Hello,
I am looking for guidance on how to pre-provision TCC permissions for automated desktop app testing on the macOS 27 beta.
We have maintained a CI testing setup by saving snapshots of VMs with pre-configured user TCC databases. This allowed our UI tests to run without being blocked by permission prompts. This included permissions like screen recording, full disk access or apple events.
On the macOS 27 beta, this workflow appears completely broken. While the system TCC database seems to function as it used to, the user TCC database has been moved into a ProtectedSystem container. Direct modifications to the user database now seem impossible.
Is there any officially supported way to pre-provision user-level TCC permissions on macOS 27 VMs for automated CI environments? Is Apple's intention here that the system DB is the only one that's actually editable (with SIP disabled)?
How does Apple recommend CI platforms handle user-level permission prompts in headless or automated VM environments moving forward?
Any insights or recommended alternative workflows would be greatly appreciated. Thank you!
On macOS, TCC supports two different configuration options:
- Normal users can change their settings in System Settings > Privacy.
- On managed Macs, the device manager can set things up via MDM, using the
com.apple.TCC.configuration-profile-policypayload.
Both of these require the calling code to have a stable designated requirement (DR), as defined in TN3127 Inside Code Signing: Requirements.
Neither of these was specifically designed for developers, for example, in their CI setup. It’s certainly possible to use both of them in that context, although neither is a perfect fit.
WARNING TCC’s on-disk settings are considered an implementation detail. Their location and structure is not documented for third-party use. Any system you build that relies on this will likely run into compatibility problems at some point.
In a VM setup you can do this sort of thing by creating the VM, running your app once, approving its TCC requirements, and then shutting down the VM. Then, during a test cycle, you can clone the VM, start it, and use it run your app, which will benefit from the saved TCC state (remember that stable DR thing I mentioned earlier).
However, that’s hardly ideal. I’m sure you’ll be able to describe about a dozen ways that this is inconvenient in your setup. My request is that you put those into an enhancement request, so that they get seen by the relevant engineering team.
Please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
