Hello,
I am working on a script to update an application which bundle ID changed. Only the bundle ID was modified; all other aspects remain unchanged. This application requires access to "Screen & System Audio Recording" permissions, which are currently granted to the old bundle ID.
The script performs the following steps:
- launchctl bootout gui/$(id -u) /Library/LaunchAgents/com.my_agent_1.plist
- pkgutil --forget com.my_agent_1
- tccutil reset All com.my_agent_1
- rm /Library/LaunchAgents/com.my_agent_1.plist
- rm -rf </path/to/com_my_agent_1>
- installer -dumplog -allowUntrusted -pkg </path/to/com_my_agent_2.pkg> -target /
...
When running steps #1-6 without a restart between steps #5 and #6, the old bundle ID (com.my_agent_1
) remains visible in TCC.db (verified via SQL queries).
Looks like this is the reason why "com.my_agent_2" is not automatically added to the permission list (requiring manual add). Moreover, "tccutil reset All com.my_agent_1" does not work anymore, the error: tccutil: No such bundle identifier "com.my_agent_1": The operation couldn’t be completed. (OSStatus error -10814.)
Is there any way to completely clear the "Privacy & Security" permissions without requiring a system restart?
Thank you a lot for your help in advance!