2

I am trying to insert a row into a system database in Mac, The TCC database. Mainly I am trying to insert into the 'access' table in this Database. 

c.execute("INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','%s',%s,1,1,NULL,NULL)" % (client, client_type))

This works properly on most of the macs I have tested it on (I am writing code that should work on multiple macs). But there is this one mac in which when I run this command it comes back with 

File "read.py", line 76, in insert_client
c.execute("INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','%s',%s,1,1,NULL,NULL)" % (client, client_type))
sqlite3.OperationalError: attempt to write a readonly database

What can I do to make sure it opens as a writable database.

NOTE: I read this question and its answer. So I figured I should change my permissions. The folder in which I have the .db file is /Library/Application \Support/com.apple.TCC/TCC.db
Now these are the following permissions for each of these folders
ls -lOe output

drwxr-xr-x+ 57 root wheel sunlnk 1938 Feb 17 17:39 Library 0: group:everyone deny delete
drwxr-xr-x 11 root admin sunlnk 374 Feb 21 09:50 Application Support
drwxr-xr-x@ 3 root wheel restricted 102 Feb 27 11:35 com.apple.TCC
-rw-r--r-- 1 root wheel restricted 57344 Feb 27 11:35 TCC.db

Now I try to chmod all of these to 775 but on each of them I get :Operation not Permitted.
What am I doing wrong? And is there another way to fix this?

Community
  • 1
  • 1
ShdwKnght333
  • 300
  • 4
  • 23

1 Answers1

3

Update

Basing on http://applehelpwriter.com/2016/09/20/dropbox-hack-blocked-by-apple-in-sierra/ it looks like the "bad" Mac has Mac OS Sierra on it and what you see is a deliberate feature by Apple designed to prohibit you from exactly what you are doing i.e. hacking into TCC.db and circumventing security. I'm not sure if there are still known workarounds.

Old Answer

I think the trouble is that the user who runs the script doesn't have permissions to access the TCC.db file and to modify those access permissions. Probably the user is not admin and can't change it anyway. Or probably you need sudo

SergGr
  • 23,570
  • 2
  • 30
  • 51
  • What do you run with sudo? If you run your script and your script does not explicitly modify access permissions - there is no surprise. `ls` shows that the file is owned by the user "wheel" which is probably not you (see http://superuser.com/questions/191955/what-is-the-wheel-user-in-os-x) and current access rules is that only the can edit the file, even the "root" group can't. If you want to edit the file as other user you first should change accecss permissions under sudo and then edit it. Note: I'm not sure that edit such a file manualy is a good idea. Are you sure there is no API for that? – SergGr Feb 27 '17 at 08:39
  • About the editing part, I have safely and successfully done it in other machines. Also I read the link you provided me with. So should I use `chgrp` now and if yes on what? As in the file or the directory it is in. I am sure `chmod` wont work because I tried and it failed. – ShdwKnght333 Feb 27 '17 at 08:55
  • Just to double-check: you tried `sudo chmod` and it failed to modify access permissions? – SergGr Feb 27 '17 at 09:03
  • Yes I did type `sudo chmod 775 path` – ShdwKnght333 Feb 27 '17 at 09:16
  • This is a surprise. Can you add result of `ls -lOe` to your question than? – SergGr Feb 27 '17 at 09:22
  • Added them. Any idea what to do? – ShdwKnght333 Feb 27 '17 at 09:54
  • Thanks @SergGr. If you get to know any workaround for it, please do let me know. – ShdwKnght333 Feb 28 '17 at 04:19