• Mac OS X,  Mac Security

    Reviewing TCC dialog prompts using logs on a Mac

    I wrote this awhile back on using the logging facilities in macOS to review and parse logs. The log command provides a number of options to see various events on a Mac. I was recently working on an app that was automatically denying a prompt to generate entitlements and thought I’d post how to find the logs for that. First, let’s find all prompts. We’ll do that using the com.apple.TCC subsystem as a predicate. In the below command we simply pipe the output to grep for Prompting. /usr/bin/log show -style syslog --predicate 'subsystem == "com.apple.TCC"' --info --last 12h | grep Prompting I’d much rather use “&& contains” in syslog because…

  • Mac OS X,  Mac Security

    Hey, So What’s This Mac App Got Access To?

    Just some one-liners you may find useful… I’ve written about codesign a few times in the past. To see a detailed description of how an app was signed: codesign -dvvvv /Applications/Firefox.app This also gives you the bundleID for further inspection of an app. But there are a number of tools you can use to check out signing and go further into entitlements and sandboxing. You can check the  asctl sandbox check --bundle com.microsoft.outlook The response would be similar to  /Applications/Microsoft Outlook.app: signed with App Sandbox entitlements In the above, we see that Outlook has entitlements to do some stuffs. But where do you see an indication of what it can…