aboutsummaryrefslogtreecommitdiffstats
path: root/coin/provisioning/common/macos/set_tcc_permissions.sh
diff options
context:
space:
mode:
Diffstat (limited to 'coin/provisioning/common/macos/set_tcc_permissions.sh')
-rwxr-xr-xcoin/provisioning/common/macos/set_tcc_permissions.sh31
1 files changed, 31 insertions, 0 deletions
diff --git a/coin/provisioning/common/macos/set_tcc_permissions.sh b/coin/provisioning/common/macos/set_tcc_permissions.sh
new file mode 100755
index 00000000..d9fb222b
--- /dev/null
+++ b/coin/provisioning/common/macos/set_tcc_permissions.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+#Copyright (C) 2024 The Qt Company Ltd
+#SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+
+TCC_DATABASE="$HOME/Library/Application Support/com.apple.TCC/TCC.db"
+if touch "$TCC_DATABASE"; then
+ # We can write to the TCC database
+ BOOTSTRAP_AGENT="$HOME/bootstrap-agent"
+ REQ_STR=$(codesign -d -r- "$BOOTSTRAP_AGENT" 2>&1 | awk -F ' => ' '/designated/{print $2}')
+ REQ_HEX=$(echo "$REQ_STR" | csreq -r- -b >(xxd -p | tr -d '\n'))
+
+ # shellcheck disable=SC2043
+ for service in kTCCServiceMicrophone; do
+ sqlite3 -echo "$TCC_DATABASE" <<EOF
+ DELETE from access WHERE client = '$BOOTSTRAP_AGENT' AND service = '$service';
+ INSERT INTO access (service, client, client_type, auth_value, auth_reason, auth_version, csreq, flags) VALUES (
+ '$service', -- service
+ '$BOOTSTRAP_AGENT', -- client
+ 1, -- client_type (1 - absolute path)
+ 2, -- auth_value (2 - allowed)
+ 4, -- auth_reason (4 - "System Set")
+ 1, -- auth_version
+ X'$REQ_HEX', -- csreq
+ 0 -- flags
+ );
+EOF
+ done
+else
+ echo "TCC database is not writable. Is SIP disabled?" >&2
+ exit 1
+fi
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-24 15:37:13 +0000