Documentation
¶
Overview ¶
Package tcc provides TCC (Transparency, Consent, Control) permission utilities.
Index ¶
- Constants
- func GetEntitlements(perms []Permission) []string
- func GetTCCServices(perms []Permission) []string
- func HandleEdgeCase(service, bundleID, appName string, debug bool) error
- func OpenSystemSettingsToTCC(service, bundleID, appName string, debug bool) error
- func RequiresTCC(perms []Permission) bool
- func Reset(bundleID string, debug bool) error
- func ResetForPermissions(bundleID string, perms []Permission, debug bool) error
- func ResetSpecificServices(bundleID string, services []string, debug bool) error
- func ResetWithConfig(cfg ResolutionConfig) error
- func ResolveBundleID(cfg ResolutionConfig) (string, error)
- func ValidateAppGroups(groups []string, perms []Permission) error
- func ValidatePermissions(perms []Permission) error
- func WaitForPermissionGrant(service, bundleID string, timeout time.Duration, debug bool) (bool, error)
- type EdgeCaseError
- type EdgeCaseType
- type Permission
- type ResolutionConfig
Constants ¶
const ( Camera = permissions.Camera // Camera access (com.apple.security.device.camera) Microphone = permissions.Microphone // Microphone access (com.apple.security.device.audio-input) Location = permissions.Location // Location services (com.apple.security.personal-information.location) ScreenRecording = permissions.ScreenRecording // Screen recording/capture (requires TCC approval) Accessibility = permissions.Accessibility // Accessibility (simulating input, etc.) Files = permissions.Files // File system access with user selection Network = permissions.Network // Network client/server access Sandbox = permissions.Sandbox // App sandbox with restricted file access )
Core permissions covering 95% of use cases.
Variables ¶
This section is empty.
Functions ¶
func GetEntitlements ¶
func GetEntitlements(perms []Permission) []string
GetEntitlements returns the entitlement strings for the given permissions.
func GetTCCServices ¶
func GetTCCServices(perms []Permission) []string
GetTCCServices returns the TCC service names for permissions that support tccutil reset.
func HandleEdgeCase ¶
HandleEdgeCase provides user-friendly guidance for TCC permission edge cases. It analyzes the situation and provides clear recovery instructions.
func OpenSystemSettingsToTCC ¶
OpenSystemSettingsToTCC opens System Settings to the appropriate TCC panel for the service. Returns an error with recovery instructions if edge cases are detected.
func RequiresTCC ¶
func RequiresTCC(perms []Permission) bool
RequiresTCC returns true if any of the permissions require TCC prompts.
func ResetForPermissions ¶
func ResetForPermissions(bundleID string, perms []Permission, debug bool) error
ResetForPermissions resets TCC permissions for the specific permissions provided.
func ResetSpecificServices ¶
ResetSpecificServices resets only specific TCC services for a bundle ID.
func ResetWithConfig ¶
func ResetWithConfig(cfg ResolutionConfig) error
ResetWithConfig resets TCC permissions using the provided configuration. It will resolve the bundle ID if not provided in the config.
func ResolveBundleID ¶
func ResolveBundleID(cfg ResolutionConfig) (string, error)
ResolveBundleID resolves the bundle ID from the configuration. If BundleID is provided in config, it uses that. Otherwise, it infers one from the AppName or executable name.
func ValidateAppGroups ¶
func ValidateAppGroups(groups []string, perms []Permission) error
ValidateAppGroups checks if app groups configuration is valid. App groups require sandbox permission to be enabled.
func ValidatePermissions ¶
func ValidatePermissions(perms []Permission) error
ValidatePermissions checks if the provided permissions are valid and compatible.
Types ¶
type EdgeCaseError ¶
type EdgeCaseError struct {
Type EdgeCaseType
Message string
Service string
BundleID string
Recovery string // Recovery instructions for the user
}
EdgeCaseError represents a TCC permission edge case that requires special handling.
func DetectEdgeCase ¶
func DetectEdgeCase(service, bundleID string) (*EdgeCaseError, error)
DetectEdgeCase attempts to detect common TCC permission edge cases. It checks System Settings state and provides appropriate recovery instructions.
func (*EdgeCaseError) Error ¶
func (e *EdgeCaseError) Error() string
type EdgeCaseType ¶
type EdgeCaseType int
EdgeCaseType represents different types of TCC permission edge cases.
const ( // EdgeCaseUnknown represents an unknown edge case EdgeCaseUnknown EdgeCaseType = iota // EdgeCasePromptDismissed indicates the user dismissed the TCC prompt EdgeCasePromptDismissed // EdgeCasePermissionDenied indicates the user explicitly denied permission EdgeCasePermissionDenied // EdgeCaseMultipleDenials indicates permission was denied multiple times EdgeCaseMultipleDenials // EdgeCaseSettingsOpen indicates System Settings is already showing the TCC panel EdgeCaseSettingsOpen // EdgeCaseSettingsLocked indicates the TCC panel is locked (requires authentication) EdgeCaseSettingsLocked // EdgeCaseAppNotInList indicates the app isn't shown in System Settings TCC list EdgeCaseAppNotInList )
func (EdgeCaseType) String ¶
func (t EdgeCaseType) String() string
type Permission ¶
type Permission = permissions.Permission
Permission represents a macOS system permission that can be requested. These correspond to TCC (Transparency, Consent, Control) permission types.
type ResolutionConfig ¶
ResolutionConfig holds configuration for resolving bundle IDs.
Source Files