Skip to content

Instantly share code, notes, and snippets.

@timsutton
Last active July 26, 2024 20:58
Show Gist options
  • Save timsutton/31344ef60dbd4d64aca5b3287c0644e8 to your computer and use it in GitHub Desktop.
Save timsutton/31344ef60dbd4d64aca5b3287c0644e8 to your computer and use it in GitHub Desktop.
Enabling screen sharing on macOS Monterey as of 12.1 beta 2
#!/bin/bash
# A cleaner alternative to this approach, but which requires a restart, is to populate TCC's SiteOverrides.plist inside
# the TCC app support directory with the following:
# <?xml version="1.0" encoding="UTF-8"?>
# <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
# <plist version="1.0">
# <dict>
# <key>Services</key>
# <dict>
# <key>PostEvent</key>
# <array>
# <dict>
# <key>Allowed</key>
# <true/>
# <key>CodeRequirement</key>
# <string>identifier "com.apple.screensharing.agent" and anchor apple</string>
# <key>Identifier</key>
# <string>com.apple.screensharing.agent</string>
# <key>IdentifierType</key>
# <string>bundleID</string>
# </dict>
# </array>
# <key>ScreenCapture</key>
# <array>
# <dict>
# <key>Allowed</key>
# <true/>
# <key>CodeRequirement</key>
# <string>identifier "com.apple.screensharing.agent" and anchor apple</string>
# <key>Identifier</key>
# <string>com.apple.screensharing.agent</string>
# <key>IdentifierType</key>
# <string>bundleID</string>
# </dict>
# </array>
# </dict>
# </dict>
# </plist>
set -eux -o pipefail
db_path="/Library/Application Support/com.apple.TCC/TCC.db"
sanity_checks() {
os_ver_major="$(sw_vers -productVersion | awk -F'.' '{print $1}')"
if [[ "${os_ver_major}" -ne 12 ]]; then
echo "This script is only tested valid on macOS 12, and we detected this system runs version ${os_ver_major}. Exiting."
exit 1
fi
if [[ "$(id -u)" -ne 0 ]]; then
echo "Need to run this script as root... exiting"
exit 1
fi
# TODO: we should bail if we determine we don't have write access to the TCC db (we want to get specific SIP disable status
# for whatever is the protection for TCC)
}
disable_screensharing() {
launchctl unload -w /System/Library/LaunchDaemons/com.apple.screensharing.plist
sqlite3 "${db_path}" \
"BEGIN TRANSACTION; \
DELETE FROM access WHERE client = 'com.apple.screensharing.agent'; \
COMMIT;"
}
enable_screensharing() {
launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist
epoch="$(date +%s)"
sqlite3 "${db_path}" \
"BEGIN TRANSACTION; \
DELETE FROM access WHERE client = 'com.apple.screensharing.agent'; \
COMMIT; \
BEGIN TRANSACTION; \
INSERT INTO access VALUES('kTCCServicePostEvent','com.apple.screensharing.agent',0,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,${epoch}); \
INSERT INTO access VALUES('kTCCServiceScreenCapture','com.apple.screensharing.agent',0,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,${epoch}); \
COMMIT;"
}
dump_screensharing_entries() {
sqlite3 "${db_path}" \
"SELECT * FROM access WHERE client = 'com.apple.screensharing.agent';"
}
# uncomment to show existing entries for debugging
# dump_screensharing_entries
sanity_checks
enable_screensharing
# uncomment to disable instead of enable
# disable_screensharing
@soulshake
Copy link

THANK YOU ❤️ This works perfectly on CircleCI!

@trungnt2910
Copy link

trungnt2910 commented Apr 29, 2024

For macOS 14, replace enable_screensharing's function body with this (tested on GitHub Actions):

  launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist

  epoch="$(date +%s)"
  sqlite3 "${db_path}" \
    "BEGIN TRANSACTION; \
     DELETE FROM access WHERE client = 'com.apple.screensharing.agent'; \
     COMMIT; \
     BEGIN TRANSACTION; \
     INSERT INTO access(service,client,client_type,auth_value,auth_reason,auth_version,indirect_object_identifier_type,flags,last_modified,last_reminded) VALUES('kTCCServicePostEvent','com.apple.screensharing.agent',0,2,4,1,0,0,${epoch},${epoch}); \
     INSERT INTO access(service,client,client_type,auth_value,auth_reason,auth_version,indirect_object_identifier_type,flags,last_modified,last_reminded) VALUES('kTCCServiceScreenCapture','com.apple.screensharing.agent',0,2,4,1,0,0,${epoch},${epoch}); \
     COMMIT;"

macOS 14 added a few columns. This approach explicitly lists the non-default columns we want to insert, making it work for both past and hopefully future macOS versions.

@nodeselector
Copy link

Amazing. This came in handy for me. Thank you @timsutton and @trungnt2910. (Made a fork for macos14: https://gist.github.com/nodeselector/64a0b47422f208a86602e54302944f34)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment