Last active
April 8, 2024 15:56
-
-
Save haircut/4f30c1d5bb3eafbbc74d69f4ada2b378 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
""" | |
Reset User-level Privacy Policy Controls via Jamf Self Service | |
Pass script Parameter 4 as "all" to reset privacy controls for all users on | |
the system. This parameter is optional. | |
https://www.macblog.org/post/reset-tcc-privacy/ | |
https://github.com/haircut | |
""" | |
import sys | |
import subprocess | |
from SystemConfiguration import SCDynamicStoreCopyConsoleUser | |
SERVICES = ['Calendar', 'AddressBook', 'SystemPolicyAllFiles', 'PostEvent', | |
'Willow', 'Photos', 'LinkedIn', 'Facebook', 'SinaWeibo', 'Twitter', | |
'Siri', 'AppleEvents', 'Camera', 'Microphone', 'PhotosAdd', | |
'Reminders', 'All', 'Accessibility', 'Liverpool', 'Ubiquity', | |
'ShareKit', 'TencentWeibo', 'SystemPolicySysAdminFiles', | |
'MediaLibrary', 'SystemPolicyDeveloperFiles', 'Location'] | |
def get_console_user(): | |
'''Returns current console username''' | |
return SCDynamicStoreCopyConsoleUser(None, None, None)[0] | |
def get_all_users(): | |
'''Return all non-system users on this Mac''' | |
cmd = ['dscl', '.', '-list', '/Users'] | |
proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) | |
out, _ = proc.communicate() | |
userlist = out.splitlines() | |
filter_out = ['daemon', 'root', 'nobody'] | |
return [x for x in userlist if not x.startswith('_') | |
and not x in filter_out] | |
def reset_tcc_service_as_user(service, user): | |
'''Uses tccutil to reset a service as a user''' | |
try: | |
scmd = '/usr/bin/tccutil reset %s' % service | |
cmd = ['su', '-l', user, '-c', scmd] | |
subprocess.check_call(cmd, stderr=subprocess.PIPE) | |
print "Reset '%s' for '%s'" % (service, user) | |
except subprocess.CalledProcessError: | |
print "Unable to reset '%s' for '%s'" % (service, user) | |
def reset_tcc(user): | |
'''Resets all known TCC services for passed user''' | |
for service in SERVICES: | |
reset_tcc_service_as_user(service, user) | |
def main(): | |
'''main''' | |
# Determine if we should reset all users on system or just the console user | |
try: | |
reset_all_users = sys.argv[4] | |
except IndexError: | |
reset_all_users = '' | |
# Reset all users | |
if reset_all_users.lower() == 'all': | |
print "Resetting Privacy settings for all users." | |
users = get_all_users() | |
for user in users: | |
reset_tcc(user) | |
# Reset only console user | |
else: | |
console_user = get_console_user() | |
if console_user: | |
print "Resetting Privacy settings for '%s'." % console_user | |
reset_tcc(console_user) | |
else: | |
print "No user logged in; unable to reset Privacy settings" | |
if __name__ == '__main__': | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment