Unable to grant TCC permissions

[Jonessoda]

Good Morning,

We've been using Dockutil for a few years now (thank you btw, great script), but with the introduction of macOS 12 we're encountering the following error upon login/reboot:

"sh" wants access to control "finder." Allowing control will provide access to documents and data in "Finder", and to perform actions within that app.

We use dockutil on guests accounts and push it through a pkg via Jamf Pro MDM. If the user does not hit "ok", the wallpaper and dock do not change. I've referenced [here](Avoiding AppleScript Security and Privacy Requests) and ran the following

"the log stream --debug --predicate 'subsystem == "com.apple.TCC" AND eventMessage BEGINSWITH "AttributionChain"'

Based on the strings I've created a MobileConfig profile using PPPC Utility and granting "sh, bash, osascript, windowserver, and dock." I uploaded that configuration into Jamf but, the prompt continues. I'm quite sure it's related to the wallpaper, but I've been unable to determine how to approve the it. Here's the string:

su -l $user -c "osascript -e 'tell application "Finder" to set desktop picture to POSIX file "/Library/Desktop Pictures

Any suggestions?

[kcrawford]

dockutil 3 is a signed binary so I think you could grant it full disk access or whatever is needed based on the code signature designated requirement. Though I don’t think this is related to dockutil. Seems like this is related to how you are setting the wallpaper. You might get help in Jamf Nation or macadmins slack.