Skip to main content
Question

List All Apps on Full Disk Access

  • January 18, 2024
  • 3 replies
  • 310 views
F
Forum|alt.badge.img+4

Hello All,

 

I'm stuck. I hope anyone can help me :)

I need to check all apps status on full disk access. Is there any command to find status or other way? My manager want to know 2 things. 

1. Is XXX.app added to full disk access ?

2. Is XXX.app open on full disk access ?

Thank you.

 

    3 replies

    Ashok_A
    Forum|alt.badge.img+9
    • Ashok_A
    • Contributor
    • January 18, 2024

    @foreverkan - you can only check which applications are granted with Full Disk Access (either by end-user or via MDM) using the following command from an CLI. The output will list the application BundleIdentifier name. 

    sudo sqlite3 /Library/Application\\ Support/com.apple.TCC/TCC.db \\ 'select client from access where auth_value and service = "kTCCServiceSystemPolicyAllFiles"'


    Ensure you grant full disk access to the Terminal application if you are running the above command from Terminal.

    aparten11
    pete_c
    Forum|alt.badge.img+16
    • pete_c
    • Honored Contributor
    • January 18, 2024

    Here's my EA which greps out the various Apple services:

    #!/bin/bash # 1.1 added grep to filter out stock components and strip /Library/App Support (ie Nexthink) # # query the TCC.db to return all SystemPolicyAllFiles entitlements # # sample return: # # com.jamfsoftware.Composer # com.cisco.anyconnect.gui # NexthinkVersions/23.8.3.7_1/nxtupdater # # when using interactively in the shell: printf "%s\\n" $results results=$(/usr/bin/sqlite3 /Library/Application\\ Support/com.apple.TCC/TCC.db 'select * from access' | awk -F'|' ' { print $2 } ' | grep -Ev "com.apple|System" | sed 's/\\/Library\\/Application Support\\///g' ) echo "<result>$results</result>"
    aparten11
    F
    Forum|alt.badge.img+4
    • foreverkan
    • Author
    • Contributor
    • March 19, 2024

    @foreverkan - you can only check which applications are granted with Full Disk Access (either by end-user or via MDM) using the following command from an CLI. The output will list the application BundleIdentifier name. 

    sudo sqlite3 /Library/Application\\ Support/com.apple.TCC/TCC.db \\ 'select client from access where auth_value and service = "kTCCServiceSystemPolicyAllFiles"'


    Ensure you grant full disk access to the Terminal application if you are running the above command from Terminal.


    Thank you for your reply. Command is worked but it is not listed all allowed apps. What can i do?

    Terms & ConditionsCookie settingsAccessibility statement