I have a launchd agent that requires Screen Recording permissions in Catalina.
Below is the simple example:
#!/bin/bash /usr/sbin/screencapture $FILE
If the script is run from a terminal, permissions are required for Terminal.app
But if the script is launched from launchd, the User prompt doesn't appear.
I found some workarounds to get it:
#!/bin/sh /usr/sbin/screencapture $FILE
#!/bin/bash exec /usr/sbin/screencapture $FILE
Now in Catalina, Sh is just a wrapper (man sh), which "re-execing" scripts in one of the supported shells.
In the first case, permissions are requested for Sh.
In the second case, "exec" causes User prompt for Bash.
If the script runs another script that launches screen capture, then "exec" helps only if it used in the first script, and the second script uses a different shell:
#!/bin/bash exec secondScript.sh ... #!/bin/zsh /usr/sbin/screencapture $FILE
Other options for changing the shebang or "exec" position do not cause User prompt.
I also have a launchd agent in Mojave that requires Accessibility permissions. It contains a startup sequence of scripts and the target app. Permissions are required for the first script (by name, not for shell), and TCC.db contains csreq of this script, which means that only this script has permissions.
In Catalina, the permissions required by this script are saved in TCC.db as permissions for shell, which means that ANY shell script can now use them.
My questions are: