Hey, we also opened a bug regarding this behavior on April, back when you introduce the new event on MacOs 15.4
The bug ticket is: FB17139326
Starting macOs 15.4 you added a new event for the system extension framework named: tcc_modify The event should be triggered every-time there is a change regarding the tcc db (granted / revoked using various ways). One of the ways you can grant / revoke tcc db permission is by changing the user sqlite with root permissions. You can change various permissions regarding the user for example the apps that allowed to use microphone permissions.
It is expected that when granted / revoked permissions using sqlite for microphone we will get notify from the system extension for tcc modify event.
but the actual result is that the permission is added without any tcc modify event.
We wanted to know if this is intentional that changing the user tcc db with root permissions, using sqlite and not conventional methods (user popup / settings), suppose to not initiate an event, and we should monitor them using other methods.
Thank you, Idan
Sorry I didn’t reply sooner. I wasn’t notified of your earlier post.
I don’t think there’s any reasonable way for you to address this within your ES client. Rather, I recommend that you file a bug about it.
Please post your bug number, just for the record.
ps It wouldn’t surprise me if this were fixed by further locking down the TCC database but… hey… that’s not my call to make.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
