Late last week, Apple pushed its first ever update to the the TCC privacy system in Mojave, which replaced TCC_Compatibility.bundle in /System/Library/Sandbox, moving it from version 14.0 to 16.0. This article looks at what we know about this bundle, and what it does.

The Transparency Consent and Control system, TCC, maintains two databases named com.apple.TCC.db in /Library/Application Support and ~/Library/Application Support, which contain all the prevailing settings for privacy controls, including the allow lists which are displayed in the Privacy tab of the Security & Privacy pane.

In addition to those, it has up to three Property Lists which are loaded each time that your Mac starts up and you log in: two which only apply to Macs which are being managed using MDM, and one at /System/Library/Sandbox in TCC_Compatibility.bundle. It is the last of these which Apple has updated silently.

TCC_Compatibility.bundle contains at present a single file of data, AllowApplications.plist. This is a whitelist which adds into TCC’s database various rules to be applied by TCC. You can see these being added shortly after the TCC system starts up, in Mojave’s log.

The rules in this whitelist appear to grant access to protected functions for specific versions of apps, with specific signatures. At present, as of version 16.0, these include the following.

One app is given access to AppleEvents, which appears in the Privacy lists as Automation: Kensington TrackballWorks Helper version < 1.5.

Many apps are given access to PostEvent, which doesn’t appear to match any of the lists in Privacy, but presumably allows them to post AppleEvents. These are:

• Steam version < 1.6
• VLC < 3.1
• Sonos Mac Controller < 45
• Blizzard Heroes of the Storm (< 78000), Diablo 3 (< 56000), Starcraft (< 2), Starcraft 2 (< 79000), Starcraft 2 Switcher (< 79000), World of Warcraft (< 30000)
• MPlayerX < 2000
• Adobe Animate CC 2018 (< 18.1)
• Amazon Music (< 7.0)
• Touch Grind Mac
• QQ Music Mac (< 55000)
• Maya 2018 (< 2019) and Maya 2017 (< 2018)
• Modo (< 12.5)
• Logitech Manager (< 6.95)
• Wacom Tablet (< 6.4)
• Adobe Dreamweaver 12.0 and 12.1 (< 13), 17.0, 17.1 and 17.5 (< 18.0), 18.0 and 18.1 (< 18.5)
• Tidal Desktop (< 500)
• Pearson TestNav, TestNav Desktop (< 1.2)
• Audirvana-Plus (< 3500)

That list includes both older and current versions of those apps. These are presumably fixes to make those apps compatible with the privacy system in the current release of Mojave.

One important point with this TCC update is that the database appears to be loaded only at startup and on login. Having checked through my logs, I can see no sign of it being reloaded after it was updated, so to make this change effective you will almost certainly have to restart your Mac after the update has been installed. That is no problem if you start your Mac up each day, but if you leave it running all the time, the changes brought in the update probably won’t be applied until you next happen to restart.

As Apple provides no information on TCC or its updates, it doesn’t give advice on whether a restart is required following this update.

TCC database updates are tracked, recorded, and can be forced using the latest versions of LockRattler and SystHist, available free from Downloads above.