Created
October 17, 2025 17:24
-
-
Save PatrickChoDev/51d55fb38ba45bc68e4673227c55abaf to your computer and use it in GitHub Desktop.
Interactive script with fzf picker to prune Local Network permissions from MacOS TCC.db
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # drop-localnetwork.sh | |
| # Interactive script with fzf picker to prune Local Network permissions from TCC.db | |
| DB="$HOME/Library/Application Support/com.apple.TCC/TCC.db" | |
| # safety backup | |
| BACKUP="/tmp/TCC.db.backup.$(date +%s)" | |
| cp "$DB" "$BACKUP" | |
| echo "Backup saved to $BACKUP" | |
| # fetch LocalNetwork entries | |
| entries=$(sqlite3 "$DB" \ | |
| "SELECT rowid, client, auth_value FROM access;") | |
| if [ -z "$entries" ]; then | |
| echo "No Local Network entries found." | |
| exit 0 | |
| fi | |
| # prepare the list | |
| # fzf interactive selection | |
| list=$(echo "$entries" | awk -F'|' '{ | |
| if($NF=="") { NF=NF-1 } # drop last empty field if present | |
| OFS="|"; print $0 | |
| }') | |
| selected=$(echo "$list" | \ | |
| fzf --multi --ansi \ | |
| --inline-info \ | |
| --bind "tab:toggle+down" \ | |
| --header=$'Use fzf:\n - Type to filter\n - <TAB> to mark/unmark\n - <ENTER> to confirm\n - Type `!apple` to hide com.apple.* entries\n' \ | |
| --prompt="Select entries to delete > " \ | |
| --preview "awk -F'|' '{ | |
| auth=\$3; | |
| if(auth==\"0\") auth_str=\"Denied\"; | |
| else if(auth==\"1\") auth_str=\"Allowed\"; | |
| else if(auth==\"2\") auth_str=\"Prompt\"; | |
| else if(auth==\"3\") auth_str=\"Limited\"; | |
| else auth_str=\"Unknown\"; | |
| printf \"\033[36mID:\033[0m %s\n\033[32mName:\033[0m %s\n\033[33mAuth:\033[0m %s\n\", \$1, \$2, auth_str | |
| }' <<< {}" \ | |
| --preview-window=up:4:wrap \ | |
| --delimiter='|') | |
| if [ -z "$selected" ]; then | |
| echo "No entries selected." | |
| exit 0 | |
| fi | |
| # show confirmation list | |
| echo | |
| echo "You selected:" | |
| echo "$selected" | sed 's/^\[ \]//' | |
| echo | |
| read -p "Confirm deletion of these entries? (y/N) " confirm | |
| if [[ "$confirm" =~ ^[Yy]$ ]]; then | |
| echo "$selected" | awk '{print $2}' | while read -r rowid; do | |
| sqlite3 "$DB" \ | |
| "DELETE FROM access WHERE rowid=$rowid;" | |
| echo "Deleted rowid $rowid" | |
| done | |
| echo "Done. Restart the affected apps to re-trigger permission prompts." | |
| else | |
| echo "Aborted." | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment