The spctl tool should do the job.
sudo spctl --master-disable
will turn off the Gatekeeper checks, and sudo spctl --master-enable
will re-enable them (to the default setting of App Store and signed apps — it doesn't appear that setting it to App Store-only is possible).
Note that it will not throw any error if you run it without sudo
permissions, but sudo
is in fact required.
I've found an okay solution (i.e., workaround).
Insert the "System Events" block of code into a "Run AppleScript" action and save it as its own application file in Automator. Note: The file extension of this code must be .app in order for this to work (more on this in a moment).
Go to System Preferences → Security & Privacy → Privacy tab → Accessibility. Add and checkmark the newly created application to the list of apps allowed to control your computer.
Run the newly created app from within your Service. To do so, you may add the following line to your AppleScript code:
do shell script "osascript -e 'tell application \"Application Name\" to activate'"
(I habitually use osascript
to activate
applications when using a "Run AppleScript" action in a Service, as this circumvents a bug with Services that I've discovered.)
Your Service should now run perfectly in every application on your computer, despite the fact that only one application (the one that contains the "System Events" code) has explicitly been granted the power to control the computer.
The file must be saved as a .app file, and not as a .scpt or .applescript file. This is because it is not possible to add .scpt or .applescript files to the list of apps allowed to control your computer; only true .app files can be selected in the dialog.
Note that the .app file does not have to be created in Automator. If you create the .app file in Script Editor.app and follow the other steps, the .app file will function in the same manner.
There is one difference, however. When the .app file is created in Automator, one can use either activate
or launch
to run the application in their Service. But, when the .app file is created in Script Editor, one can only use activate
to run the application; launch
will result in nothing happening.
Best Answer
Just found it. The settings are in one of these two files:
/Library/Application Support/com.apple.TCC/TCC.db
~/Library/Application Support/com.apple.TCC/TCC.db
They are SQLite databases of the following form:
Example (MS Office and Address Book setting):
For other services, just pick the correct service name (such as
kTCCServiceAccessibility
) and the application bundle ID and add it to the appropriate database.