Trouble with Permissions on Big Sur

[davidbramsay]

I'm having an issue getting IS_TRUSTED to return True on Big Sur 11.6 using pynput 1.7.4 and python3.9. I am running a short demo script in terminal.

The script runs and works (prints mouse positions) but doesn't suppress inputs and IS_TRUSTED is False.

Things I've tried:

• running the demo python script with sudo.
• adding the path for python3 (from which python3) and the terminal application to both accessibility and input monitoring in 'security and privacy'.
• saving it as a shell script, chmoding it, and running that instead (with and without sudo).
• using platypus and py2app to package it as an app, adding those apps to accessibility and input monitoring in 'security and privacy'. (Platypus set to run app with root privileges).
• downloading macos-gatekeeper-helper and disabling gatekeeper temporarily.
• looking into xattr -d com.apple.quarantine commands, which don't seem to apply here.

This is probably more accurately described as a Big Sur security related issue more than a pynput specific issue, but if anyone has successfully gotten pynput working on Big Sur I'd appreciate some ideas-- I'd also be happy to extend the documentation for Big Sur users if there are some specific steps that I can figure out to get this to work reliably.

Thanks for developing great software!

[moses-palmer]

Thank you for your report and kind words.

Unfortunately, I do not have access to a Big Sur system, so I cannot investigate. The documentation is, as always with Apple, "streamlined".

If anybody should find more information about this, I will gladly incorporate it into the documentation.

[zoltanszocs]

Hi!

I just ran into this same issue. So far, I have found that IS_TRUSTED is calling AXIsProcessTrusted(), which seems not to be the correct way to do it anymore. It has been changed in mac Os 10.15. As I understand, on Big Sur you can have two types of permissions: one for controlling the computer - this is on the user interface under Security\Privacy\Accessibility, and another one for monitoring keyboard input - this is under Security\Privacy\Input Monitoring. I can confirm that on Big Sur this latter permission is enough for monitoring global keyboard events.

I have found the following information about this: https://stackoverflow.com/questions/58670785/which-api-is-behind-the-privacy-feature-input-monitoring-in-the-security-syste This video has so far the most information (starting from minute 19 until about minute 21): https://developer.apple.com/videos/play/wwdc2019/701/ It says CGEvent.tapCreate should bring up the permission dialog, but I think it did not in my case. Permissions should be checked using IOHIDCheckAccess (https://developer.apple.com/documentation/iokit/3181573-iohidcheckaccess).

[perroboc]

I'm sorry for resurrecting this issue, but I'd like to know if anyone has found a solution. Right now, using Big Sur, the application just stops running when starting the Keyboard Listener, with the message trace trap.

Calling either AXIsProcessTrusted or IOHIDCheckAccess (using https://github.com/facel-tech/desktop-utility/blob/main/python/app/mac_os.py as a starting point), both seem to be True, but if I run this:

self.listener.start()
logger.debug("is listener running? %s", self.listener.running)
logger.debug("is listener trusted? %s", self.listener.IS_TRUSTED)

I get

is listener running? True
is listener trusted? False

and then the app crashes without a dump nor anything, not even an exception.

EDIT: It seems my bug is related to https://github.com/moses-palmer/pynput/issues/424 (specifically this function which crashes the app:

def _wrap_value(value):
    """Converts a pointer to a *Python objc* value.

    :param value: The pointer to convert.

    :return: a wrapped value
    """
    return objc.objc_object(c_void_p=value) if value is not None else None

[perroboc]

I made a PR (#512) which I think fixes this