Skip to content

Add missing TCC permissions #796

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tylervick wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add missing TCC permissions #796

tylervick wants to merge 5 commits into from

Conversation

@tylervick
Copy link

@tylervick tylervick commented Sep 6, 2022

Motivation

There have been several new user permissions introduced over the last couple of major iOS versions. This change adds the missing permissions that may be modified via existing TCC.db queries.

Notably, the "Health" permission is missing since it requires modification to a standalone healthdb.sqlite database. This will be implemented in a future PR.

The following permissions have been added:

  • calendar
  • biometrics (aka FaceID)
  • media
  • reminders
  • motion
  • siri
  • speech
  • userTracking

Test Plan

  • Run idb approve -h
  • Verify the output contains added permissions:
usage: idb approve [-h] [--scheme SCHEME] [--udid UDID]
                       [--log {DEBUG,INFO,WARNING,ERROR,CRITICAL}] [--json]
                       bundle_id
                       {photos,camera,contacts,url,location,notification,microphone,calendar,faceid,media,reminders,motion,siri,speech,user_tracking}
                       [{photos,camera,contacts,url,location,notification,microphone,calendar,faceid,media,reminders,motion,siri,speech,user_tracking} ...]

  • Grant any/all of the introduced permissions for a valid bundle ID:

    • idb approve com.example.app calendar

  • Verify the supplied permissions have been successfully granted for the bundle ID

  • Revoke any/all of the introduced permissions for a valid bundle ID:

    • idb revoke com.example.app calendar

  • Verify the supplied permissions have been successfully revoked for the bundle ID

Related PRs

@facebook-github-bot
Copy link

facebook-github-bot commented Jan 18, 2023

@grzmiel has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

grzmiel
grzmiel suggested changes Jan 19, 2023
View reviewed changes
Copy link

@grzmiel grzmiel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have to add those entries to RevokeRequest as well.

idb/grpc/client.py Outdated
Permission.LOCATION: RevokeRequest.LOCATION,
Permission.NOTIFICATION: RevokeRequest.NOTIFICATION,
Permission.MICROPHONE: RevokeRequest.MICROPHONE,
Permission.CALENDAR: ApproveRequest.CALENDAR,
Copy link

@grzmiel grzmiel Jan 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those should be RevokeRequest

proto/idb.proto
LOCATION = 4;
NOTIFICATION = 5;
MICROPHONE = 6;
CALENDAR = 7;
Copy link

@grzmiel grzmiel Jan 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add the same entries in the RevokeRequest below

@fleytman
Copy link

fleytman commented Aug 21, 2023

Do you have any new about this PR?

@fleytman
Copy link

fleytman commented Nov 27, 2023

These are very useful changes, what's stopping you from making a merge of changes at this point?

@tylervick tylervick requested a review from grzmiel December 3, 2023 16:47
@tylervick
Copy link
Author

tylervick commented Dec 3, 2023

@fleytman unfortunately I don't have permission to merge this - I just re-requested a review from @grzmiel, perhaps they can help

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@grzmiel grzmiel Awaiting requested review from grzmiel

Assignees

No one assigned

Labels

CLA Signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tylervick @facebook-github-bot @fleytman @grzmiel