What problem does this solve in your TCC permission workflow?
Some advanced users may want to inspect the system TCC database under /var/db/TCC/TCC.db directly instead of limiting themselves to the user-level database copy.
What behaviour do you want?
Optionally allow opening /var/db/TCC/TCC.db with a clear warning about system-level changes, lock/permission constraints, and SIP requirements.
Why does this fit a local macOS TCC editor instead of a system tool or third-party service?
The request is still about inspecting a local TCC database on the user’s Mac.
Scope check
As currently written, this request is in tension with CONTRIBUTING.md, which lists SIP bypass or writing to system TCC (/var/db/TCC) as out of scope.
This issue should therefore be treated as one of:
- a scope discussion for maintainers, or
- a narrower read-only inspection flow that does not imply system TCC writes
Additional context
If the issue remains open, the warning UX should be explicit about the difference between user TCC and system TCC, and should avoid implying that Clearance will bypass SIP or safely write to live system databases.
What problem does this solve in your TCC permission workflow?
Some advanced users may want to inspect the system TCC database under
/var/db/TCC/TCC.dbdirectly instead of limiting themselves to the user-level database copy.What behaviour do you want?
Optionally allow opening
/var/db/TCC/TCC.dbwith a clear warning about system-level changes, lock/permission constraints, and SIP requirements.Why does this fit a local macOS TCC editor instead of a system tool or third-party service?
The request is still about inspecting a local TCC database on the user’s Mac.
Scope check
As currently written, this request is in tension with
CONTRIBUTING.md, which lists SIP bypass or writing to system TCC (/var/db/TCC) as out of scope.This issue should therefore be treated as one of:
Additional context
If the issue remains open, the warning UX should be explicit about the difference between user TCC and system TCC, and should avoid implying that Clearance will bypass SIP or safely write to live system databases.