I needed to be able to script allowing an app (a command line utility called LocateMe, available on GitHub) to determine location on Macs running El Capitan. In other words, I needed to automate getting the box checked next to the app name in System Preferences > Security & Privacy > Location Services: "Allow the apps below to determine your location." I found a few recipes people apparently had working in previous iterations of OS X, but I couldn't get any of them to work in El Capitan. After some trial and error I cobbled together a method that is working for me and thought I'd share it here.
First, manually authorize your app on a Mac by checking that Location Services checkbox. Now we're going to capture the resulting lines from the plist file where locationd's settings are stored. First, convert it from binary to xml:
sudo plutil -convert xml1 /var/db/locationd/clients.plist
Next, edit the file and copy out the block of <key> and <dict> lines referring to the app you just authorized.
Now here's the automate-able method for authorizing the same app on another Mac without clicking that checkbox. Do the following steps on a Mac that hasn't yet had the app authorized. First, unload locationd:
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.locationd.plist
Next, you can do one of two things. Either convert locationd's binary plist file to xml and edit it:
sudo plutil -convert xml1 /var/db/locationd/clients.plist
sudo vi /var/db/locationd/clients.plist
and insert the lines you captured after manually authorizing the app on the first Mac. Or alternatively, you can just delete the existing clients.plist and replace it with one that contains the necessary lines for the app you want to authorize. Now convert it back to binary:
sudo plutil -convert binary1 clients.plist
And finally, reload locationd:
sudo launchctl load /System/Library/LaunchDaemons/com.apple.locationd.plist
Voila. Go open System Preferences > Security & Privacy > Privacy > Location Services, and you should see your app authorized.
The two keys to making this work seemed to be: 1) unloading locationd before messing with clients.plist (just killing locationd after modifying clients.plist didn't work), and 2) editing or replacing the clients.plist file itself, rather than using the 'defaults write' command, which I spent some time trying to get working. (With the right 'defaults write' syntax, I was able to get clients.plist looking exactly like the one on the manually-authorized Mac, but it still didn't work.) Hope somebody finds this as useful as I did.
