Self-Service-Reset-Privacy-Consent.py

#!/usr/bin/python
"""
Reset User-level Privacy Policy Controls via Jamf Self Service

    Pass script Parameter 4 as "all" to reset privacy controls for all users on
    the system. This parameter is optional.

https://www.macblog.org/post/reset-tcc-privacy/
https://github.com/haircut
"""


import sys
import subprocess
from SystemConfiguration import SCDynamicStoreCopyConsoleUser


SERVICES = ['Calendar', 'AddressBook', 'SystemPolicyAllFiles', 'PostEvent',
            'Willow', 'Photos', 'LinkedIn', 'Facebook', 'SinaWeibo', 'Twitter',
            'Siri', 'AppleEvents', 'Camera', 'Microphone', 'PhotosAdd',
            'Reminders', 'All', 'Accessibility', 'Liverpool', 'Ubiquity',
            'ShareKit', 'TencentWeibo', 'SystemPolicySysAdminFiles',
            'MediaLibrary', 'SystemPolicyDeveloperFiles', 'Location']


def get_console_user():
    '''Returns current console username'''
    return SCDynamicStoreCopyConsoleUser(None, None, None)[0]


def get_all_users():
    '''Return all non-system users on this Mac'''
    cmd = ['dscl', '.', '-list', '/Users']
    proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    out, _ = proc.communicate()
    userlist = out.splitlines()
    filter_out = ['daemon', 'root', 'nobody']
    return [x for x in userlist if not x.startswith('_') 
            and not x in filter_out]


def reset_tcc_service_as_user(service, user):
    '''Uses tccutil to reset a service as a user'''
    try:
        scmd = '/usr/bin/tccutil reset %s' % service
        cmd = ['su', '-l', user, '-c', scmd]
        subprocess.check_call(cmd, stderr=subprocess.PIPE)
        print "Reset '%s' for '%s'" % (service, user)
    except subprocess.CalledProcessError:
        print "Unable to reset '%s' for '%s'" % (service, user)


def reset_tcc(user):
    '''Resets all known TCC services for passed user'''
    for service in SERVICES:
        reset_tcc_service_as_user(service, user)


def main():
    '''main'''
    # Determine if we should reset all users on system or just the console user
    try:
        reset_all_users = sys.argv[4]
    except IndexError:
        reset_all_users = ''
    # Reset all users
    if reset_all_users.lower() == 'all':
        print "Resetting Privacy settings for all users."
        users = get_all_users()
        for user in users:
            reset_tcc(user)
    # Reset only console user
    else:
        console_user = get_console_user()
        if console_user:
            print "Resetting Privacy settings for '%s'." % console_user
            reset_tcc(console_user)
        else:
            print "No user logged in; unable to reset Privacy settings"


if __name__ == '__main__':
    main()