A single management utility to administer Location Services, Contacts requests, Accessibility, and iCloud access in Apple's OS X.
License: MIT License
This feature request is closely related to #10. Any chance you could add the --admin flag and allow non-app files to be added into the location database. I tried but my python is not very good. Thanks for the great project!
It would be nice to have the ability to read from a config file to set all the values, maybe at boot or with a LaunchDaemon item or something like that.
It would be helpful if, in addition to the logging, the script would give feedback in the console every time.
Add a history section to documentation that includes bug fixes, features, changes, etc.
The "accessibility" option requires root, as noted in the doco.
Error: ValueError: Must be root to modify 'accessibility'
However, when it is run as root, an error is generated about creating a TCC database for the root user, rather than modifying the Local (/Library) TCC database as root, and the process fails.
$ sudo /usr/local/bin/privacy_services_manager.py enable accessibility /Applications/Evernote.app
Error: ValueError: Will not create a TCC database file for root.
Creating a TCC database for the root user is generally not helpful, and
there is really no good reason to do it.
If you intended to change the permissions for a particular user as root,
instead use the `--user` option. For example:
privacy_services_manager.py --user "username" add contacts com.apple.Safari
If you really want to create a TCC database file for root, run the
command with the `--forceroot` option:
privacy_services_manager.py --forceroot add contacts com.apple.Safari
The Local (/Library/Application Support/com.apple.TCC) database has not been modified:
$ date
Mon 3 Nov 2014 11:38:00 AEDT
$ ls -al /Library/Application\ Support/com.apple.TCC/TCC.db
-rw-r--r-- 1 root admin 36864 10 Oct 10:45 /Library/Application Support/com.apple.TCC/TCC.db
This also occurs if the bundle ID is used rather than a path.
$ sudo /usr/local/bin/privacy_services_manager.py add accessibility com.evernote.Evernote
Error: ValueError: Will not create a TCC database file for root
For reference, tcc_database_manager (I realise it's deprecated):
$ sudo tcc_database_manager -n add accessibility /Applications/Evernote.app
2014-11-03 11:58:10,687 INFO: Found bundle IDs: ['com.evernote.Evernote']
2014-11-03 11:58:10,690 INFO: Adding 'com.evernote.Evernote' to accessibility service.
Using:
Privacy Services Manager, version 1.4.2
Management Tools, version 1.5.13
$ sw_vers
ProductName: Mac OS X
ProductVersion: 10.9.5
BuildVersion: 13F34
Need to add ability to add non-existent applications' paths or bundle IDs.
I'm using Privacy Services Manager, version 1.7.0 and I get this error when trying to add something:
NameError: name 'no_check' is not defined
It works only with --no-check-app flag.
When provisioning Mac OS X 10.10 for the first time with privacy_services_manager, the Application Support directory gets set with root permissions. This happens only if a user hasn't logged in. If the user logged in before calling privacy_services_manager, then it preserves the directory and it's permissions.
Here are the Application Support permissions without privacy_services_manager called:
drwxr-xr-x 11 vagrant staff 374 Sep 27 15:16 Application Support
Here are the contents of Application Support directory without privacy services manager called:
drwxr-xr-x 11 vagrant staff 374 Sep 27 15:16 .
drwxr-xr-x@ 23 vagrant staff 782 Sep 27 15:13 ..
drwx------ 11 vagrant staff 374 Sep 27 15:13 AddressBook
drwxr-xr-x 5 vagrant staff 170 Sep 27 15:13 CallHistoryDB
drwxr-xr-x 2 vagrant staff 68 Sep 27 15:13 CallHistoryTransactions
drwxr-xr-x 2 vagrant staff 68 Sep 27 15:13 CloudDocs
drwx------ 2 vagrant staff 68 Sep 27 15:13 CrashReporter
drwxr-xr-x 3 vagrant staff 102 Sep 27 15:13 Dock
drwx------ 3 vagrant staff 102 Sep 27 15:13 com.apple.TCC
drwxr-xr-x 4 vagrant staff 136 Sep 27 15:16 com.apple.spotlight
-rw-r--r-- 1 vagrant staff 420 Sep 27 15:16 com.apple.spotlight.Shortcuts
Here are the Application Support permissions with privacy_services_manager called:
drwx------ 3 root staff 102 Sep 27 15:35 Application Support
Here are the contents of Application Support directory with privacy services manager called.
drwxr-xr-x 3 root staff 102 Sep 27 15:35 .
drwxr-xr-x@ 27 vagrant staff 918 Sep 27 15:37 ..
drwx------ 3 root staff 102 Sep 27 15:35 com.apple.TCC
Not able to add BID:
com.apple.RemoteDesktopAgent
But I am able to add Path:
/System/Library/CoreServices/RemoteManagement/ARDAgent.app
You can infer what I'm passing in from this:
privacy_services_manager 'make rdagent accessible' do
service 'accessibility'
user 'vagrant'
applications ['/System/Library/CoreServices/RemoteManagement/ARDAgent.app',
'/usr/libexec/sshd-keygen-wrapper']
admin true
end
$ sudo /usr/local/bin/privacy_services_manager.py --user vagrant --admin add accessibility /System/Library/CoreServices/RemoteManagement/ARDAgent.app
$ sudo /usr/local/bin/privacy_services_manager.py --user vagrant --admin add accessibility /usr/libexec/sshd-keygen-wrapper
$ app_lookup.py com.apple.RemoteDesktopAgent
ARDAgent
BID: com.apple.RemoteDesktopAgent
Path: /System/Library/CoreServices/RemoteManagement/ARDAgent.app
Info.plist: /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Info.plist
Executable: /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent
I love this script, but I have issues with it when trying to add command line tools to accessibility service. This blog provides more details about command line tools and accessibility: http://jacobsalmela.com/os-x-yosemite-osascript-enabling-access-assistive-devices/.
If there was a way to turn off app validation, then I think your script would then be able to allow something like this:
sudo privacy_services_manager.py -u vagrant add accessibility /usr/libexec/sshd-keygen-wrapper.
Documentation has missing version history for privacy_services_manager.
TCC services require an additional field policy_id, which appear as the new seventh column (moving the primary key to the eighth). This column can be populated with NULL to no adverse effects.
Attempting to run privacy_services_manager.py enable location on an OS X 10.8 virtual machine failed:
Need error handling for that plist, apparently.
Would be nice to be able to do
$ privacy_services_manager.py add accessibility /usr/local/bin/tmux
Set to modify local permissions for user 'MoOx' at '/Users/MoOx/Library/Application Support/com.apple.TCC/TCC.db'.
Set to modify global permissions for all users at '/Library/Application Support/com.apple.TCC/TCC.db'.
Error: ValueError: Invalid application: no path found.I know this other project seems to handle simple bin https://github.com/jacobsalmela/tccutil
eg modifying 'contacts' for another user fails. The script is not connecting to the local TCC database.
Get error NameError: global name 'bid' is not defined when doing sudo privacy_services_manager.py disable location application.
Enabling/disabling the location services doesn't seem to be working correctly.
When attempting to add entries to the Accessibility service, the program fails with output such as:
$ sudo privacy_services_manager.py -n add accessibility /Path/To/Application.app
[...]
2015-03-24 09:31:53,025 INFO: Set to modify local permissions for user 'root' at '/var/root/Library/Application Support/com.apple.TCC/TCC.db'.
2015-03-24 09:31:53,025 INFO: Set to modify global permissions for all users at '/Library/Application Support/com.apple.TCC/TCC.db'.
2015-03-24 09:31:53,025 ERROR: OperationalError: unable to open database file
I wanted to give you a heads up on 10.12 Location Services changes.
It is necessary to restart both the locationd and cfprefsd processes before the /bin/launchctl load /System/Library/LaunchDaemons/com.apple.locationd.plist step listed here. IE
sudo /usr/bin/killall -9 cfprefsd
sudo /usr/bin/killall -9 locationdTo my knowledge those are the only changes needed for 10.12 support.
Getting some funky error with 1.6.9 release:
* execute[sudo /usr/local/bin/privacy_services_manager.py --user vagrant --admin add accessibility /usr/libexec/sshd-keygen-wrapper] action run
================================================================================
Error executing action `run` on resource 'execute[sudo /usr/local/bin/privacy_services_manager.py --user vagrant --admin add accessibility /usr/libexec/sshd-keygen-wrapper]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '3'
---- Begin output of sudo /usr/local/bin/privacy_services_manager.py --user vagrant --admin add accessibility /usr/libexec/sshd-keygen-wrapper ----
STDOUT: WARNING: Administrative override enabled. Be careful!
INFO: ################################################################################
Privacy Services Manager, version 1.6.9
service: accessibility
action: add
app(s): ['/usr/libexec/sshd-keygen-wrapper']
user: vagrant
template: False
language: N/A
INFO: Set to modify local permissions for user 'vagrant' at '/Users/vagrant/Library/Application Support/com.apple.TCC/TCC.db'.
INFO: Set to modify global permissions for all users at '/Library/Application Support/com.apple.TCC/TCC.db'.
ERROR: AttributeError: 'module' object has no attribute 'abspah'
STDERR:
---- End output of sudo /usr/local/bin/privacy_services_manager.py --user vagrant --admin add accessibility /usr/libexec/sshd-keygen-wrapper ----
Ran sudo /usr/local/bin/privacy_services_manager.py --user vagrant --admin add accessibility /usr/libexec/sshd-keygen-wrapper returned 3
ERROR: OperationalError: attempt to write a readonly database
privacy_services_manager.py add accessibility /Applications/myApp.app
INFO: ################################################################################
Privacy Services Manager, version 1.6.10
service: accessibility
action: add
app(s): ['/Applications/myApp.app']
user: N/A
template: False
language: N/A
INFO: Set to modify global permissions for all users at '/Library/Application Support/com.apple.TCC/TCC.db'.
INFO: Inserting 'com.myApp.myApp' in service 'accessibility'...
ERROR: OperationalError: attempt to write a readonly database
Since the most recent Yosemite update, the location service no longer uses a special string to differentiate it from previous versions of OS X. Roll back the updates in this area.
Release 1.6.9 is broken and I can't fall back to 1.6.8 that worked but had a bug I can work around.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.