TCC Permission Inheritance for Python Process Launched by Swift App in Enterprise Deployment
We are developing an enterprise monitoring application that requires a hybrid Swift + Python architecture due to strict JAMF deployment restrictions. We must deploy a macOS application via ABM/App Store Connect, but our core monitoring logic is in a Python daemon. We need to understand the feasibility and best practices for TCC permission inheritance in this specific setup.
Architecture
| Swift Launcher | com.athena.AthenaSentry | Requests TCC permissions, launches Python child process. | Deployed via ABM/ASC. |
| Python Daemon | com.athena.AthenaSentry.Helper | Core monitoring logic using sensitive APIs. | Nested in Contents/Helpers/. |
Both bundles are signed with the same Developer ID and share the same Team ID.
Required Permissions
The Python daemon needs to access the following sensitive TCC-controlled services:
- Screen Recording (
kTCCServiceScreenCapture) - for capturing screenshots. - Input Monitoring (
kTCCServiceListenEvent) - for keystroke/mouse monitoring. - Accessibility (
kTCCServiceAccessibility) - a prerequisite for Input Monitoring.
Attempts & Workarounds
We have attempted to resolve this using:
- Entitlement Inheritance: Added
com.apple.security.inheritto the Helper's entitlements. - Permission Proxy: Swift app maintains active event taps to try and "hold" the permissions for the child.
- Foreground Flow: Keeping the Swift app in the foreground during permission requests.
Questions
- Is this architecture supported? Can a Swift parent app successfully request TCC permissions that a child process can then use?
- TCC Inheritance: What are the specific rules for TCC permission inheritance between parent/child processes in enterprise environment?
- What's the correct approach for this enterprise use case? Should we:
- Switch to a Single Swift App? (i.e., abandon the Python daemon and rewrite the core logic natively in Swift).
- Use XPC Services? (instead of launching the child process directly).