]> git.saurik.com Git - apple/libsecurity_codesigning.git/blob - lib/syspolicy.sql
projects / apple / libsecurity_codesigning.git / blob
? search:


9448908fee75470c44047ee3ec13f6f2aa93c3f4
[apple/libsecurity_codesigning.git] / lib / syspolicy.sql
1 --
2 -- Copyright (c) 2011 Apple Inc. All Rights Reserved.
3 --
4 -- @APPLE_LICENSE_HEADER_START@
5 --
6 -- This file contains Original Code and/or Modifications of Original Code
7 -- as defined in and that are subject to the Apple Public Source License
8 -- Version 2.0 (the 'License'). You may not use this file except in
9 -- compliance with the License. Please obtain a copy of the License at
10 -- http://www.opensource.apple.com/apsl/ and read it before using this
11 -- file.
12 --
13 -- The Original Code and all software distributed under the License are
14 -- distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 -- EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 -- INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 -- FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 -- Please see the License for the specific language governing rights and
19 -- limitations under the License.
20 --
21 -- @APPLE_LICENSE_HEADER_END@
22 --
23 --
24 -- System Policy master database - file format and initial contents
25 --
26 -- This is currently for sqlite3
27 --
28 -- NOTES:
29 -- Dates are uniformly in julian form. We use 5000000 as the canonical "never" expiration
30 -- value; that's a day in the year 8977.
31 --
32 PRAGMA user_version = 1;
33 PRAGMA foreign_keys = true;
34 PRAGMA legacy_file_format = false;
35 PRAGMA recursive_triggers = true;
36
37
38 --
39 -- The feature table hold configuration features and options
40 --
41 CREATE TABLE feature (
42 id INTEGER PRIMARY KEY, -- canononical
43 name TEXT NOT NULL UNIQUE, -- name of option
44 value TEXT NULL, -- value of option, if any
45 remarks TEXT NOT NULL -- optional remarks string
46 );
47
48
49 --
50 -- The primary authority. This table is conceptually scanned
51 -- in priority order, with the highest-priority matching enabled record
52 -- determining the outcome.
53 --
54 CREATE TABLE authority (
55 id INTEGER PRIMARY KEY AUTOINCREMENT, -- canonical
56 version INTEGER NOT NULL DEFAULT (1) -- semantic version of this rule
57 CHECK (version > 0),
58 type INTEGER NOT NULL, -- operation type
59 requirement TEXT NULL -- code requirement
60 CHECK ((requirement IS NULL) = ((flags & 1) != 0)),
61 allow INTEGER NOT NULL DEFAULT (1) -- allow (1) or deny (0)
62 CHECK (allow = 0 OR allow = 1),
63 disabled INTEGER NOT NULL DEFAULT (0) -- disable count (stacks; enabled if zero)
64 CHECK (disabled >= 0),
65 expires FLOAT NOT NULL DEFAULT (5000000), -- expiration of rule authority (Julian date)
66 priority REAL NOT NULL DEFAULT (0), -- rule priority (full float)
67 label TEXT NULL, -- text label for authority rule
68 flags INTEGER NOT NULL DEFAULT (0), -- amalgamated binary flags
69 -- following fields are for documentation only
70 ctime FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- rule creation time (Julian)
71 mtime FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- time rule was last changed (Julian)
72 user TEXT NULL, -- user requesting this rule (NULL if unknown)
73 remarks TEXT NULL -- optional remarks string
74 );
75
76 -- index
77 CREATE INDEX authority_type ON authority (type);
78 CREATE INDEX authority_priority ON authority (priority);
79 CREATE INDEX authority_expires ON authority (expires);
80
81 -- update mtime if a record is changed
82 CREATE TRIGGER authority_update AFTER UPDATE ON authority
83 BEGIN
84 UPDATE authority SET mtime = JULIANDAY('now') WHERE id = old.id;
85 END;
86
87 -- rules that are actively considered
88 CREATE VIEW active_authority AS
89 SELECT * from authority
90 WHERE disabled = 0 AND JULIANDAY('now') < expires AND (flags & 1) = 0;
91
92 -- rules subject to priority scan: active_authority but including disabled rules
93 CREATE VIEW scan_authority AS
94 SELECT * from authority
95 WHERE JULIANDAY('now') < expires AND (flags & 1) = 0;
96
97
98 --
99 -- Initial canonical contents of a fresh database
100 --
101
102 -- virtual rule anchoring negative cache entries (no rule found)
103 insert into authority (type, allow, priority, flags, label)
104 values (1, 0, -1.0E100, 1, 'No Matching Rule');
105
106 -- any Apple-signed installers except Developer ID
107 insert into authority (type, allow, priority, flags, label, requirement)
108 values (2, 1, -1, 2, 'Apple Installer', 'anchor apple generic and ! certificate 1[field.1.2.840.113635.100.6.2.6]');
109
110 -- Apple code signing
111 insert into authority (type, allow, flags, label, requirement)
112 values (1, 1, 2, 'Apple System', 'anchor apple');
113
114 -- Mac App Store signing
115 insert into authority (type, allow, flags, label, requirement)
116 values (1, 1, 2, 'Mac App Store', 'anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9] exists');
117
118 -- Caspian code and archive signing
119 insert into authority (type, allow, flags, label, requirement)
120 values (1, 1, 2, 'Developer ID', 'anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists');
121 insert into authority (type, allow, flags, label, requirement)
122 values (2, 1, 2, 'Developer ID', 'anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.14] exists');
123
124
125 --
126 -- The cache table lists previously determined outcomes
127 -- for individual objects (by object hash). Entries come from
128 -- full evaluations of authority records, or by explicitly inserting
129 -- override rules that preempt the normal authority.
130 -- EACH object record must have a parent authority record from which it is derived;
131 -- this may be a normal authority rule or an override rule. If the parent rule is deleted,
132 -- all objects created from it are automatically removed (by sqlite itself).
133 --
134 CREATE TABLE object (
135 id INTEGER PRIMARY KEY, -- canonical
136 type INTEGER NOT NULL, -- operation type
137 hash CDHASH NOT NULL, -- canonical hash of object
138 allow INTEGER NOT NULL, -- allow (1) or deny (0)
139 expires FLOAT NOT NULL DEFAULT (5000000), -- expiration of object entry
140 authority INTEGER NOT NULL -- governing authority rule
141 REFERENCES authority(id) ON DELETE CASCADE,
142 -- following fields are for documentation only
143 path TEXT NULL, -- path of object at record creation time
144 ctime FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- record creation time
145 mtime FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- record modification time
146 remarks TEXT NULL -- optional remarks string
147 );
148
149 -- index
150 CREATE INDEX object_type ON object (type);
151 CREATE INDEX object_expires ON object (expires);
152 CREATE UNIQUE INDEX object_hash ON object (hash);
153
154 -- update mtime if a record is changed
155 CREATE TRIGGER object_update AFTER UPDATE ON object
156 BEGIN
157 UPDATE object SET mtime = JULIANDAY('now') WHERE id = old.id;
158 END;
159
160
161 --
162 -- Some useful views on objects. These are for administration; they are not used by the assessor.
163 --
164 CREATE VIEW object_state AS
165 SELECT object.id, object.type, object.allow,
166 CASE object.expires WHEN 5000000 THEN NULL ELSE STRFTIME('%Y-%m-%d %H:%M:%f', object.expires, 'localtime') END AS expiration,
167 (object.expires - JULIANDAY('now')) * 86400 as remaining,
168 authority.label,
169 object.authority,
170 object.path,
171 object.ctime,
172 authority.requirement,
173 authority.disabled,
174 object.remarks
175 FROM object, authority
176 WHERE object.authority = authority.id;
mirror of libsecurity_codesigning