Edit TCC.db to bypass "'Foo.app' wants access to control 'Bar.app'" on own machine

I make extensive use of Apple Events to control a wide variety of applications on my machine. The new security prompts introduced in Mojave are crippling.

enter image description here

In previous versions of macOS, once an app was granted permission to "control your computer", it was able to send Apple events to any other app on your machine. In Mojave, this permission must be manually granted once for each app being controlled.

Once a user grants access, their selection is stored in one of two sqlite databases:

  1. ~/Library/Application Support/com.apple.TCC/TCC.db
  2. /Library/Application Support/com.apple.TCC/TCC.db

    • Note that #2 is only visible to the root user.
    • Note that System Integrity Protection is disabled.

Would it be possible to edit these sqlite databases directly to automatically grant permissions and bypass these security prompts?


Solution 1:

To access the TCC.db database directly is no longer supported by Apple, even if you disable SIP, because of their policy of protecting users from big companies that like to track everything you do online, and also used to do this stealthy bypass without asking permission to users. However, even in Mojave, there is a way to circumvent this, but with a catch: that only works if a given computer is enrolled in an MDM program. To know more about the MDM program go here.

In order to bypass this for several computers you can use the python script tccprofile.py available at GitHub.

As far as I know, this is the only way to bypass the need to ask user permission from Mojave onwards.

Solution 2:

I found this for deleting an entry.

sudo sqlite3 /Library/Application\ Support/com.apple.TCC/Tcc.db 'delete from access where client like "%appnamehere%"'

Replace "appnamehere" with the name of the app as it appears in the Accessibility list (keep the % signs).