.arne.vestbo@qt.io> | 2024-03-11 09:17:21 +0000 |
commit | b4de4de7425abd85584beed9e5f1c38dd809544c (patch) | |
tree | 483812633138c325afe1b9d8444db3edf52a4869 /coin/provisioning/common | |
parent | 6d8dd19daeb7fb9f1edf43f9b97793dd971c3ce2 (diff) |
coin: Give bootstrap-agent permission to use microphone on macOS
The bootstrap-agent is the 'responsible process' in TCC terms when
it comes to whether a test should be allowed to access the microphone.
https://www.qt.io/blog/the-curious-case-of-the-responsible-process
By giving this process the permission explicitly, by modifying the
TCC database, we ensure that all tests run as child processes also
get this permission.
Change-Id: Ia03084ac89f0717ac6457b0035769f4a9863495b
Reviewed-by: Ville-Pekka Karhu <ville-pekka.karhu@qt.io>
Diffstat (limited to 'coin/provisioning/common')
-rwxr-xr-x | coin/provisioning/common/macos/set_tcc_permissions.sh | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/coin/provisioning/common/macos/set_tcc_permissions.sh b/coin/provisioning/common/macos/set_tcc_permissions.sh new file mode 100755 index 00000000..28d96cc0 --- /dev/null +++ b/coin/provisioning/common/macos/set_tcc_permissions.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash +#Copyright (C) 2024 The Qt Company Ltd +#SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only + +TCC_DATABASE="$HOME/Library/Application Support/com.apple.TCC/TCC.db" +if touch "$TCC_DATABASE"; then + # We can write to the TCC database + BOOTSTRAP_AGENT="$HOME/bootstrap-agent" + REQ_STR=$(codesign -d -r- $BOOTSTRAP_AGENT 2>&1 | awk -F ' => ' '/designated/{print $2}') + REQ_HEX=$(echo "$REQ_STR" | csreq -r- -b >(xxd -p | tr -d '\n')) + + for service in kTCCServiceMicrophone; do + sqlite3 -echo "$TCC_DATABASE" <<EOF + DELETE from access WHERE client = '$BOOTSTRAP_AGENT' AND service = '$service'; + INSERT INTO access (service, client, client_type, auth_value, auth_reason, auth_version, csreq, flags) VALUES ( + '$service', -- service + '$BOOTSTRAP_AGENT', -- client + 1, -- client_type (1 - absolute path) + 2, -- auth_value (2 - allowed) + 4, -- auth_reason (4 - "System Set") + 1, -- auth_version + X'$REQ_HEX', -- csreq + 0 -- flags + ); +EOF + done +else + echo "TCC database is not writable. Is SIP disabled?" >&2 + exit 1 +fi |