Modifying the TCC database

Mountain Lion introduced a new iOS-like feature to allow users to be notified when an application requests access to that user’s contacts:

…and to be able to modify this access later:

Why does Final Cut Pro 7 want to access contacts? Final Cut Pro 7 introduced a feature that uses iChat (which doesn’t even really exist in Mountain Lion), therefore when a user first launches FCP, OS X will ask permission to allow FCP to access that user’s contacts.

It might be nice to be able to pre-allow or -disallow access for applications without user intervention, especially in scenarios where user Library data isn’t persistent across logins in a multi-user environment, where users would otherwise be nagged frequently to access what’s likely an empty Contacts database.

These contacts turn out to be stored in an SQLite3 database, located in the user’s library folder:

~/Library/Application Support/com.apple.TCC/TCC.db

This database is managed by the tccd daemon located at:

/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd

We can query it with the built-in sqlite3 command-line tool:

There’s some useful information in the access table:

Here we’ve got FCP and Google Chrome (the latter triggered because we visited GMail). The last three integer columns store the values for client_type, allowed, and prompt_count.

Given this very simple database schema, it’s pretty trivial to update this database ourselves directly. In my experience, when the database gets updated, the Security & Privacy preferences pane responds to the change as soon as its window again receives focus.

I wrote a Python script that allows for ad-hoc changes to the allowed column, given an app bundle id. It should also be usable in scenarios where a user may be brand new and not yet had the TCC database created, so it will handle the initial schema creation of the database if it doesn’t already exist.

This is available here. It currently assumes you’ll be running the script as the user whose database will be modified.