coin: Give bootstrap-agent permission to use microphone on macOS

The bootstrap-agent is the 'responsible process' in TCC terms when it comes to whether a test should be allowed to access the microphone. https://www.qt.io/blog/the-curious-case-of-the-responsible-process By giving this process the permission explicitly, by modifying the TCC database, we ensure that all tests run as child processes also get this permission. Change-Id: Ia03084ac89f0717ac6457b0035769f4a9863495b Reviewed-by: Ville-Pekka Karhu <[email protected]>
aleksdmladenovic · Mar 11, 2024 · b4de4de · b4de4de
1 parent 6d8dd19
commit b4de4de
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 0 deletions.
diff --git a/coin/provisioning/common/macos/set_tcc_permissions.sh b/coin/provisioning/common/macos/set_tcc_permissions.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+#Copyright (C) 2024 The Qt Company Ltd
+#SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+
+TCC_DATABASE="$HOME/Library/Application Support/com.apple.TCC/TCC.db"
+if touch "$TCC_DATABASE"; then
+    # We can write to the TCC database
+    BOOTSTRAP_AGENT="$HOME/bootstrap-agent"
+    REQ_STR=$(codesign -d -r- $BOOTSTRAP_AGENT 2>&1 | awk -F ' => ' '/designated/{print $2}')
+    REQ_HEX=$(echo "$REQ_STR" | csreq -r- -b >(xxd -p | tr -d '\n'))
+
+    for service in kTCCServiceMicrophone; do
+        sqlite3 -echo "$TCC_DATABASE" <<EOF
+            DELETE from access WHERE client = '$BOOTSTRAP_AGENT' AND service = '$service';
+            INSERT INTO access (service, client, client_type, auth_value, auth_reason, auth_version, csreq, flags) VALUES (
+              '$service', -- service
+              '$BOOTSTRAP_AGENT', -- client
+              1, -- client_type (1 - absolute path)
+              2, -- auth_value  (2 - allowed)
+              4, -- auth_reason (4 - "System Set")
+              1, -- auth_version
+              X'$REQ_HEX', -- csreq
+              0 -- flags
+            );
+EOF
+    done
+else
+    echo "TCC database is not writable. Is SIP disabled?" >&2
+    exit 1
+fi
diff --git a/coin/provisioning/qtci-macos-14-arm/01-set_tcc_permissions.sh b/coin/provisioning/qtci-macos-14-arm/01-set_tcc_permissions.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+# Copyright (C) 2024 The Qt Company Ltd.
+# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+
+set -ex
+source "${BASH_SOURCE%/*}/../common/macos/set_tcc_permissions.sh"