Help

List All Apps on Full Disk Access

foreverkan
New Contributor III

Posted on ‎01-17-2024 10:44 PM

Hello All,

 

I'm stuck. I hope anyone can help me :)

I need to check all apps status on full disk access. Is there any command to find status or other way? My manager want to know 2 things. 

1. Is XXX.app added to full disk access ?

2. Is XXX.app open on full disk access ?

Thank you.

 

0 Kudos
Reply
3 REPLIES 3

Ashok_A
Contributor

Posted on ‎01-18-2024 12:03 AM

@foreverkan - you can only check which applications are granted with Full Disk Access (either by end-user or via MDM) using the following command from an CLI. The output will list the application BundleIdentifier name. 

sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db \
  'select client from access where auth_value and service = "kTCCServiceSystemPolicyAllFiles"'


Ensure you grant full disk access to the Terminal application if you are running the above command from Terminal.

Reply

foreverkan
New Contributor III
In response to Ashok_A

Posted on ‎03-19-2024 09:02 AM

Thank you for your reply. Command is worked but it is not listed all allowed apps. What can i do?

0 Kudos
Reply

pete_c
Contributor III

Posted on ‎01-18-2024 06:41 AM

Here's my EA which greps out the various Apple services:

#!/bin/bash

# 1.1 added grep to filter out stock components and strip /Library/App Support (ie Nexthink)
#
# query the TCC.db to return all SystemPolicyAllFiles entitlements
#
# sample return:
#
#  com.jamfsoftware.Composer
#  com.cisco.anyconnect.gui
#  NexthinkVersions/23.8.3.7_1/nxtupdater
#
# when using interactively in the shell: printf "%s\n" $results

results=$(/usr/bin/sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db 'select * from access' | awk -F'|' ' { print $2 } ' | grep -Ev "com.apple|System" | sed 's/\/Library\/Application Support\///g' )

echo "<result>$results</result>"
Reply