Earlier this year, I upgraded a MacBookPro8,1 (a late 2011 13-inch MBP) from High Sierra to a dosdude1-patched Mojave.
From (I believe) Mountain Lion forward, Apple updated how other applications have access to key hardware components and software elements, via the new Security & Privacy prefPane.
Typically, when launching an application for the first time which needs a granting of permissions for OS and/or hardware access, the system prompts a modal box to ask the user whether they want to add permissions in Security & Privacy’s Privacy tab for the components or hardware that application needs in order to run.
More recent software (i.e., software aware of this security prompt written during or after Mountain Lion’s release) tends to be good at getting the system to prompt the user on whether to grant specific permissions. On older software, such as 32-bit Apple applications, this doesn’t happen.
For example, to use the iSight camera in QuickTime 7/Pro, the system isn‘t prompted by the application to then prompt the user to grant permissions to use the camera and microphone (for QuickTime Player.app, formerly QuickTime X Player, the prompt does happen).
What Security & Privacy relies on to check whether an application is granted specific permissions is a sqlite database located on one’s account directory, called TCC (TCC.db).
What I had to learn earlier this year and, again, this week, was how to update that database to grant QuickTime 7 access to both camera and microphone. That I had to do this twice, re-learning the second time, is why I’m making this post.
Fortunately, there are a couple of good resources online. Shy of remembering the name of that database or the page titles, it took some time for me to find them in my bookmarks to facilitate adding to the database on the Mojave build I set up last week.
Without rehashing what one must do in order to make changes, these two citation references do a better job with it.
Modifying the TCC database does a good job describing how the process works. How to modify TCC on macOS via command line is how I set out to add QuickTime 7 to the database. It’s worth one’s while to read through those sites carefully.
In my case, this summarizes what I did, in order, to give QuickTime Player 7 that hardware access. (You need to have SIP disabled and must execute this as su/root.):
The system responds:
This info provides the prefs file name for QuickTime Player 7 (com.apple.quicktimeplayer). This comes in useful in a moment.
Next, to find the unique identity string for QuickTime Player 7:
The response is:
With these, it’s then possible to add in permissions for QuickTime Player 7 on the TCC.db using some built-in command-line sqlite3. (Note: the last digit string in the following is the current UNIX epoch time.) One line is for camera access; the other is for microphone access. The only change between the two lines are the "kTCCServiceCamera" and "kTCCServiceMicrophone" variable.
To verify whether those entries were accepted correctly in the database, hop briefly into sqlite:
The following should list everything contained in TCC.db, under "access". I’ll paste what’s in my fresh Mojave install from last week.
Once the sqlite3 prompt is shown, type “.dump” (the command) and “access” (the field whose data needs to be seen:
The response to the dumping of all entries in the “access” field:
One can see the last two entries, the two lines added manually, are for QuickTime Player 7. From this point forward, using the iSight and built-in microphone (or even external camera and mic) should work for QT7!
Now one can Ctrl-C to escape from sqlite (or exit it gracefully, as sqlite3 intended).
Open Security & Privacy prefPane to verify:
I’m posting this because I’m sort of surprised there isn’t such a how-to on the EIM forum. Hopefully this helps at least one person someday!
From (I believe) Mountain Lion forward, Apple updated how other applications have access to key hardware components and software elements, via the new Security & Privacy prefPane.
Typically, when launching an application for the first time which needs a granting of permissions for OS and/or hardware access, the system prompts a modal box to ask the user whether they want to add permissions in Security & Privacy’s Privacy tab for the components or hardware that application needs in order to run.
More recent software (i.e., software aware of this security prompt written during or after Mountain Lion’s release) tends to be good at getting the system to prompt the user on whether to grant specific permissions. On older software, such as 32-bit Apple applications, this doesn’t happen.
For example, to use the iSight camera in QuickTime 7/Pro, the system isn‘t prompted by the application to then prompt the user to grant permissions to use the camera and microphone (for QuickTime Player.app, formerly QuickTime X Player, the prompt does happen).
What Security & Privacy relies on to check whether an application is granted specific permissions is a sqlite database located on one’s account directory, called TCC (TCC.db).
What I had to learn earlier this year and, again, this week, was how to update that database to grant QuickTime 7 access to both camera and microphone. That I had to do this twice, re-learning the second time, is why I’m making this post.
Fortunately, there are a couple of good resources online. Shy of remembering the name of that database or the page titles, it took some time for me to find them in my bookmarks to facilitate adding to the database on the Mojave build I set up last week.
Without rehashing what one must do in order to make changes, these two citation references do a better job with it.
Modifying the TCC database does a good job describing how the process works. How to modify TCC on macOS via command line is how I set out to add QuickTime 7 to the database. It’s worth one’s while to read through those sites carefully.
In my case, this summarizes what I did, in order, to give QuickTime Player 7 that hardware access. (You need to have SIP disabled and must execute this as su/root.):
Code:
sh-3.2# codesign -dr - /Applications/Utilities/QuickTime\ Player\ 7.app/ | awk -F \" '{print $2}'
The system responds:
Code:
Executable=/Applications/Utilities/QuickTime Player 7.app/Contents/MacOS/QuickTime Player 7
libstdc++.6.0.9.dylib
com.apple.quicktimeplayer
This info provides the prefs file name for QuickTime Player 7 (com.apple.quicktimeplayer). This comes in useful in a moment.
Next, to find the unique identity string for QuickTime Player 7:
Code:
sh-3.2# codesign -dr - /Applications/Utilities/QuickTime\ Player\ 7.app 2>&1 | awk -F ' => ' '/designated/{print $2}' | csreq -r- -b /tmp/csreq.bin
sh-3.2# echo "'$(xxd -p /tmp/csreq.bin | tr -d '\n')'"
The response is:
Code:
'fade0c000000003800000001000000060000000200000019636f6d2e6170706c652e717569636b74696d65706c6179657200000000000003'
With these, it’s then possible to add in permissions for QuickTime Player 7 on the TCC.db using some built-in command-line sqlite3. (Note: the last digit string in the following is the current UNIX epoch time.) One line is for camera access; the other is for microphone access. The only change between the two lines are the "kTCCServiceCamera" and "kTCCServiceMicrophone" variable.
Code:
sh-3.2# sqlite3 /Users/BSMagnet/Library/Application\ Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES('kTCCServiceCamera','com.apple.quicktimeplayer',0,1,1,X'fade0c000000003800000001000000060000000200000019636f6d2e6170706c652e717569636b74696d65706c6179657200000000000003',NULL,NULL,'UNUSED',NULL,0,1725504769)"
sh-3.2# sqlite3 /Users/BSMagnet/Library/Application\ Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES('kTCCServiceMicrophone','com.apple.quicktimeplayer',0,1,1,X'fade0c000000003800000001000000060000000200000019636f6d2e6170706c652e717569636b74696d65706c6179657200000000000003',NULL,NULL,'UNUSED',NULL,0,1725505223)"
To verify whether those entries were accepted correctly in the database, hop briefly into sqlite:
Code:
sh-3.2# sqlite3 /Users/BSMagnet/Library/Application\ Support/com.apple.TCC/TCC.db
SQL:
SQLite version 3.24.0 2018-06-04 14:10:15
Enter ".help" for usage hints.
The following should list everything contained in TCC.db, under "access". I’ll paste what’s in my fresh Mojave install from last week.
Once the sqlite3 prompt is shown, type “.dump” (the command) and “access” (the field whose data needs to be seen:
SQL:
sqlite> .dump access
The response to the dumping of all entries in the “access” field:
SQL:
PRAGMA foreign_keys=OFF;
BEGIN TRANSACTION;
CREATE TABLE access ( service TEXT NOT NULL, client TEXT NOT NULL, client_type INTEGER NOT NULL, allowed INTEGER NOT NULL, prompt_count INTEGER NOT NULL, csreq BLOB, policy_id INTEGER, indirect_object_identifier_type INTEGER, indirect_object_identifier TEXT, indirect_object_code_identity BLOB, flags INTEGER, last_modified INTEGER NOT NULL DEFAULT (CAST(strftime('%s','now') AS INTEGER)), PRIMARY KEY (service, client, client_type, indirect_object_identifier), FOREIGN KEY (policy_id) REFERENCES policies(id) ON DELETE CASCADE ON UPDATE CASCADE);
INSERT INTO access VALUES('kTCCServiceUbiquity','com.apple.weather',0,1,1,X'fade0c000000003000000001000000060000000200000011636f6d2e6170706c652e7765617468657200000000000003',NULL,NULL,'UNUSED',NULL,0,1724230964);
INSERT INTO access VALUES('kTCCServiceUbiquity','com.apple.CloudDocs.MobileDocumentsFileProvider',0,1,1,X'fade0c000000004c0000000100000006000000020000002f636f6d2e6170706c652e436c6f7564446f63732e4d6f62696c65446f63756d656e747346696c6550726f76696465720000000003',NULL,NULL,'UNUSED',NULL,0,1724235727);
INSERT INTO access VALUES('kTCCServiceUbiquity','com.apple.TextEdit',0,1,1,X'fade0c000000003000000001000000060000000200000012636f6d2e6170706c652e5465787445646974000000000003',NULL,NULL,'UNUSED',NULL,0,1724306366);
INSERT INTO access VALUES('kTCCServiceUbiquity','com.apple.Preview',0,1,1,X'fade0c000000003000000001000000060000000200000011636f6d2e6170706c652e5072657669657700000000000003',NULL,NULL,'UNUSED',NULL,0,1724536928);
INSERT INTO access VALUES('kTCCServiceUbiquity','com.apple.QuickTimePlayerX',0,1,1,X'fade0c00000000380000000100000006000000020000001a636f6d2e6170706c652e517569636b54696d65506c6179657258000000000003',NULL,NULL,'UNUSED',NULL,0,1724558615);
INSERT INTO access VALUES('kTCCServiceMicrophone','com.apple.QuickTimePlayerX',0,1,1,X'fade0c00000000380000000100000006000000020000001a636f6d2e6170706c652e517569636b54696d65506c6179657258000000000003',NULL,NULL,'UNUSED',NULL,NULL,1724558714);
INSERT INTO access VALUES('kTCCServiceCamera','com.apple.QuickTimePlayerX',0,1,1,X'fade0c00000000380000000100000006000000020000001a636f6d2e6170706c652e517569636b54696d65506c6179657258000000000003',NULL,NULL,'UNUSED',NULL,NULL,1724558718);
INSERT INTO access VALUES('kTCCServiceCamera','com.apple.quicktimeplayer',0,1,1,X'fade0c000000003800000001000000060000000200000019636f6d2e6170706c652e717569636b74696d65706c6179657200000000000003',NULL,NULL,'UNUSED',NULL,0,1725504769);
INSERT INTO access VALUES('kTCCServiceMicrophone','com.apple.quicktimeplayer',0,1,1,X'fade0c000000003800000001000000060000000200000019636f6d2e6170706c652e717569636b74696d65706c6179657200000000000003',NULL,NULL,'UNUSED',NULL,0,1725505223);
COMMIT;
One can see the last two entries, the two lines added manually, are for QuickTime Player 7. From this point forward, using the iSight and built-in microphone (or even external camera and mic) should work for QT7!
Now one can Ctrl-C to escape from sqlite (or exit it gracefully, as sqlite3 intended).
Open Security & Privacy prefPane to verify:
I’m posting this because I’m sort of surprised there isn’t such a how-to on the EIM forum. Hopefully this helps at least one person someday!
Last edited: