Skip to content

Instantly share code, notes, and snippets.

@andermoran
Last active February 12, 2020 21:08
Show Gist options
  • Save andermoran/294d44ddf2afee447943772abe5021c8 to your computer and use it in GitHub Desktop.
Save andermoran/294d44ddf2afee447943772abe5021c8 to your computer and use it in GitHub Desktop.
Application Service Manager: a script that allows you to change an application's access to services (such as microphone, camera, etc)
#!/bin/bash
usage="usage: ./$(basename "$0") -s service [-d] [-m] [-c] app_name
where:
app_name: the name of the app
-s service: the service to change
-d disables the service (only put this option if you want to disable access)
-m sets the microphone as the service
-c sets the camera as the service
extra help:
* to see examples of service names run: ./$(basename "$0") --list-example-services
* to give an application access to your microphone run: ./$(basename "$0") -m SomeMacApp
* to disable an application's access to your camera run: ./$(basename "$0") -c -d SomeMacApp
example:
* disable Google Chrome's access to your camera run: ./$(basename "$0") -c -d \"Google Chrome\"
"
example_services="List of example services that can be changed:
kTCCServiceAddressBook
kTCCServiceAppleEvents
kTCCServiceCalendar
kTCCServiceCamera
kTCCServiceLiverpool
kTCCServiceMicrophone
kTCCServiceUbiquity"
SHOULD_ENABLE_SERVICE=1
POSITIONAL=()
while [[ $# -gt 0 ]]
do
key="$1"
case $key in
-h|--help)
echo "$usage" >&2
exit
;;
-l|--list-example-services)
echo "$example_services" >&2
exit
;;
-s|--service)
SERVICE="$2"
shift # past argument
shift # past value
;;
-d|--disable)
SHOULD_ENABLE_SERVICE=0 # 0 = no, 1 = yes
shift # past argument
;;
-m|--microphone)
SERVICE="kTCCServiceMicrophone"
shift # past argument
;;
-c|--camera)
SERVICE="kTCCServiceCamera"
shift # past argument
;;
*) # unknown option
POSITIONAL+=("$1") # save it in an array for later
shift # past argument
;;
esac
done
set -- "${POSITIONAL[@]}" # restore positional parameters
TARGET_APP_NAME=$POSITIONAL
db_path=~/Library/Application\ Support/com.apple.TCC/TCC.db
db_path_backup=~/Library/Application\ Support/com.apple.TCC/TCC_backup.db
bundle_identifier=$(osascript -e "id of app \"$TARGET_APP_NAME\"")
if [[ ! -e $db_path_backup ]]; then
cp -p "$db_path" "$db_path_backup"
echo "backup db file created at $db_path_backup"
fi
select_record=$(sqlite3 "$db_path" 'SELECT client FROM "main"."access" WHERE (client = '\""$bundle_identifier"\"' AND service = '\""$SERVICE"\"');')
if [[ ${#select_record} -eq 0 ]]; then
# record does not exist, so we insert it
sqlite3 "$db_path" 'INSERT INTO "main"."access" ("service", "client", "client_type", "allowed", "prompt_count", "csreq", "policy_id", "indirect_object_identifier_type", "indirect_object_identifier", "indirect_object_code_identity", "flags", "last_modified") VALUES ('\""$SERVICE"\"', '\""$bundle_identifier"\"', "0", '"$SHOULD_ENABLE_SERVICE"', "1", NULL, NULL, NULL, "UNUSED", NULL, "0", "1581530359");'
else
# record does exist, so we updated it
sqlite3 "$db_path" 'UPDATE "main"."access" SET allowed='"$SHOULD_ENABLE_SERVICE"' WHERE (client = '\""$bundle_identifier"\"' AND service = '\""$SERVICE"\"');'
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment