#!/usr/bin/python | |
""" | |
Reset User-level Privacy Policy Controls via Jamf Self Service | |
Pass script Parameter 4 as "all" to reset privacy controls for all users on | |
the system. This parameter is optional. | |
https://www.macblog.org/post/reset-tcc-privacy/ | |
https://github.com/haircut | |
""" | |
import sys | |
import subprocess | |
from SystemConfiguration import SCDynamicStoreCopyConsoleUser | |
SERVICES = ['Calendar', 'AddressBook', 'SystemPolicyAllFiles', 'PostEvent', | |
'Willow', 'Photos', 'LinkedIn', 'Facebook', 'SinaWeibo', 'Twitter', | |
'Siri', 'AppleEvents', 'Camera', 'Microphone', 'PhotosAdd', | |
'Reminders', 'All', 'Accessibility', 'Liverpool', 'Ubiquity', | |
'ShareKit', 'TencentWeibo', 'SystemPolicySysAdminFiles', | |
'MediaLibrary', 'SystemPolicyDeveloperFiles', 'Location'] | |
def get_console_user(): | |
'''Returns current console username''' | |
return SCDynamicStoreCopyConsoleUser(None, None, None)[0] | |
def get_all_users(): | |
'''Return all non-system users on this Mac''' | |
cmd = ['dscl', '.', '-list', '/Users'] | |
proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) | |
out, _ = proc.communicate() | |
userlist = out.splitlines() | |
filter_out = ['daemon', 'root', 'nobody'] | |
return [x for x in userlist if not x.startswith('_') | |
and not x in filter_out] | |
def reset_tcc_service_as_user(service, user): | |
'''Uses tccutil to reset a service as a user''' | |
try: | |
scmd = '/usr/bin/tccutil reset %s' % service | |
cmd = ['su', '-l', user, '-c', scmd] | |
subprocess.check_call(cmd, stderr=subprocess.PIPE) | |
print "Reset '%s' for '%s'" % (service, user) | |
except subprocess.CalledProcessError: | |
print "Unable to reset '%s' for '%s'" % (service, user) | |
def reset_tcc(user): | |
'''Resets all known TCC services for passed user''' | |
for service in SERVICES: | |
reset_tcc_service_as_user(service, user) | |
def main(): | |
'''main''' | |
# Determine if we should reset all users on system or just the console user | |
try: | |
reset_all_users = sys.argv[4] | |
except IndexError: | |
reset_all_users = '' | |
# Reset all users | |
if reset_all_users.lower() == 'all': | |
print "Resetting Privacy settings for all users." | |
users = get_all_users() | |
for user in users: | |
reset_tcc(user) | |
# Reset only console user | |
else: | |
console_user = get_console_user() | |
if console_user: | |
print "Resetting Privacy settings for '%s'." % console_user | |
reset_tcc(console_user) | |
else: | |
print "No user logged in; unable to reset Privacy settings" | |
if __name__ == '__main__': | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment