0

I am trying to access the Privacy -> Accessibility tab using Applescript. Can anyone help me?

I need to display a list of all the programs in the section:

  • Accessibility
  • Camera
  • Microphone
  • Photos
  • etc...

The request itself and the output in the terminal using osascript -e.

It is necessary to exclude interaction with the GUI. Here's what I managed to find

osascript -e 'tell application "System Events" to get the name of every login item'

I need to find the same solution for Accessibility? And get the result the same as in the screenshot below.

The main goals are

  1. Locally get the information contained in Security & Privacy 2)Connect to mac OS via SSH and get the information contained in Security & Privacy. If this is not possible, then how to display the information using a single Apple script.
RobC
  • 22,977
  • 20
  • 73
  • 80
Georgy
  • 15
  • 4
  • In order to get the information your want without using **UI Scripting**, then you'll need to query the **TCC.db** database using `sqlite3`. – user3439894 Oct 13 '21 at 16:07
  • I didn't quite understand what he would give me Library/Application Support/com.apple.EU/EU.vi ?? – Georgy Oct 13 '21 at 16:28

2 Answers2

1

It is necessary to exclude interaction with the GUI (on the remote system).

Testing with the remote system being macOS Big Sur 11.6 and having checked [√] Allow full disk access for remote users in System Preferences > Sharing > Remote Login on the remote system, then the example shell script code executed in Terminal on the local system in a ssh session to the remote system will give you a raw dump of what's listed under Accessibility in System Preferences > Security & Privacy > Privacy without the need for UI Scripting with AppleScript.

sqlite3 '/Library/Application Support/com.apple.TCC/TCC.db' 'SELECT client FROM access WHERE service="kTCCServiceAccessibility";'

On the test system its output was:

/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/Support/AEServer
com.apple.AccessibilityInspector
com.apple.Automator
com.apple.ScriptEditor2
com.apple.Terminal
com.latenightsw.ScriptDebugger8

If you really have a need to use AppleScript you could, however, say you needed the output to be pretty. In other words, using an AppleScript script saved as a shell script using a #!/usr/bin/osascript shebang the output on the same remote system would be e.g.:

AEServer, Accessibility Inspector, Automator, Script Editor, Terminal, Script Debugger

Example AppleScript code:

#!/usr/bin/osascript

set theAccessibilityList to paragraphs of (do shell script "sqlite3 '/Library/Application Support/com.apple.TCC/TCC.db' 'SELECT client FROM access WHERE service=\"kTCCServiceAccessibility\";'")

set theAccessibilityApplicationNamesList to {}
repeat with thisItem in theAccessibilityList
    if thisItem starts with "/" then
        set shellCommand to (do shell script "f=" & quoted form of thisItem & "; echo ${f##*/}")
        set end of theAccessibilityApplicationNamesList to shellCommand
    else
        try
            set end of theAccessibilityApplicationNamesList to the name of application id thisItem
        end try
    end if
end repeat

return theAccessibilityApplicationNamesList

Notes:

I created, saved and made executable the example AppleScript code, shown above, on the local system and then copied it the from the local system to the remote system using scp.


Note: The example AppleScript code is just that and sans any included error handling does not contain any additional error handling as may be appropriate. The onus is upon the user to add any error handling as may be appropriate, needed or wanted. Have a look at the try statement and error statement in the AppleScript Language Guide. See also, Working with Errors. Additionally, the use of the delay command may be necessary between events where appropriate, e.g. delay 0.5, with the value of the delay set appropriately.

user3439894
  • 7,266
  • 3
  • 17
  • 28
  • Your answer suits me, but for some reason nothing works for me. I get empty values what could be the problem? – Georgy Oct 13 '21 at 21:45
  • @Georgy, RE: "Your answer suits me, but for some reason nothing works for me. I get empty values what could be the problem?" -- **Please reread my answer.** --- The _example_ **AppleScript** _code_ shown in my answer **is not intended** to be used in **Script Editor** as in the screen shot you just added to your question. It is meant be be used in **Terminal** as a _shell script_, made executable and copied to the _remote system_ using `scp` and then executed in a `ssh` _session_. – user3439894 Oct 13 '21 at 21:59
  • I understand thanks for the answer. But if I'm interested in running two scenarios? How do I do it on a local machine using a Terminal? – Georgy Oct 13 '21 at 22:03
  • @Georgy, RE: "I understand thanks for the answer. But if I'm interested in running two scenarios? How do I do it on a local machine using a Terminal?" -- In your question you state "The main goal is to connect to mac OS via SSH" you did not say anything about doing it locally! You also modified the _path_ to the **TCC.db** _database_ in my _code_! My answer works as stated under the conditions stated! The next time you post a question I'd strongly urge you to include everything you need and not keep changing the parameters as people try to help you. – user3439894 Oct 13 '21 at 22:14
  • @Georgy, RE: "I checked the empty values remotely too, nothing works." -- If you run the _code_ as I've written it without editing the _path_ to the **TCC.db** _database_ it should work, providing the other conditions are met. The entries for **Accessibility** are not stored in `~/Library/Application Support/com.apple.TCC/TCC.db` and why it returns nothing. – user3439894 Oct 13 '21 at 22:41
  • 1
    Thank you for your answer you helped me a lot – Georgy Oct 13 '21 at 22:45
  • How do I view other values ? Full access to disk, Files and folders? – Georgy Oct 13 '21 at 23:00
  • @Georgy, Just an FYI... Depending one what one is targeting, some information is in the **TCC.db** _database_ in the `$HOME` _directory_. as an example to get the _applications_ approved to use the **Camera** it would be locally e.g.: `sqlite3 "$HOME/Library/Application Support/com.apple.TCC/TCC.db" 'SELECT client FROM access WHERE service="kTCCServiceCamera";'` – user3439894 Oct 13 '21 at 23:01
  • @Georgy, RE: "How do I view other values ? Full access to disk, Files and folders?" -- Use the proper search query on the proper _database_. I do not have a _list_ handy, however I'm sure googling for it should turn up something. – user3439894 Oct 13 '21 at 23:04
  • @Georgy, Have a look at [macOS TCC.db Internals](https://rainforest.engineering/2021-02-09-macos-tcc/) and remember some are in `'/Library/Application Support/com.apple.TCC/TCC.db'` and others in `"$HOME/Library/Application Support/com.apple.TCC/TCC.db` so you you can either query both or figure our which are in which when you expand the _example_ **AppleScript** _code_ to accommodate. – user3439894 Oct 14 '21 at 00:17
0

You should escape the nested quotes following way. And, activate the System Preferences.

osascript -e "
tell application id \"com.apple.systempreferences\"
activate
reveal anchor named \"Privacy_Accessibility\" in pane id \"com.apple.preference.security\"
end tell
tell application id \"sevs\" to tell process \"System Preferences\"
repeat until window \"Security & Privacy\" exists
delay 0.02
end repeat
tell scroll area 1 of group 1 of tab group 1 of window \"Security & Privacy\"
get value of static text 1 of UI element 1 of rows of table 1
end tell
end tell"

Or, if needed table view (on right) of needed item (on left) is already opened, you can use following osascript on the Catalina:

osascript -e "
tell application id \"sevs\" to tell process \"System Preferences\"
set frontmost to true
tell scroll area 1 of group 1 of tab group 1 of window \"Security & Privacy\" to get value of static text 1 of UI element 1 of rows of table 1
end tell"
Robert Kniazidis
  • 1,760
  • 1
  • 7
  • 8
  • Not exactly what you need. I managed to find osascript -e "inform the application "SYSTEM events" to get the value of the static text of 1 user interface element 1 table rows 1 scroll area 1 group 1 tab group 1 window 1 application process "System Settings" " Information output suits me, but it does not work without an active window. It is necessary without using a graphical interface. – Georgy Oct 13 '21 at 07:12
  • I updated the answer. I am on the Catalina, so GUI scripting code lines is written for it – Robert Kniazidis Oct 13 '21 at 12:15
  • You would not have to waste time escaping _double-quotes_ with a _backslash_ if you used _single-quotes_ for the opening and closing of the _statements_, where `...` are the remaining unescaped _double-quotes_ in _statements_ in e.g.: `osascript -e 'tell application id "com.apple.systempreferences" ...'` – user3439894 Oct 13 '21 at 14:12
  • No, all these decisions are wrong, there is interaction with the graphical interface. It is necessary to exclude interaction with the GUI. Here's what I managed to find osascript -e 'tell application "System Events" to get the name of every login item' . I need to find the same solution for Accessibility? – Georgy Oct 13 '21 at 14:28
  • user3439894 what did you mean by double-quotes with a backslash if you used single-quotes for the opening and closing of the statements. If there is a suggestion, then listen carefully? – Georgy Oct 13 '21 at 14:33
  • @Georgy, RE: "what did you mean by double-quotes with a backslash if you used single-quotes for the opening and closing of the statements." -- In the _code_ of this answer all the _double-quotes_ within the opening/closing _double-quotes_ are escaped with a `backslash` and if the _code_ was written using _single-quotes_ for the opening/closing of the _statements_ then one would not have to waste time escaping _double-quotes_ with a _backslash_ and would not be necessary as in the example snippet of _code_ show in my first comment. – user3439894 Oct 13 '21 at 15:04
  • @Georgy, RE: "If there is a suggestion, then listen carefully?" I have no idea what you are trying to say here. – user3439894 Oct 13 '21 at 15:05
  • is it supposed to work for me big sur? – Georgy Oct 13 '21 at 15:08
  • @Georgy, RE: "No, all these decisions are wrong, there is interaction with the graphical interface. It is necessary to exclude interaction with the GUI. Here's what I managed to find osascript -e 'tell application "System Events" to get the name of every login item' . I need to find the same solution for Accessibility" -- Well you do not qualify that in your OP and if that's what you need then edit your question to include what you needs are! That said, you can not use **System Events** with **Accessibility** in the same way as with `login items`, it just doesn't work that way. – user3439894 Oct 13 '21 at 15:43
  • I have updated and specified the main goal – Georgy Oct 13 '21 at 15:57