Google Chrome Install, updates, prompts, PPPC and my thinning scalp!

totalyscrewedup
New Contributor III

I'm at the point that pulling my hair is becoming just as possible as successfully deploying Chrome via Jamf.
I've spent day reading on this, read on https://github.com/jamf/JamfPrivacyPreferencePolicyControlProfiles
but I can't get Chrome to install without the prompt "macOS needs to make a change. Please enter administrator credentials"
I want it to be able to update itself, so there isn't an internal fight with Google. Just that I can't get anything to work on Mojave.
I'm plugging in the PPPC that I've pushed to my test system and I've played with for days below and the output of the command '/usr/bin/log stream --debug --predicate 'subsystem == "com.apple.TCC" | grep Prompting'....
WELP!!!!!

4 REPLIES 4

totalyscrewedup
New Contributor III

command output:
2020-02-28 12:08:45.103878-0500 0x3b29 Info 0x0 215 0 tccd: [com.apple.TCC:access] -[TCCDPlatformMacOS evaluatePolicyForPromptingforService:byIdentity:attributionChain:]: policyResult = 3; isApplePlatformBinary = 1
2020-02-28 12:08:56.167794-0500 0x3c09 Info 0x0 215 0 tccd: [com.apple.TCC:access] -[TCCDPlatformMacOS evaluatePolicyForPromptingforService:byIdentity:attributionChain:]: policyResult = 3; isApplePlatformBinary = 1
2020-02-28 12:10:12.763259-0500 0x40fd Error 0x0 215 0 tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.google.Chrome, PID[3718], auid: 502, euid: 502, binary path: '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome'}, REQ:{ID: com.apple.appleeventsd, PID[52], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
2020-02-28 12:10:12.763276-0500 0x40fd Info 0x0 215 0 tccd: [com.apple.TCC:access] -[TCCDPlatformMacOS evaluatePolicyForPromptingforService:byIdentity:attributionChain:]: policyResult = 4; isApplePlatformBinary = 0
2020-02-28 12:10:19.405491-0500 0x4233 Error 0x0 215 0 tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for RESP:{ID: com.google.Keystone.Agent, PID[3762], auid: 502, euid: 502, responsible path: '/Users/generic/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent', binary path: '/Users/generic/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent'}, ACC:{ID: com.google.Keystone.Agent, PID[3762], auid: 502, euid: 502, binary path: '/Users/generic/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent'}, REQ:{ID: com.apple.appleeventsd, PID[52], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
2020-02-28 12:10:19.405554-0500 0x4233 Info 0x0 215 0 tccd: [com.apple.TCC:access] -[TCCDPlatformMacOS evaluatePolicyForPromptingforService:byIdentity:attributionChain:]: policyResult = 4; isApplePlatformBinary = 0
2020-02-28 12:10:19.493467-0500 0x423b Error 0x0 215 0 tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for RESP:{ID: com.google.Keystone.Agent, PID[3765], auid: 502, euid: 502, responsible path: '/Users/generic/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent', binary path: '/Users/generic/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent'}, ACC:{ID: com.google.Keystone.Agent, PID[3765], auid: 502, euid: 502, binary path: '/Users/generic/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent'}, REQ:{ID: com.apple.appleeventsd, PID[52], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}

totalyscrewedup
New Contributor III

And here is the PPPC as XML:<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>PayloadContent</key> <array> <dict> <key>PayloadDescription</key> <string>ChromeCrap2</string> <key>PayloadDisplayName</key> <string>ChromeCrap2</string> <key>PayloadIdentifier</key> <string>96CC8430-37AE-47F9-85E9-A4F39C98B4C3</string> <key>PayloadOrganization</key> <string>ecoATM</string> <key>PayloadType</key> <string>com.apple.TCC.configuration-profile-policy</string> <key>PayloadUUID</key> <string>5784C03F-288D-49FD-97F8-0FBC8F6CB933</string> <key>PayloadVersion</key> <integer>1</integer> <key>Services</key> <dict> <key>Accessibility</key> <array> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome</string> <key>IdentifierType</key> <string>bundleID</string> </dict> </array> <key>AppleEvents</key> <array> <dict> <key>AEReceiverCodeRequirement</key> <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>AEReceiverIdentifier</key> <string>com.google.Chrome</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.google.Chrome.helper" and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome.helper</string> <key>IdentifierType</key> <string>bundleID</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.finder" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>com.apple.finder</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.google.Chrome.helper" and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome.helper</string> <key>IdentifierType</key> <string>bundleID</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.systemuiserver" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>com.apple.systemuiserver</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.google.Chrome.helper" and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome.helper</string> <key>IdentifierType</key> <string>bundleID</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.systemevents" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>com.apple.systemevents</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.google.Chrome.helper" and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome.helper</string> <key>IdentifierType</key> <string>bundleID</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.SecurityAgent" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent</string> <key>AEReceiverIdentifierType</key> <string>path</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.apple.TMHelperAgent" and anchor apple</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent</string> <key>IdentifierType</key> <string>path</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.google.Chrome.helper" and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>AEReceiverIdentifier</key> <string>com.google.Chrome.helper</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.apple.TMHelperAgent" and anchor apple</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent</string> <key>IdentifierType</key> <string>path</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>AEReceiverIdentifier</key> <string>com.google.Chrome</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.apple.TMHelperAgent" and anchor apple</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent</string> <key>IdentifierType</key> <string>path</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.finder" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>com.apple.finder</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.apple.TMHelperAgent" and anchor apple</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent</string> <key>IdentifierType</key> <string>path</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.systemuiserver" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>com.apple.systemuiserver</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.apple.TMHelperAgent" and anchor apple</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent</string> <key>IdentifierType</key> <string>path</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.systemevents" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>com.apple.systemevents</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.apple.TMHelperAgent" and anchor apple</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent</string> <key>IdentifierType</key> <string>path</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.google.Chrome.helper" and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>AEReceiverIdentifier</key> <string>com.google.Chrome.helper</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.apple.SecurityAgent" and anchor apple</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent</string> <key>IdentifierType</key> <string>path</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.TMHelperAgent" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent</string> <key>AEReceiverIdentifierType</key> <string>path</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.apple.SecurityAgent" and anchor apple</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent</string> <key>IdentifierType</key> <string>path</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>AEReceiverIdentifier</key> <string>com.google.Chrome</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.apple.SecurityAgent" and anchor apple</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent</string> <key>IdentifierType</key> <string>path</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.finder" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>com.apple.finder</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.apple.SecurityAgent" and anchor apple</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent</string> <key>IdentifierType</key> <string>path</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.systemuiserver" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>com.apple.systemuiserver</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.apple.SecurityAgent" and anchor apple</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent</string> <key>IdentifierType</key> <string>path</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.systemevents" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>com.apple.systemevents</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.apple.SecurityAgent" and anchor apple</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent</string> <key>IdentifierType</key> <string>path</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.TMHelperAgent" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent</string> <key>AEReceiverIdentifierType</key> <string>path</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome</string> <key>IdentifierType</key> <string>bundleID</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.google.Chrome.helper" and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>AEReceiverIdentifier</key> <string>com.google.Chrome.helper</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome</string> <key>IdentifierType</key> <string>bundleID</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.SecurityAgent" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent</string> <key>AEReceiverIdentifierType</key> <string>path</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome</string> <key>IdentifierType</key> <string>bundleID</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.finder" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>com.apple.finder</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome</string> <key>IdentifierType</key> <string>bundleID</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.systemuiserver" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>com.apple.systemuiserver</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome</string> <key>IdentifierType</key> <string>bundleID</string> </dict> <dict> <key>AEReceiverCodeRequirement</key> <string>identifier "com.apple.systemevents" and anchor apple</string> <key>AEReceiverIdentifier</key> <string>com.apple.systemevents</string> <key>AEReceiverIdentifierType</key> <string>bundleID</string> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome</string> <key>IdentifierType</key> <string>bundleID</string> </dict> </array> <key>FileProviderPresence</key> <array> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome</string> <key>IdentifierType</key> <string>bundleID</string> </dict> </array> <key>PostEvent</key> <array> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome</string> <key>IdentifierType</key> <string>bundleID</string> </dict> </array> <key>SystemPolicyAllFiles</key> <array> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.google.Chrome.helper" and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome.helper</string> <key>IdentifierType</key> <string>bundleID</string> </dict> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.apple.TMHelperAgent" and anchor apple</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/System/Library/CoreServices/backupd.bundle/Contents/Resources/TMHelperAgent.app/Contents/MacOS/TMHelperAgent</string> <key>IdentifierType</key> <string>path</string> </dict> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.apple.SecurityAgent" and anchor apple</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent</string> <key>IdentifierType</key> <string>path</string> </dict> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome</string> <key>IdentifierType</key> <string>bundleID</string> </dict> </array> <key>SystemPolicySysAdminFiles</key> <array> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.google.Chrome</string> <key>IdentifierType</key> <string>bundleID</string> </dict> </array> </dict> </dict> </array> <key>PayloadDescription</key> <string>ChromeCrap2</string> <key>PayloadDisplayName</key> <string>ChromeCrap2</string> <key>PayloadIdentifier</key> <string>96CC8430-37AE-47F9-85E9-A4F39C98B4C3</string> <key>PayloadOrganization</key> <string>ecoATM</string> <key>PayloadType</key> <string>com.apple.TCC.configuration-profile-policy</string> <key>PayloadUUID</key> <string>E6F8CD70-67D0-4E41-BF5E-BC9E9C9A2047</string> <key>PayloadVersion</key> <integer>1</integer> <key>payloadScope</key> <string>system</string>
</dict>
</plist>

mike_paul
Contributor III
Contributor III

I don't have much to help since I haven't created a chrome package in ages but the error message you are seeing doesnt sound like its related to PPPC/TCC at all. Typically all of those list a program wanting access to another program or a part of the OS with the Allow/Don't Allow options. e.g. here is an example of a PPPC prompt for Chrome when I was attempting to create a new folder while saving a file:

"Google Chrome" wants access to control "Finder". Allowing control will provide access to documents and data in the "Finder", and to perform these actions within that app. <Don't Allow> <Ok>

I would look at your installer you are using for chrome and what its doing that is requiring admin access, possibly just the update functionality. There are bunch of other threads around google chrome auto-update and other functionalities but I dont think this is related to PPPC.

totalyscrewedup
New Contributor III

Here is the script that does the install.... by the way, it installs successfully but I keep getting those prompts. However, they don't exist when there is no google chrome installed.

!/bin/bash

VendorDMG="googlechrome.dmg"

curl https://dl.google.com/chrome/mac/stable/GGRO/$VendorDMG -o /tmp/$VendorDMG

hdiutil attach /tmp/$VendorDMG -nobrowse

cp -pPR /Volumes/Google Chrome/Google Chrome.app /Applications/

GoogleChromeDMG="$(hdiutil info | grep "/Volumes/Google Chrome" | awk '{ print $1 }')"

hdiutil detach $GoogleChromeDMG

rm -f /tmp/$VendorDMG