Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add missing TCC permissions #796

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add missing TCC permissions #796

wants to merge 5 commits into from

Conversation

tylervick
Copy link

Motivation

There have been several new user permissions introduced over the last couple of major iOS versions. This change adds the missing permissions that may be modified via existing TCC.db queries.

Notably, the "Health" permission is missing since it requires modification to a standalone healthdb.sqlite database. This will be implemented in a future PR.

The following permissions have been added:

  • calendar
  • biometrics (aka FaceID)
  • media
  • reminders
  • motion
  • siri
  • speech
  • userTracking

Test Plan

  • Run idb approve -h
  • Verify the output contains added permissions:
usage: idb approve [-h] [--scheme SCHEME] [--udid UDID]
                       [--log {DEBUG,INFO,WARNING,ERROR,CRITICAL}] [--json]
                       bundle_id
                       {photos,camera,contacts,url,location,notification,microphone,calendar,faceid,media,reminders,motion,siri,speech,user_tracking}
                       [{photos,camera,contacts,url,location,notification,microphone,calendar,faceid,media,reminders,motion,siri,speech,user_tracking} ...]

  • Grant any/all of the introduced permissions for a valid bundle ID:

    • idb approve com.example.app calendar

  • Verify the supplied permissions have been successfully granted for the bundle ID

  • Revoke any/all of the introduced permissions for a valid bundle ID:

    • idb revoke com.example.app calendar

  • Verify the supplied permissions have been successfully revoked for the bundle ID

Related PRs

@facebook-github-bot
Copy link

@grzmiel has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

grzmiel
grzmiel suggested changes Jan 19, 2023
View reviewed changes
Copy link

@grzmiel grzmiel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have to add those entries to RevokeRequest as well.

idb/grpc/client.py Outdated
@@ -187,6 +195,14 @@
Permission.LOCATION: RevokeRequest.LOCATION,
Permission.NOTIFICATION: RevokeRequest.NOTIFICATION,
Permission.MICROPHONE: RevokeRequest.MICROPHONE,
Permission.CALENDAR: ApproveRequest.CALENDAR,
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those should be RevokeRequest

proto/idb.proto
@@ -255,6 +255,14 @@ message ApproveRequest {
LOCATION = 4;
NOTIFICATION = 5;
MICROPHONE = 6;
CALENDAR = 7;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add the same entries in the RevokeRequest below

@fleytman
Copy link

Do you have any new about this PR?

@fleytman
Copy link

These are very useful changes, what's stopping you from making a merge of changes at this point?

@tylervick
Copy link
Author

@fleytman unfortunately I don't have permission to merge this - I just re-requested a review from @grzmiel, perhaps they can help

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grzmiel grzmiel Awaiting requested review from grzmiel

Assignees
No one assigned
Labels
CLA Signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tylervick @facebook-github-bot @fleytman @grzmiel