This repository was archived by the owner on Aug 3, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathisight
More file actions
executable file
·291 lines (250 loc) · 8.36 KB
/
isight
File metadata and controls
executable file
·291 lines (250 loc) · 8.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
#!/usr/bin/env bash
#
# iSight CLI Disabler
#
# MIT LICENSE - Copyright (c) May 2015 Jesse Doyle
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# Acknowledgements:
#
# This script is based off of the work completed by http://techslaves.org on
# their great AppleScript "iSight Disabler".
#
# Please visit: http://techslaves.org/isight-disabler/ to see the original
# AppleScript implementation.
APP_NAME='iSight CLI Disabler'
APP_SHORT='isight'
VERSION="0.5.1"
USER=$(whoami)
OIFS=$IFS
IFS+="\n\n" # Double newline IFS for readability
# Various iSight driver locations in OSX < 10.12
DRIVERS=(
"/System/Library/QuickTime/QuickTimeUSBVDCDigitizer.component/Contents/MacOS/QuickTimeUSBVDCDigitizer"
"/System/Library/PrivateFrameworks/CoreMediaIOServicesPrivate.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC"
"/System/Library/PrivateFrameworks/CoreMediaIOServices.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC"
"/System/Library/Frameworks/CoreMediaIO.framework/Versions/A/Resources/VDC.plugin/Contents/MacOS/VDC"
"/Library/CoreMediaIO/Plug-Ins/DAL/AppleCamera.plugin/Contents/MacOS/AppleCamera"
"/Library/CoreMediaIO/Plug-Ins/FCP-DAL/AppleCamera.plugin/Contents/MacOS/AppleCamera"
"/System/Library/PrivateFrameworks/CoreMediaIOServicesPrivate.framework/Versions/A/Resources/AVC.plugin/Contents/MacOS/AVC"
)
IFS=$OIFS
# With system integrity protection enabled, we have to use system profiles to
# disable the camera on OSX >= 10.11 with system integrity protection enabled.
read -d '' ISD_EL_CAPITAN_CONFIG <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadIdentifier</key>
<string>com.apple.mdm.mba.263c7450-4ae1-0133-5b68-68a86d032b5e.alacarte</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>263c7450-4ae1-0133-5b68-68a86d032b5e</string>
<key>PayloadOrganization</key>
<string>iSight CLI Disabler</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadDisplayName</key>
<string>Disable Camera</string>
<key>PayloadDescription</key>
<string>Adds a restriction profile to OS X that disables access to the camera drivers.</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadType</key>
<string>com.apple.coremediaio.support</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadIdentifier</key>
<string>com.apple.mdm.mba.263c7450-4ae1-0133-5b68-68a86d032b5e.alacarte.macosxrestrictions.26341050-4ae1-0133-5b67-68a86d032b5e.support</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadUUID</key>
<string>82807313-a6ee-8f6a-34a3-060c3fc6ec24</string>
<key>PayloadDisplayName</key>
<string>Disable Camera</string>
<key>Device Access Allowed</key>
<false/>
</dict>
</array>
</dict>
</plist>
EOF
function help() {
cat <<EOS
--------------------------------------------------------------------------------
NAME
$APP_NAME - enable and disable the built-in iSight camera
VERSION
v$VERSION
USAGE
$APP_SHORT [(on|off)]
ARGUMENTS
on:
enable iSight camera (requires sudo).
alias: enable
off:
disable iSight camera (requires sudo).
alias: disable
help:
display this message.
alias: -h
version:
print application version.
alias: -v
--------------------------------------------------------------------------------
EOS
exit 0
}
function error() {
echo "$0: error - $1" 1>&2
exit 1
}
function version() {
echo "$APP_NAME: v$VERSION"
exit 0
}
function parse_args() {
while [ $# -gt 0 ]
do
case "$1" in
(on) enable_camera;;
(enable) enable_camera;;
(off) disable_camera;;
(disable) disable_camera;;
(help) help;;
(-h) help;;
(version) version;;
(-v) version;;
(status) break;;
("") break;;
(*) error "unrecognized option(s): $1";;
esac
shift
done
echo $(camera_status)
exit 0
}
# Scan through each element in the DRIVERS array to determine if the path
# matches a file in the filesystem. If the driver file exists, append it
# to the returned string.
function scan_drivers() {
for driver in ${DRIVERS[@]}; do
if [ -e "$driver" ]; then
[[ -z "$found" ]] && found="$driver" || found="$found $driver"
fi
done
if [ -z "$found" ]; then
error "unable to find valid drivers"
fi
echo "$found"
}
# Determine the status of the individual driver files passed in as the first
# argument. Determine if the driver is active using the octal filesystem
# permissions.
function stat_drivers() {
found=$1
IFS=$' '
read -a drivers <<< "$found"
for driver in ${drivers[@]}; do
octal=$(/usr/bin/stat -f "%p" "$driver")
octal=$(echo "$octal" | /usr/bin/awk '{print substr($0, length($0))}')
[[ $octal -lt 5 ]] && \
v="iSight Status: Disabled" || v="iSight Status: Enabled"
done
IFS=$OIFS
echo "$v"
}
# Change the file permissions for the drivers supplied as the first argument
# to be more permissive/restrictive based on the second argument ('yes/no').
function chmod_drivers() {
sanity_check
drivers=$1
[[ "$2" = "yes" ]] && c="/bin/chmod a+r" || c="/bin/chmod a-r"
eval "$c $drivers"
}
# Print the status of the camera to stdout.
function camera_status() {
version=$(sw_vers -productVersion | awk -F '.' '{print $1$2}')
status=$(system_integrity)
if [ "$version" -ge "1011" ] && [ "$status" == "enabled" ]; then
found=$(profiles -L | grep 'com.apple.mdm.mba.263c7450-4ae1-0133-5b68-68a86d032b5e.alacarte')
[[ -z "$found" ]] && v="iSight Status: Enabled" || v="iSight Status: Disabled"
echo $v
else
found=$(scan_drivers)
echo $(stat_drivers $found)
fi
}
# Enable the iSight camera by allowing the current user read access
# to the driver files.
function enable_camera() {
version=$(sw_vers -productVersion | awk -F '.' '{print $1$2}')
status=$(system_integrity)
if [ "$version" -ge "1011" ] && [ "$status" == "enabled" ]; then
echo "System Integrity Protection is enabled!"
echo "Enabling iSight..."
$(echo "$ISD_EL_CAPITAN_CONFIG" | profiles -R $USER -F -)
else
found=$(scan_drivers)
echo $(stat_drivers $found)
echo "Enabling iSight..."
chmod_drivers "$found" "yes"
fi
exit 0
}
# Disable the iSight camera by restricting the current user read access
# to the driver files.
function disable_camera() {
version=$(sw_vers -productVersion | awk -F '.' '{print $1$2}')
status=$(system_integrity)
if [ "$version" -ge "1011" ] && [ "$status" == "enabled" ]; then
echo "System Integrity Protection is enabled!"
echo "Disabling iSight..."
$(echo "$ISD_EL_CAPITAN_CONFIG" | profiles -I $USER -F -)
else
found=$(scan_drivers)
echo $(stat_drivers "$found")
echo "Disabling iSight..."
chmod_drivers "$found" "no"
fi
exit 0
}
# Determine if the current user is root - display an error
# if the user is not root.
function sanity_check() {
if [ "$(whoami)" != "root" ]; then
error "must be run as root (sudo) to enable/disable the camera"
fi
}
# Query for system integrity protection status on MacOS >= 10.11.
# Returns "enabled" or "disabled".
function system_integrity() {
csrutil status | grep --quiet enabled
[[ $? == 0 ]] && s="enabled" || s="disabled"
echo "$s"
}
parse_args "$*"