Hi,
We provide a Safari App Extension to our customers. It follows the standard Safari Extension App layout - the Extension is inside the App, the App takes care of installing the Extension in Safari. The Extension requires the Input Monitoring and Screen Recording permissions to be granted from the user. At some point during its execution, the Extension runs the code that triggers the TCC permission prompt. When the user goes to Security & Privacy Preferences dialog and clicks on the checkbox next to the Extension entry to grant the permission, the checkbox remains unchecked, however, the permissions are actually granted. This is the issue, and it is confusing for the user. Moreover, if the user decides not to grant the permissions (closes the initial prompt by clicking on the 'Deny' button) s/he will be prompted again when the Extension runs the next time (and every time).
The App that contains the Extension does not suffer the same problem. Its entry in Security & Privacy Preferences responds correctly to checking/unchecking the checkbox. Unfortunately, the permissions granted to the app do not apply to the Extension contained within.
Querying the main TCC database (/Library/Application Support/com.apple.TCC/TCC.db) shows one kTCCServiceListenEvent entry for the app, identified by its BundleID (permissions granted). For the Extension there are two entries - one identified by the the BundleID (permissions granted) and the other identified by the path to the Extension (permissions not granted).
kTCCServiceListenEvent|/Volumes/Common/Sandboxes/Monterey/AppExtPermissons/DerivedData/AppExtPermissons/Build/Products/Debug/AppExtPermissons.app/Contents/PlugIns/AppExtPermissons Extension.appex|1|0
kTCCServiceListenEvent|com.gemalto.AppExtPermissons|0|2
kTCCServiceListenEvent|com.gemalto.AppExtPermissons.Extension|0|2
The system logs show some tccd-related errors when trying to check the checkbox:
We suspect this might be the reason why the checkbox next to the Extension entry under Input Monitoring in Security & Privacy does not respond to clicks. The same problem applies to granting Screen Recording permissions to the Extension.
I constructed a minimal example based on the default Safari App Extension project - basically only added code that would trigger the permission granting prompt in the App and the Extension. Can provide a link to a zip if deemed useful.
Are we doing something wrong, maybe missing an ID or a plist string somewhere?
