The other day I was working with a USB-HID device and I thought my machine was starting to act funny. I could use the device no problem in a Windows VM but whenever my application tried to use the device, it was unable to open it.

At this point I know the device is good and my machine should be fine but the device was unusable. I tried other software to just inspect the device and it was failing too in the same way as my application.

The Blocker

After a lot of tracing, I finally found the IOHIDManagerOpen call was failing with kIOReturnNotPermitted. This didn’t make much sense since other applications (VMWare) can use USB devices. Also, the system information utility can list all attached USB devices. So it had to be something with my application. However, it was working properly on other people’s machines.

Unfortunately, Googling IOHIDManagerOpen and kIOReturnNotPermitted didn’t turn up anything helpful. There was information about sandboxing, which didn’t apply, and not much else.

I decided to try running my application in Xcode and that thankfully gave me some additional system debug. It gave me an error TCC deny error! Now I had a clue of what was happening. A bit of Googling and I was able to get a clear picture of what was going on.

The Solution

Apparently, use of IOHIDManager requires the Privacy permission for “Input Monitoring”. On my system, Terminal had this disabled. Since I was running from the console, anything I run would inherit the permissions of the Terminal itself. Thus, nothing I tried running would be allowed to use the IOHIDManager.

Opening “Security & Privacy” -> Privacy -> “Input Monitoring” and allowing Terminal solved everything. After that, I was able to access my USB-HID device again.

At first I was actually surprised this worked. The description for this permission says “Allow the apps below to monitor input from your keyboard even when using other apps”. The device I’m working with isn’t a keyboard…

The “Input Monitoring” permissions works by disabling ALL HID access. Keyboard are HID devices so not allowing access to any HID devices would prevent keyboard monitor. That said, this is a bit of a drastic approach to privacy. A lot of HID devices aren’t keyboards…