From 8eb9e59dfd00e6e6303ff09c312d520f4884e1ce Mon Sep 17 00:00:00 2001 From: CPol Date: Mon, 6 Nov 2023 01:06:30 +0000 Subject: [PATCH] GITBOOK-4154: change request with no subject merged in GitBook --- .../macos-security-protections/macos-tcc/README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md index b18f6d783..28ccfba2b 100644 --- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md +++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md @@ -65,6 +65,7 @@ However, users can **delete or query rules** with the **`tccutil`** command line {% tabs %} {% tab title="user DB" %} +{% code overflow="wrap" %} ```bash sqlite3 ~/Library/Application\ Support/com.apple.TCC/TCC.db sqlite> .schema @@ -81,9 +82,11 @@ sqlite> select * from access where client LIKE "%telegram%" and auth_value=2; # Check user denied permissions for telegram sqlite> select * from access where client LIKE "%telegram%" and auth_value=0; ``` +{% endcode %} {% endtab %} {% tab title="system DB" %} +{% code overflow="wrap" %} ```bash sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db sqlite> .schema @@ -95,11 +98,15 @@ kTCCServiceSystemPolicyDownloadsFolder|com.tinyspeck.slackmacgap|2|2 kTCCServiceMicrophone|us.zoom.xos|2|2 [...] +# Get all FDA +sqlite> select service, client, auth_value, auth_reason from access where service = "kTCCServiceSystemPolicyAllFiles" and auth_value=2; + # Check user approved permissions for telegram sqlite> select * from access where client LIKE "%telegram%" and auth_value=2; # Check user denied permissions for telegram sqlite> select * from access where client LIKE "%telegram%" and auth_value=0; ``` +{% endcode %} {% endtab %} {% endtabs %}