问题
I want to enable access for assistive devices programatically on 10.9. On 10.8 and lower I was using following Applescript to enable access for assistive devices:
tell application "System Events"
if UI elements enabled is false then
set UI elements enabled to true
end if
end tell
With 10.9, Apple has moved the accessibility options to System Preferences ➞ Security & Privacy ➞ Privacy ➞ Accessibility. Unlike previous versions of OS X, which used a universal checkbox for all applications, the new functionality in 10.9 allows users to individually choose which apps can gain control of the system to perform their various scripted functions.
Apple has NOT provided any API to developers to programmatically enable accessibility for an app. So Mac OS 10.9 will prompt a dialog for end user permission to enable Accessibility when application uses accessibility APIs. Additionally User has to Relaunch the application after enabling Accessibility.
Can we enable access for assistive devices programmatically on 10.9 using Applescript or any other APIs? Any help to fix this issue would be greatly appreciated.
回答1:
This doesn’t answer your question, but it’s good to know about a new API call that appeared in 10.9 and lets you display the authorization screen or bypass it:
NSDictionary *options = @{(id)kAXTrustedCheckOptionPrompt: @YES};
BOOL accessibilityEnabled = AXIsProcessTrustedWithOptions((CFDictionaryRef)options);
Passing YES
will force the authorization screen to appear, passing NO
will silently skip it. The return value is the same as the one returned by AXAPIEnabled()
, which is getting deprecated in 10.9. To make sure that the function is available on your system, just compare it to NULL
:
if (AXIsProcessTrustedWithOptions != NULL) {
// 10.9 and later
} else {
// 10.8 and older
}
You'll need to add ApplicationServices.framework
to your project, and import to your .m or .h file:
#import <ApplicationServices/ApplicationServices.h>
It’s quite a pity that the authorization screen doesn’t let the user to authorize the app directly, it just opens the right part of the System Preferences. Which, by the way, you can do directly without going through the useless system dialogue:
tell application "System Preferences"
set securityPane to pane id "com.apple.preference.security"
tell securityPane to reveal anchor "Privacy_Accessibility"
activate
end tell
or using Objective C:
NSString *urlString = @"x-apple.systempreferences:com.apple.preference.security?Privacy_Accessibility";
[[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:urlString]];
This can be paired with the first code snippet to test whether accessibilityEnabled
by passing @NO
to kAXTrustedCheckOptionPrompt
while preventing the system pop-up to appear and instead opening the Accessibility preferences pane directly:
NSDictionary *options = @{(id)kAXTrustedCheckOptionPrompt: @NO};
BOOL accessibilityEnabled = AXIsProcessTrustedWithOptions((CFDictionaryRef)options);
if (!accessibilityEnabled) {
NSString *urlString = @"x-apple.systempreferences:com.apple.preference.security?Privacy_Accessibility";
[[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:urlString]];
}
回答2:
While @user2865860's answer works well, I though I'd post the entire code sample that works perfectly on 10.9 to save others some time. You need to get root privileges, so it will prompt a user to enter the password.
char *command= "/usr/bin/sqlite3";
char *args[] = {"/Library/Application Support/com.apple.TCC/TCC.db", "INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.yourapp',0,1,0,NULL);", nil};
AuthorizationRef authRef;
OSStatus status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authRef);
if (status == errAuthorizationSuccess) {
status = AuthorizationExecuteWithPrivileges(authRef, command, kAuthorizationFlagDefaults, args, NULL);
AuthorizationFree(authRef, kAuthorizationFlagDestroyRights);
if(status != 0){
//handle errors...
}
}
回答3:
You can edit the TCC.db file in directly. I had to do this in order to make Divvy install without user interaction. Just replace com.mizage.divvy with your program.
sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES('kTCCServiceAccessibility','com.mizage.divvy',0,1,1,NULL);"
To remove the entry:
sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "delete from access where client='com.mizage.divvy';"
回答4:
I have found the following code snippet which properly requests Accessibility permissions in OS X 10.9:
if (AXIsProcessTrustedWithOptions != NULL) {
// 10.9 and later
const void * keys[] = { kAXTrustedCheckOptionPrompt };
const void * values[] = { kCFBooleanTrue };
CFDictionaryRef options = CFDictionaryCreate(
kCFAllocatorDefault,
keys,
values,
sizeof(keys) / sizeof(*keys),
&kCFCopyStringDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks);
return AXIsProcessTrustedWithOptions(options);
}
// OS X 10.8 and older
回答5:
I was struggling with this myself and after a bit of a research I found the following:
Hacking the sqlite DB has the major drawback in using authorization services. First this will pop-up a dialog telling user that an application wants to install a utility helper (even though it is just one off launchd submission using
SMJobSubmit
). Second, it does not work for sandboxed apps and thus no app store.@Max Al Faeakh uses
AuthorizationExecuteWithPrivileges
which is deprecated. You need to use launchd with the aboveSMJobSubmit
. Anyway, this still requires authorization. It also requires an auxiliary application like this one.
I guess the best is to use either:
NSDictionary *options = @{(id)kAXTrustedCheckOptionPrompt: @YES};
BOOL accessibilityEnabled = AXIsProcessTrustedWithOptions((CFDictionaryRef)options);
or
NSDictionary *options = @{(id)kAXTrustedCheckOptionPrompt: @NO};
BOOL accessibilityEnabled = AXIsProcessTrustedWithOptions((CFDictionaryRef)options);
and open preference pane manually using for example scripting bridge framework:
SBSystemPreferencesApplication *prefs = [SBApplication applicationWithBundleIdentifier:@"com.apple.systempreferences"];
[prefs activate];
SBSystemPreferencesPane *pane = [[prefs panes] find:^BOOL(SBSystemPreferencesPane *elem) {
return [[elem id] isEqualToString:@"com.apple.preference.security"];
}];
SBSystemPreferencesAnchor *anchor = [[pane anchors] find:^BOOL(SBSystemPreferencesAnchor *elem) {
return [[elem name] isEqualToString:@"Privacy_Accessibility"];
}];
[anchor reveal];
The SBSystemPreferencesPane
class comes form a SBSystemPreferences.h
file which can be generated:
sdef "/Applications/System Preferences.app" | sdp -fh --basename SBSystemPreferences -o SBSystemPreferences.h
回答6:
Thanks for this shell script samples from @NightFlight, which are really helpful. I used this with AppleScript in a Python application, like the following:
set sh to "touch /private/var/db/.AccessibilityAPIEnabled && sqlite3 \\"/Library/Application Support/com.apple.TCC/TCC.db\\" \\"INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.godevnode',0,1,0,NULL);\\""
do shell script sh with administrator privileges
It worked well for me in Python code as a string.
Edit (Nov 7, 2014):
If you want to try this in AppleScript Editor, use a slightly different character escape as below:
set sh to "touch /private/var/db/.AccessibilityAPIEnabled && sqlite3 \"/Library/Application Support/com.apple.TCC/TCC.db\" \"INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.godevnode',0,1,0,NULL);\""
do shell script sh with administrator privileges
For Mac OS X before 10.9, it's even simpler:
accessibility_api_file = "/private/var/db/.AccessibilityAPIEnabled"
def __enable_accessibility_api():
try:
script = 'do shell script "touch %s" with administrator ' \
'privileges' % accessibility_api_file
result = applescript.AppleScript(script).run()
log.debug("Tried to enable accessibility api, result=" + result)
return True
except applescript.ScriptError as err:
log.error(str(err))
return False
Just need to touch one file. The AppleScript mentioned in the Python code above can also be used in other languages.
回答7:
To add on to this, you can actually monitor if the user clicks the accessibility setting for your app so you can do some actions when the user grants the permission
(Swift 5, works on Mojave)
reading values (the correct way for Mojave):
private func readPrivileges(prompt: Bool) -> Bool {
let options: NSDictionary = [kAXTrustedCheckOptionPrompt.takeRetainedValue() as NSString: prompt]
let status = AXIsProcessTrustedWithOptions(options)
os_log("Reading Accessibility privileges - Current access status %{public}@", type: .info, String(status))
return status
}
Monitoring for changes in accessibility:
DistributedNotificationCenter.default().addObserver(forName: NSNotification.Name("com.apple.accessibility.api"), object: nil, queue: nil) { _ in
DispatchQueue.main.asyncAfter(deadline: .now() + 0.1) {
self.updatePrivileges()
}
}
It is best to read the privileges again after getting the notification as the notification itself doesn't really work in my experience. So inside the updatePrivileges()
, run readPrivileges()
to get the new status.
You need the delay because it takes some time for the changes to be reflected.
Another thing you need to keep in mind while monitoring is that a notification will be fired for any app that gets different permissions, so if the user grants or revokes a different app you'll still get a notification.
Also, don't forget to remove the observer when you don't need it anymore.
edit:
Source: Accessbility Testbench by Piddlesoft
回答8:
Thanks everyone.
I issue the following triggered from the login window to ensure control is given only to the items we want every session:
# Enable Service Accessibility for Textpander and others
# Clear the acess table.
sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "DELETE FROM access"
# Enter the access we wish to have.
sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES ('kTCCServiceAccessibility','com.apple.systempreferences',0,1,1,NULL)"
sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES ('kTCCServiceAccessibility','de.petermaurer.textpanderdaemon',0,1,1,NULL)"
回答9:
The sqlite3 "hack" is great.
I had to use permissions "1,1,1" (whatever that means) to make this work.
Note that the permission combination, not the client (ie. program name) is the unique database key.
来源:https://stackoverflow.com/questions/17693408/enable-access-for-assistive-devices-programmatically-on-10-9