Should auth_value be 2 when enabling?

[rafpaf]

trafficstars

I had trouble getting tccutil to work on macOS 12.4, but once I had enabled access to the TCC database via csrutil disable, this worked like a charm:

sudo sqlite3 "/Library/Application Support/com.apple.TCC/TCC.db" "update access set auth_value = 2 where client = 'com.knollsoft.Rectangle'"

I noticed that your script currently sets auth_value to 1 and I wonder if it should use the value 2 with this version of macOS.

[jacobsalmela]

Interesting. Thanks for the finding. Perhaps a conditional for that value would work well. I don't recall explicitly setting it to 1 for a specific reason but it may need to be there for older versions of macOS.

Feel free to make a PR otherwise I'll assign this to myself

[C-Duv]

I also noticed this on macOS 13.5 (Ventura).

According to this "macOS TCC" article on HackTricks, value 1 is for unknown and value 2 for allowed:

The auth_value can have different values: denied(0), unknown(1), allowed(2), or limited(3).

As I am using Homebrew to install tccutil, I am currently using the following sed command as a quick fix:

sed -i "" "s/{enable_mode_name}='1'/{enable_mode_name}='2'/" "$(realpath "/opt/homebrew/bin/tccutil")"

I'll file a PR…

[C-Duv]

Done :heavy_check_mark:: #67.