Update TCC.db Modifier.sh to work on MacOS 14.1.2 #42
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I was able to confirm that SIP is preventing modification of the global TCC. Standard methods of disabling SIP should work around this. |
|
Update: I tried this in a different context and it did NOT work; the user TCC DB was read-only as well. Original context I was using it in, where it worked, was when the user had no password, auto login was turned on, and FileVault was disabled. Context where users DB is write-protected is where the user has a password and FileVault is enabled. I haven't investigated further, but I assume it's SIP again. :-( |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The TCC.db schema has changed since you originally wrote your script. I have updated the script to take the new schema into account.
I haven't fully reverse-engineered the schema, but it appears we can default values into there and just not worry too much about things for now.
I tested this via Jamf on a machine running MacOS 14.1.2; it was able to change the USER TCCs, but not the global TCCs due to the DB being read-only. I suspect this is due to SIP or something, but I haven't investigated further.