OS X Yosemite and osascript: Enabling Access to Assistive Devices

I love automating things, so I also wrote a command line utility that you can use to add items into the accessibility database (located at /Library/Application Support/com.apple.TCC/tcc.db ).


tccutil.py cliAn example of how to use this, would be to allow TextExpander 4 access to assistive devices:

sudo tccutil.py --insert com.smileonmymac.textexpander
sudo tccutil.py --insert com.smileonmymac.textexpander.helper

The solution above was not needed prior to Mavericks and Yosemite because a single command would enable all apps access to assistive devices:

sudo touch /private/var/db/.AccessibilityAPIEnabled

You can also always drag-and-drop apps into the System Preference pane, but sometimes scripting things is a lot easier.

The latest iterations of the OS, however, have moved these settings to a per-app basis.  Each app must be allowed access to assistive devices.  It is easy enough to drag and drop an .app into the Security and Privacy section of System Preferences, but you cannot drop command line tools in, which is another reason I created tccutil.py.

You can always use sqlite3  to add items into the accessibility database, which is basically what the command line tool does, but using the tccutil.py just makes things a little easier.  It also helps with OS X administration as it can be used in scripts to deploy settings system-wide.

Applescript (or osascript  at the command line) can be used to automate GUI tasks such as clicking buttons or entering keystrokes.  I posted previously how to script a GUI login in Mavericks.  This trick still works great in Yosemite.  Once enabled, a simple Python script handles the rest.



21 Replies to “OS X Yosemite and osascript: Enabling Access to Assistive Devices”

  1. I’ve added /usr/bin/osascript using your tccutil.py script and it seemed to be great at first, but now I’m back to getting errors that it’s not allowed access. Is there a trick to getting it to stick? (I still see it in both the system pref and using tccutil.py -l.)

    1. You need to make sure to use sudo or run the command as root. Also, you will probably need to make the file executable with this command chmod 755 /usr/sbin/tccutil.py. I tried to make this clear on the Github page, but perhaps I just need to make an installer that will set the appropriate permissions.

      You can verify the accessibility database needs root permission simply by navigating to /Library/Application Support/com.apple.TCC.

      1. I did not install it in /usr/sbin, as that shouldn’t be required. The script is 755 (otherwise I wouldn’t have been able to run it at all, no?) and I ran it using sudo. osascript was successfully added to the list, as I can see it was added in the UI and via your script.

        1. True–you can run the utility from any location as long as it is executable. What is the exact error you get? As long as I have been using it with sudo or as root, there have not been any authorization issues.

  2. The script is 755 (otherwise I wouldn’t have been able to run it at all, no?) and I ran it using sudo. osascript was successfully added to the list, as I can see it was added in the UI and via your script.

  3. I think I’m missing a step here but how do I use “tccutil.py” to allow “osascript” to work with ARD to type into the login window. I’ve already added the ARDAgent into the “accessibility” section but no luck getting “osascript” scripts through ARD to work.

    Thank you

    1. You need to enter the full path the tccutil.py. So if the current folder you are in does not have a file named tccutil.py, it will give the error you mentioned above.

      If you simply downloaded it to the downloads folder, you can type ~/Downloads/tccutil.py, or you can move it into /usr/sbin/ logout and then you can just type sudo tccutil.py everytime.

      1. The decency is the management_tools python script, which we are discussing the pro’s or con’s including it with the installers that are dependent on it. This would simplify and ease user frustration downloading the privacy_service_manager either not reading the documentation about the dependency or time/effort to download the dependent tools separately, if it was included with the installer.

        1. The dependency on that was part of the reason I made tccutil. But I recall there wasn’t even an installer when I was looking at it. Maybe the two projects could merge somehow…

          1. Sure, if you are interested take a look at our project and reply to us on items you want added/merged.We are interested in implemented features and meeting peoples needs if possible.

  4. How do I give access to Terminal as I have to run the appleScript Through bash as I am getting this error
    execution error: System Events got an error: osascript is not allowed assistive access. (-1719)
    But when I see accesabilty osascript is allowed and when i go and give terminal access also, the script works.
    Currently I am using
    python tccutil.py –insert /Applications/Utilities/Terminal.app

    1. Basically I can not add certain applications into the accessability menu. I created a certain AppleScript and saved it as a application (.app) and when I run it i get the error that my application does not have access so i try to give it access and it does not give it access.

    2. Close, but your syntax is off a bit. I recommend installing via Homebrew:
      brew install tccutil
      sudo tccutil -i com.apple.Terminal

      And note that if you are on 10.11 or 10.12, you need to disable SIP.

      1. Thanks for that. But now I tweaked my code a bit, and I have to give another app that I created permission. How would I go about that.
        Basically I wrote a AppleScript and saved it as an application. And now to run that application I have to give it accesability permission. Thanks.

        1. By default, TCC.db only accepts a bundle identifier (i.e com.apple.Terminal).

          tccutil hacks it’s way into allowing you to add a file path, such as /usr/bin/osascript. I do not know how it behaves with a .app path because it is technically a folder, which is probably why the bundle ID is used. If your app does not have a bundle ID, you could try just dragging it into the Accessibility panel in Privacy and Security preferences. Alternatively, you could try to use tccutil to add the path to the actual binary that runs your app, which is usually /Your.app/Contents/MacOS/Your.

          1. Thanks for your help. The second one exists and am able to run it but I get some apple script error saying it cant find some gui element. But when I run my app by manually giving accessability it runs perfectly.
            Even the package contents of my app in /my.app/Contents/MacOS/applet, when I double Click it runs smoothly but if I run it through terminal using open command it gives the same gui error.

          2. Also how can I check that database to see how it stores data, and if I can make any changes just for my app. As in I want to access that database and see its schema and stuff.

          3. Dude Thanks a lot for your help I got access to the database and checked out the app I wanted to add. All I had to do was
            sudo python tccutil.py -i com.apple.ScriptEditor.id.Myapp

          4. You need to use a program to view the database information. You can also kind of explore using sqlite3.

Leave a Reply