New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Missing kTCCServiceMicrophone entitlement for TeamTalk on MacOS Mojave #393

Closed
Flameborn opened this Issue Dec 9, 2018 · 20 comments

Comments

Projects
None yet
2 participants
@Flameborn
Copy link

Flameborn commented Dec 9, 2018

The MacOS version of TeamTalk does not have the kTCCServiceMicrophone entitlement, which results in having blocked input devices by the system, i.e. making TeamTalk not usable. TeamTalk needs to be added to the accessibility database, in particular to the Microphone category in order to make sound devices, such as the built-in Mac microphone work. This entitlement will raise a system alert at startup, letting the user grant access to the microphone.

Entitlements can be viewed via:

~ > codesign -d --entitlements - /Applications/TeamTalk5.app

@bear101

This comment has been minimized.

Copy link
Contributor

bear101 commented Dec 9, 2018

Specifically, if an application does not have the kTCCServiceMicrophone or kTCCServiceCamera values in the com.apple.private.tcc.allow entitlement, the OS will block the mic or webcam, and alert the user, requesting explicit permissions.

@bear101 bear101 self-assigned this Dec 9, 2018

@Flameborn

This comment has been minimized.

Copy link

Flameborn commented Dec 9, 2018

The problem is that even though Mojave should prompt for microphone access, it does not at the moment. In an earlier version, I think it was 5.3.2, it happened, but not ever since, even on Macs where the client is installed for the first time.

Adding this to Info.plist and resigning the application should fix things, according to a similar ITerm2 issue https://gitlab.com/gnachman/iterm2/issues/7194#note_109695386:

<key>com.apple.private.tcc.allow</key> <array> <string>kTCCServiceMicrophone</string>

@bear101

This comment has been minimized.

Copy link
Contributor

bear101 commented Dec 9, 2018

Hm, I tried adding an Entitlements.pinfo file but then the app crashes with an invalid signature:

Exception Type:        EXC_CRASH (Code Signature Invalid)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace CODESIGNING, Code 0x1

Are Entitlements AppStore specific? My code is signed with a Comodo license.

@Flameborn

This comment has been minimized.

Copy link

Flameborn commented Dec 9, 2018

They are not, as far as I know. Iterm2 is not available in the Appstore, and this was one of the solutions.

Have you tried to resign the application with the added plist?

@bear101

This comment has been minimized.

Copy link
Contributor

bear101 commented Dec 9, 2018

Yes, then it crashes:


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.private.tcc.allow</key>
    <array>
      <string>kTCCServiceMicrophone</string>
      <string>kTCCServiceCamera</string>
    </array>
  </dict>
</plist>
@Flameborn

This comment has been minimized.

Copy link

Flameborn commented Dec 9, 2018

There's some more info here about Hardened mode, I think the entitlements file you mentioned is only used if hardened mode is enabled.

Based on the Iterm2 ticket, it is possible to add these entitlements to Info.plist, which should not make the app crash. I will do some investigating and let you know if I find something, but in theory this should work as a fix.

@bear101

This comment has been minimized.

Copy link
Contributor

bear101 commented Dec 10, 2018

do you get the prompt if you install this version? http://bearware.dk/beta/TeamTalk_v5.3.5.4943_Setup.dmg

I put the permission in Info.plist and then codesign without entitlements option.

@Flameborn

This comment has been minimized.

Copy link

Flameborn commented Dec 10, 2018

@bear101

This comment has been minimized.

Copy link
Contributor

bear101 commented Dec 10, 2018

Hm, it's the com.apple.private.tcc.allow which is causing the crash. All other permissions work fine. As soon as the com.apple.private.tcc.allow key is added then it crashes...

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.device.camera</key>
    <true/>
    <key>com.apple.security.device.audio-input</key>
    <true/>
    <key>com.apple.security.network.server</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
    <key>com.apple.security.files.user-selected.read-write</key>
    <true/>
    <key>com.apple.security.application-groups</key>
    <true/>
    <key>com.apple.private.tcc.allow</key>
    <array>
      <string>kTCCServiceMicrophone</string>
      <string>kTCCServiceCamera</string>
    </array>
  </dict>
</plist>

@Flameborn

This comment has been minimized.

Copy link

Flameborn commented Dec 10, 2018

@bear101

This comment has been minimized.

Copy link
Contributor

bear101 commented Dec 11, 2018

Can you try running this command on Mojave and post the output here?
codesign -d --entitlements - /Applications/FaceTime.app

@Flameborn

This comment has been minimized.

Copy link

Flameborn commented Dec 11, 2018

@bear101

This comment has been minimized.

Copy link
Contributor

bear101 commented Dec 19, 2018

I finally got my new Mac so I can develop on Mojave. I managed to install this package and get the permission prompts when configuring sound and camera:
http://bearware.dk/beta/TeamTalk_v5.3.5.4944.pkg

@Flameborn

This comment has been minimized.

Copy link

Flameborn commented Dec 19, 2018

@bear101

This comment has been minimized.

Copy link
Contributor

bear101 commented Dec 19, 2018

Ah, yes, I can fix the preferences issue.

@bear101

This comment has been minimized.

Copy link
Contributor

bear101 commented Dec 19, 2018

Hm, it's seems it's Qt 5.12 that has changed the default location of config-files. Before TeamTalk5.ini was in ~/.config/BearWare.dk now it's in ./Library/Containers/dk.bearware.TeamTalk5/Data/.config/BearWare.dk/TeamTalk5.ini

@Flameborn

This comment has been minimized.

Copy link

Flameborn commented Dec 19, 2018

@bear101 bear101 added this to the TeamTalk v5.3.5 for macOS milestone Dec 20, 2018

@bear101

This comment has been minimized.

Copy link
Contributor

bear101 commented Dec 20, 2018

I've created a beta version which uses the old config file:
http://bearware.dk/?p=905
I don't use the entitlements file for code signing but instead just added the camera and microphone prompts: 0ce80c6

@bear101

This comment has been minimized.

Copy link
Contributor

bear101 commented Dec 20, 2018

The entitlements file puts the app into a sandbox but this prevents Facebook weblogin from working so I had to create an "old fashioned" app and installer.

@Flameborn

This comment has been minimized.

Copy link

Flameborn commented Dec 29, 2018

Thank you very much. I consider this fixed.

@Flameborn Flameborn closed this Dec 29, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment