tccd (Transparency, Consent, and Control Daemon) is a safe macOS security process. tccd manages the macOS TCC (Transparency, Consent, and Control) framework — the privacy permission system that controls which apps can access your camera, microphone, screen recording, contacts, calendar, location, and other sensitive resources. When an app requests access, tccd presents the permission dialog and stores your decisions in the TCC database. tccd prompting for permissions when apps first request access is normal and expected. Be concerned if you notice permissions being granted to apps you didn't approve, or if the TCC database is modified outside of normal system operations — this is a technique used by sophisticated macOS malware to silently grant themselves camera or microphone access.
Transparency, Consent, and Control Daemon
tccd manages the macOS TCC (Transparency, Consent, and Control) framework — the privacy permission system that controls which apps can access your camera, microphone, screen recording, contacts, calendar, location, and other sensitive resources. When an app requests access, tccd presents the permission dialog and stores your decisions in the TCC database.
Permission dialogs not appearing when apps request access
Apps unable to access camera or microphone despite permissions being granted
TCC database corruption causing all permissions to reset
Automation permissions (Accessibility, Screen Recording) silently failing
Go to System Settings > Privacy & Security and check each category relevant to the affected app. If the app is listed but not working, toggle the permission off and back on. Some permission changes require restarting the app.
Run 'tccutil reset All' in Terminal to reset all TCC permissions for all apps. You'll need to re-grant permissions to each app. For a single app, use 'tccutil reset All [bundle-id]'. This resolves most permission-related issues.
Run 'killall tccd' in Terminal to restart the TCC daemon. This can resolve cases where permission dialogs aren't appearing or where the daemon's in-memory state has diverged from the database.
Some apps need Full Disk Access (in System Settings > Privacy & Security > Full Disk Access) rather than specific folder permissions. Automation tools, backup software, and security apps commonly require this broader access level.
tccd prompting for permissions when apps first request access is normal and expected. Be concerned if you notice permissions being granted to apps you didn't approve, or if the TCC database is modified outside of normal system operations — this is a technique used by sophisticated macOS malware to silently grant themselves camera or microphone access.
CoreLock performs a complete audit of all TCC permissions on your system, showing you exactly which apps have access to your camera, microphone, screen recording, and other sensitive resources. It detects unauthorized permission grants and alerts you to apps with suspicious access patterns.
Download CoreLock Freesandboxd enforces the macOS App Sandbox — a security technology that restricts what applications can access. When an app...
syspolicyd implements macOS Gatekeeper — the security feature that verifies applications are from identified developers ...
trustd is the macOS daemon responsible for evaluating certificate trust chains. Whenever your Mac needs to verify an SSL...
tccd is the daemon that manages all privacy permissions on macOS. Every time an app asks to use your camera, microphone, location, contacts, or other sensitive data, tccd is what shows the permission dialog, records your choice, and enforces it. The TCC database at ~/Library/Application Support/com.apple.TCC/TCC.db stores all your permission decisions.
Apps re-request permissions when the TCC database is reset (by a macOS update or manual reset), when the app's code signature changes (after an update), or when the app requests a new permission category it didn't need before. If an app keeps asking repeatedly, its bundle ID may be changing between launches, which is unusual.
TCC is a strong security boundary, but sophisticated malware has been found exploiting TCC bypass vulnerabilities. These are taken seriously by Apple and patched promptly. Keeping macOS updated is the best defense. CoreLock monitors TCC permission state and alerts you to unauthorized changes that could indicate a bypass.
Download CoreLock to identify suspicious processes, detect threats, and keep your Mac running smoothly.
Download CoreLock FreeAvailable for macOS and Windows