/tccutil

♿️ Command line tool to modify OS X's accessibility database (TCC.db)

Primary LanguagePythonGNU General Public License v2.0GPL-2.0

tccutil
tccutil.py
Modify macOS' TCC.db from the command line

Modify macOS' Transparency, Consent, and Control (TCC) Framework from the Command Line

Apple has a utility in /usr/bin named tccutil, but it only supports one command, which is to reset the entire database. It has been like this for many versions of macOS. I wanted a command-line utility that would be able to add, remove, list, and take other actions.

SIP Notice

This tool needs SIP disabled in order to function. The risk of doing so is up to you.

Discussions on this topic can be found here: jacobsalmela#44

How is tccutil.py Different from other solutions?

  • tccutil.py can be installed without any additional software.

  • it has an easy to use syntax

  • it supports both system wide and user scope TCC manipulation

  • it wraps the native /usr/bin/tccutil tool

  • there are other solutions out there, but there were some things I did not like about them:

    • Privacy Manager Services has other dependencies that need to be installed (it has also gone over five years without any updates)

    • tccmanager.py uses a .plist to add items, which is inconvenient.

  • these are also some other projects I found that do similar things

Installation

Homebrew

Install using Homebrew.

brew install tccutil

Depending how you have your $PATH variable setup, you can simply type tccutil (instead of the full path) and it will run this utility instead of Apple's.

Alternative Install

Clone this repo and manually copy tccutil.py to /usr/local/bin or run from any directory with python /path/to/tccutil.py.

Usage

This utility needs super-user priveleges for most operations. It is important that you either run this as root or use sudo, otherwise it won't work and you will end up with “permission denied” errors.

usage: tccutil.py [-h] [--service SERVICE] [--list] [--digest] [--insert INSERT] [-v]
                  [-r REMOVE] [-e ENABLE] [-d DISABLE] [--user [USER]] [--version]
                  [ACTION]

Modify Accesibility Preferences

positional arguments:
  ACTION                This option is only used to perform a reset, using "/usr/bin/tccutil". See
                        `man tccutil` for additional syntax

optional arguments:
  -h, --help            show this help message and exit
  --service SERVICE, -s SERVICE
                        Set TCC service
  --list, -l            List all entries in the accessibility database
  --digest              Print the digest hash of the accessibility database
  --insert INSERT, -i INSERT
                        Adds the given bundle ID or path to the accessibility database
  -v, --verbose         Outputs additional info for some commands
  -r REMOVE, --remove REMOVE
                        Removes a given Bundle ID or Path from the Accessibility Database
  -e ENABLE, --enable ENABLE
                        Enables Accessibility Access for the given Bundle ID or Path
  -d DISABLE, --disable DISABLE
                        Disables Accessibility Access for the given Bundle ID or Path
  --user [USER], -u [USER]
                        Modify accessibility database for a given user (defaults to current,
                        if no additional parameter is provided)
  --version             Show the version of this script

Examples

List existing Entries in the Accessibility Database

sudo tccutil.py --list

List existing Entries in the Accessibility Database specific to the current user

sudo tccutil.py --list -u

Add /usr/bin/osascript to the Accessibility Database (using UNIX-Style Option)

sudo tccutil.py -i /usr/bin/osascript

Add /usr/bin/osascript to the Accessibility Database specific to user 'myuser' (using UNIX-Style Option)

sudo tccutil.py -i /usr/bin/osascript -u myuser

Add Script Editor to the Accessibility Database (using Long Option)

sudo tccutil.py --insert com.apple.ScriptEditor2

Remove Terminal from the Accessibility Database

sudo tccutil.py --remove com.apple.Terminal

Enable Terminal (must already exist in the Database)

sudo tccutil.py --enable com.apple.Terminal

Disable /usr/bin/osascript (must already exist in the Database)

sudo tccutil.py -d /usr/bin/osascript

Reset system wide accessibility database

sudo tccutil.py reset ALL

Contributing

Many people have contributed already, so feel free to make a PR and we'll get it merged in.