]> git.saurik.com Git - apple/security.git/blame - keychain/TrustedPeersHelper/Policy.swift
projects / apple / security.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Security-59754.80.3.tar.gz
[apple/security.git] / keychain / TrustedPeersHelper / Policy.swift
CommitLineData
b54c578e
A		 1/*
2 * Copyright (c) 2018 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24import Foundation
25
26struct RawPolicy {
b3971512 27 let version: TPPolicyVersion
b54c578e
A		 28 let policyData: String
29 let plaintextPolicy: TPPolicyDocument
30}
31
d64be36e 32let prevailingPolicyVersion = TPPolicyVersion(version: 7, hash: "SHA256:dL8Qujqzprhp6FdH5GzNMtPlnZtLWMwfiiF7aykr8WU=")
b3971512
A		 33
34// Some peers don't know how to handle new policies when pairing. If we're pairing with one of those,
35// we must prepare our identity using this policy.
36let frozenPolicyVersion = TPPolicyVersion(version: 5, hash: "SHA256:O/ECQlWhvNlLmlDNh2+nal/yekUC87bXpV3k+6kznSo=")
b54c578e
A		 37
38func builtInPolicyDocuments() -> [TPPolicyDocument] {
b3971512 39 // swiftlint:disable force_try
b54c578e
A		 40 // These bytes are generated by tppolicy
41 let rawPolicies = [
42 RawPolicy(
b3971512 43 version: TPPolicyVersion(version: 1, hash: "SHA256:TLXrcQmY4ue3oP5pCX1pwsi9BF8cKfohlJBilCroeBs="),
b54c578e
A		 44 policyData: "CAESDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSCwoDTWFjEgRmdWxsEgwKBGlNYWMSBGZ1bGwSDQoHQXBwbGVUVhICdHYSDgoFV2F0Y2gSBXdhdGNoGhEKCVBDU0VzY3JvdxIEZnVsbBoXCgRXaUZpEgRmdWxsEgJ0dhIFd2F0Y2gaGQoRU2FmYXJpQ3JlZGl0Q2FyZHMSBGZ1bGwiDAoEZnVsbBIEZnVsbCIUCgV3YXRjaBIEZnVsbBIFd2F0Y2giDgoCdHYSBGZ1bGwSAnR2",
45 plaintextPolicy: try! TPPolicyDocument(version: 1,
46 modelToCategory: [
47 ["prefix": "iPhone", "category": "full"],
48 ["prefix": "iPad", "category": "full"],
49 ["prefix": "Mac", "category": "full"],
50 ["prefix": "iMac", "category": "full"],
51 ["prefix": "AppleTV", "category": "tv"],
52 ["prefix": "Watch", "category": "watch"],
53 ],
54 categoriesByView: [
55 "PCSEscrow": ["full"],
56 "WiFi": ["full", "tv", "watch"],
57 "SafariCreditCards": ["full"],
58 ],
59 introducersByCategory: [
60 "full": ["full"],
61 "watch": ["full", "watch"],
62 "tv": ["full", "tv"],
63 ],
64 redactions: [:],
65 keyViewMapping: [],
d64be36e
A		 66 userControllableViewList: [],
67 piggybackViews: [],
b54c578e
A		 68 hashAlgo: .SHA256)
69 ),
70
71 RawPolicy(
b3971512 72 version: TPPolicyVersion(version: 2, hash: "SHA256:ZL1WBUCyO155rHBJQeghomCCKGmfjtS0jvsK+UEvx5o="),
b54c578e
A		 73 policyData: "CAISDgoGaUN5Y2xlEgRmdWxsEg4KBmlQaG9uZRIEZnVsbBIMCgRpUGFkEgRmdWxsEgsKA01hYxIEZnVsbBIMCgRpTWFjEgRmdWxsEg0KB0FwcGxlVFYSAnR2Eg4KBVdhdGNoEgV3YXRjaBoRCglQQ1NFc2Nyb3cSBGZ1bGwaFwoEV2lGaRIEZnVsbBICdHYSBXdhdGNoGhkKEVNhZmFyaUNyZWRpdENhcmRzEgRmdWxsIgwKBGZ1bGwSBGZ1bGwiFAoFd2F0Y2gSBGZ1bGwSBXdhdGNoIg4KAnR2EgRmdWxsEgJ0dg==",
74 plaintextPolicy: try! TPPolicyDocument(version: 2,
75 modelToCategory: [
76 ["prefix": "iCycle", "category": "full"],
77 ["prefix": "iPhone", "category": "full"],
78 ["prefix": "iPad", "category": "full"],
79 ["prefix": "Mac", "category": "full"],
80 ["prefix": "iMac", "category": "full"],
81 ["prefix": "AppleTV", "category": "tv"],
82 ["prefix": "Watch", "category": "watch"],
83 ],
84 categoriesByView: [
85 "PCSEscrow": ["full"],
86 "WiFi": ["full", "tv", "watch"],
87 "SafariCreditCards": ["full"],
88 ],
89 introducersByCategory: [
90 "full": ["full"],
91 "tv": ["full", "tv"],
92 "watch": ["full", "watch"],
93 ],
94 redactions: [:],
95 keyViewMapping: [],
d64be36e
A		 96 userControllableViewList: [],
97 piggybackViews: [],
b54c578e
A		 98 hashAlgo: .SHA256)
99 ),
100
b3971512 101 RawPolicy(version: TPPolicyVersion(version: 3, hash: "SHA256:JZzazSuHXrUhiOfSgElsg6vYKpnvvEPVpciR8FewRWg="),
b54c578e
A		 102 policyData: "CAMSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSCwoDTWFjEgRmdWxsEgwKBGlNYWMSBGZ1bGwSDQoHQXBwbGVUVhICdHYSDgoFV2F0Y2gSBXdhdGNoEhcKDkF1ZGlvQWNjZXNzb3J5EgVhdWRpbxocCg1EZXZpY2VQYWlyaW5nEgRmdWxsEgV3YXRjaBoXCghBcHBsZVBheRIEZnVsbBIFd2F0Y2gaJAoVUHJvdGVjdGVkQ2xvdWRTdG9yYWdlEgRmdWxsEgV3YXRjaBoXCghCYWNrc3RvcBIEZnVsbBIFd2F0Y2gaGQoKQXV0b1VubG9jaxIEZnVsbBIFd2F0Y2gaHwoQU2VjdXJlT2JqZWN0U3luYxIEZnVsbBIFd2F0Y2gaIAoRU2FmYXJpQ3JlZGl0Q2FyZHMSBGZ1bGwSBXdhdGNoGhMKBEhvbWUSBGZ1bGwSBXdhdGNoGh4KD1NhZmFyaVBhc3N3b3JkcxIEZnVsbBIFd2F0Y2gaGwoMQXBwbGljYXRpb25zEgRmdWxsEgV3YXRjaBoVCgZFbmdyYW0SBGZ1bGwSBXdhdGNoGi0KE0xpbWl0ZWRQZWVyc0FsbG93ZWQSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aFgoHTWFuYXRlZRIEZnVsbBIFd2F0Y2gaHgoEV2lGaRIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxoVCgZIZWFsdGgSBGZ1bGwSBXdhdGNoIhMKBGZ1bGwSBGZ1bGwSBXdhdGNoIhsKBWF1ZGlvEgRmdWxsEgV3YXRjaBIFYXVkaW8iFAoFd2F0Y2gSBGZ1bGwSBXdhdGNoIhUKAnR2EgRmdWxsEgV3YXRjaBICdHYyIgoWAAQiEgIEdndodAoKXkFwcGxlUGF5JBIIQXBwbGVQYXkyJgoYAAQiFAIEdndodAoMXkF1dG9VbmxvY2skEgpBdXRvVW5sb2NrMh4KFAAEIhACBHZ3aHQKCF5FbmdyYW0kEgZFbmdyYW0yHgoUAAQiEAIEdndodAoIXkhlYWx0aCQSBkhlYWx0aDIaChIABCIOAgR2d2h0CgZeSG9tZSQSBEhvbWUyIAoVAAQiEQIEdndodAoJXk1hbmF0ZWUkEgdNYW5hdGVlMjgKIQAEIh0CBHZ3aHQKFV5MaW1pdGVkUGVlcnNBbGxvd2VkJBITTGltaXRlZFBlZXJzQWxsb3dlZDJdClAAAhIeAAQiGgIEdndodAoSXkNvbnRpbnVpdHlVbmxvY2skEhUABCIRAgR2d2h0CgleSG9tZUtpdCQSFQAEIhECBHZ3aHQKCV5BcHBsZVRWJBIJTm90U3luY2VkMisKGwAEIhcCBGFncnAKD15bMC05QS1aXXsxMH1cLhIMQXBwbGljYXRpb25zMsUBCrABAAISNAABChMABCIPAgVjbGFzcwoGXmdlbnAkChsABCIXAgRhZ3JwCg9eY29tLmFwcGxlLnNiZCQSPQABChMABCIPAgVjbGFzcwoGXmtleXMkCiQABCIgAgRhZ3JwChheY29tLmFwcGxlLnNlY3VyaXR5LnNvcyQSGQAEIhUCBHZ3aHQKDV5CYWNrdXBCYWdWMCQSHAAEIhgCBHZ3aHQKEF5pQ2xvdWRJZGVudGl0eSQSEFNlY3VyZU9iamVjdFN5bmMyYwpbAAISEgAEIg4CBHZ3aHQKBl5XaUZpJBJDAAEKEwAEIg8CBWNsYXNzCgZeZ2VucCQKEwAEIg8CBGFncnAKB15hcHBsZSQKFQAEIhECBHN2Y2UKCV5BaXJQb3J0JBIEV2lGaTLbAgrBAgACEhkABCIVAgR2d2h0Cg1eUENTQ2xvdWRLaXQkEhcABCITAgR2d2h0CgteUENTRXNjcm93JBIUAAQiEAIEdndodAoIXlBDU0ZERSQSGQAEIhUCBHZ3aHQKDV5QQ1NGZWxkc3BhciQSGQAEIhUCBHZ3aHQKDV5QQ1NNYWlsRHJvcCQSGgAEIhYCBHZ3aHQKDl5QQ1NNYXN0ZXJLZXkkEhYABCISAgR2d2h0CgpeUENTTm90ZXMkEhcABCITAgR2d2h0CgteUENTUGhvdG9zJBIYAAQiFAIEdndodAoMXlBDU1NoYXJpbmckEh0ABCIZAgR2d2h0ChFeUENTaUNsb3VkQmFja3VwJBIcAAQiGAIEdndodAoQXlBDU2lDbG91ZERyaXZlJBIZAAQiFQIEdndodAoNXlBDU2lNZXNzYWdlJBIVUHJvdGVjdGVkQ2xvdWRTdG9yYWdlMkAKKwAEIicCBGFncnAKH15jb20uYXBwbGUuc2FmYXJpLmNyZWRpdC1jYXJkcyQSEVNhZmFyaUNyZWRpdENhcmRzMjQKIQAEIh0CBGFncnAKFV5jb20uYXBwbGUuY2ZuZXR3b3JrJBIPU2FmYXJpUGFzc3dvcmRzMm0KXAACEh4ABCIaAgR2d2h0ChJeQWNjZXNzb3J5UGFpcmluZyQSGgAEIhYCBHZ3aHQKDl5OYW5vUmVnaXN0cnkkEhwABCIYAgR2d2h0ChBeV2F0Y2hNaWdyYXRpb24kEg1EZXZpY2VQYWlyaW5nMi0KIQAEIh0CBGFncnAKFV5jb20uYXBwbGUuY2ZuZXR3b3JrJBIIQmFja3N0b3A=",
103 plaintextPolicy: try! TPPolicyDocument(version: 3,
104 modelToCategory: [
105 ["prefix": "iPhone", "category": "full"],
106 ["prefix": "iPad", "category": "full"],
107 ["prefix": "Mac", "category": "full"],
108 ["prefix": "iMac", "category": "full"],
109 ["prefix": "AppleTV", "category": "tv"],
110 ["prefix": "Watch", "category": "watch"],
111 ["prefix": "AudioAccessory", "category": "audio"],
112 ],
113 categoriesByView: [
114 "AutoUnlock": ["full", "watch"],
115 "ApplePay": ["full", "watch"],
116 "Engram": ["full", "watch"],
117 "Health": ["full", "watch"],
118 "Home": ["full", "watch"],
119 "LimitedPeersAllowed": ["full", "watch", "tv", "audio"],
120 "Manatee": ["full", "watch"],
121
122 "Applications": ["full", "watch"],
123 "SecureObjectSync": ["full", "watch"],
124 "WiFi": ["full", "watch", "tv", "audio"],
125 "ProtectedCloudStorage": ["full", "watch"],
126 "SafariCreditCards": ["full", "watch"],
127 "SafariPasswords": ["full", "watch"],
128 "DevicePairing": ["full", "watch"],
129 "Backstop": ["full", "watch"],
130 ],
131 introducersByCategory: [
132 "full": ["full", "watch"],
133 "watch": ["full", "watch"],
134 "tv": ["full", "watch", "tv"],
135 "audio": ["full", "watch", "audio"],
136 ],
137 redactions: [:],
138 keyViewMapping: [
139 TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")),
140 TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")),
141 TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")),
142 TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")),
143 TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")),
144 TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")),
145 TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")),
146
147 // These items will not be synced by Octagon
148 TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule:
149 TPDictionaryMatchingRule.orMatch([
150 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"),
151 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"),
152 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"),
153 ])),
154
155 TPPBPolicyKeyViewMapping(view: "Applications", matchingRule:
156 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")),
157
158 TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule:
159 TPDictionaryMatchingRule.orMatch([
160 TPDictionaryMatchingRule.andMatch([
161 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
162 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.sbd$"),
163 ]),
164 TPDictionaryMatchingRule.andMatch([
165 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"),
166 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.security.sos$"),
167 ]),
168 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"),
169 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"),
170 ])),
171
172 TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule:
173 TPDictionaryMatchingRule.orMatch([
174 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"),
175 TPDictionaryMatchingRule.andMatch([
176 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
177 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"),
178 TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"),
179 ]),
180 ])),
181
182 TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule:
183 TPDictionaryMatchingRule.orMatch([
184 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSCloudKit$"),
185 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSEscrow$"),
186 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSFDE$"),
187 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSFeldspar$"),
188 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSMailDrop$"),
189 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSMasterKey$"),
190 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSNotes$"),
191 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSPhotos$"),
192 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSSharing$"),
193 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSiCloudBackup$"),
194 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSiCloudDrive$"),
195 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSiMessage$"),
196 ])),
197
198 TPPBPolicyKeyViewMapping(view: "SafariCreditCards",
199 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.safari.credit-cards$")),
200
201 TPPBPolicyKeyViewMapping(view: "SafariPasswords",
202 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")),
203
204 TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule:
205 TPDictionaryMatchingRule.orMatch([
206 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"),
207 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"),
208 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"),
209 ])),
210
211 TPPBPolicyKeyViewMapping(view: "Backstop",
212 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")),
213 ],
d64be36e
A		 214 userControllableViewList: [],
215 piggybackViews: [],
b54c578e
A		 216 hashAlgo: .SHA256)
217 ),
b3971512 218 RawPolicy(version: TPPolicyVersion(version: 4, hash: "SHA256:Tjdu5QrWGvKWMx7k3VWFrEWSsBDPZAwCql9ybDkvFs8="),
b54c578e
A		 219 policyData: "CAQSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSCwoDTWFjEgRmdWxsEgwKBGlNYWMSBGZ1bGwSDQoHQXBwbGVUVhICdHYSDgoFV2F0Y2gSBXdhdGNoEhcKDkF1ZGlvQWNjZXNzb3J5EgVhdWRpbxoTCgRIb21lEgRmdWxsEgV3YXRjaBobCgxBcHBsaWNhdGlvbnMSBGZ1bGwSBXdhdGNoGh4KBFdpRmkSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aGQoKQXV0b1VubG9jaxIEZnVsbBIFd2F0Y2gaFwoIQXBwbGVQYXkSBGZ1bGwSBXdhdGNoGhUKBkhlYWx0aBIEZnVsbBIFd2F0Y2gaFgoHTWFuYXRlZRIEZnVsbBIFd2F0Y2gaLQoTTGltaXRlZFBlZXJzQWxsb3dlZBIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxokChVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2USBGZ1bGwSBXdhdGNoGhgKCVBhc3N3b3JkcxIEZnVsbBIFd2F0Y2gaHAoNRGV2aWNlUGFpcmluZxIEZnVsbBIFd2F0Y2gaHwoQU2VjdXJlT2JqZWN0U3luYxIEZnVsbBIFd2F0Y2gaFQoGRW5ncmFtEgRmdWxsEgV3YXRjaBoaCgtDcmVkaXRDYXJkcxIEZnVsbBIFd2F0Y2giGwoFYXVkaW8SBGZ1bGwSBXdhdGNoEgVhdWRpbyITCgRmdWxsEgRmdWxsEgV3YXRjaCIUCgV3YXRjaBIEZnVsbBIFd2F0Y2giFQoCdHYSBGZ1bGwSBXdhdGNoEgJ0djIiChYABCISAgR2d2h0CgpeQXBwbGVQYXkkEghBcHBsZVBheTImChgABCIUAgR2d2h0CgxeQXV0b1VubG9jayQSCkF1dG9VbmxvY2syHgoUAAQiEAIEdndodAoIXkVuZ3JhbSQSBkVuZ3JhbTIeChQABCIQAgR2d2h0CgheSGVhbHRoJBIGSGVhbHRoMhoKEgAEIg4CBHZ3aHQKBl5Ib21lJBIESG9tZTIgChUABCIRAgR2d2h0CgleTWFuYXRlZSQSB01hbmF0ZWUyOAohAAQiHQIEdndodAoVXkxpbWl0ZWRQZWVyc0FsbG93ZWQkEhNMaW1pdGVkUGVlcnNBbGxvd2VkMl0KUAACEh4ABCIaAgR2d2h0ChJeQ29udGludWl0eVVubG9jayQSFQAEIhECBHZ3aHQKCV5Ib21lS2l0JBIVAAQiEQIEdndodAoJXkFwcGxlVFYkEglOb3RTeW5jZWQyKwobAAQiFwIEYWdycAoPXlswLTlBLVpdezEwfVwuEgxBcHBsaWNhdGlvbnMyxQEKsAEAAhI0AAEKEwAEIg8CBWNsYXNzCgZeZ2VucCQKGwAEIhcCBGFncnAKD15jb20uYXBwbGUuc2JkJBI9AAEKEwAEIg8CBWNsYXNzCgZea2V5cyQKJAAEIiACBGFncnAKGF5jb20uYXBwbGUuc2VjdXJpdHkuc29zJBIZAAQiFQIEdndodAoNXkJhY2t1cEJhZ1YwJBIcAAQiGAIEdndodAoQXmlDbG91ZElkZW50aXR5JBIQU2VjdXJlT2JqZWN0U3luYzJjClsAAhISAAQiDgIEdndodAoGXldpRmkkEkMAAQoTAAQiDwIFY2xhc3MKBl5nZW5wJAoTAAQiDwIEYWdycAoHXmFwcGxlJAoVAAQiEQIEc3ZjZQoJXkFpclBvcnQkEgRXaUZpMucCCs0CAAISGgAEIhYCBHZ3aHQKDl5QQ1MtQ2xvdWRLaXQkEhgABCIUAgR2d2h0CgxeUENTLUVzY3JvdyQSFQAEIhECBHZ3aHQKCV5QQ1MtRkRFJBIaAAQiFgIEdndodAoOXlBDUy1GZWxkc3BhciQSGgAEIhYCBHZ3aHQKDl5QQ1MtTWFpbERyb3AkEhsABCIXAgR2d2h0Cg9eUENTLU1hc3RlcktleSQSFwAEIhMCBHZ3aHQKC15QQ1MtTm90ZXMkEhgABCIUAgR2d2h0CgxeUENTLVBob3RvcyQSGQAEIhUCBHZ3aHQKDV5QQ1MtU2hhcmluZyQSHgAEIhoCBHZ3aHQKEl5QQ1MtaUNsb3VkQmFja3VwJBIdAAQiGQIEdndodAoRXlBDUy1pQ2xvdWREcml2ZSQSGgAEIhYCBHZ3aHQKDl5QQ1MtaU1lc3NhZ2UkEhVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2UyOgorAAQiJwIEYWdycAofXmNvbS5hcHBsZS5zYWZhcmkuY3JlZGl0LWNhcmRzJBILQ3JlZGl0Q2FyZHMyLgohAAQiHQIEYWdycAoVXmNvbS5hcHBsZS5jZm5ldHdvcmskEglQYXNzd29yZHMybQpcAAISHgAEIhoCBHZ3aHQKEl5BY2Nlc3NvcnlQYWlyaW5nJBIaAAQiFgIEdndodAoOXk5hbm9SZWdpc3RyeSQSHAAEIhgCBHZ3aHQKEF5XYXRjaE1pZ3JhdGlvbiQSDURldmljZVBhaXJpbmc=",
220 plaintextPolicy: try! TPPolicyDocument(version: 4,
221 modelToCategory: [
222 ["prefix": "iPhone", "category": "full"],
223 ["prefix": "iPad", "category": "full"],
224 ["prefix": "Mac", "category": "full"],
225 ["prefix": "iMac", "category": "full"],
226 ["prefix": "AppleTV", "category": "tv"],
227 ["prefix": "Watch", "category": "watch"],
228 ["prefix": "AudioAccessory", "category": "audio"],
229 ],
230 categoriesByView: [
231 "AutoUnlock": ["full", "watch"],
232 "ApplePay": ["full", "watch"],
233 "Engram": ["full", "watch"],
234 "Health": ["full", "watch"],
235 "Home": ["full", "watch"],
236 "LimitedPeersAllowed": ["full", "watch", "tv", "audio"],
237 "Manatee": ["full", "watch"],
238 "Applications": ["full", "watch"],
239 "SecureObjectSync": ["full", "watch"],
240 "WiFi": ["full", "watch", "tv", "audio"],
241 "ProtectedCloudStorage": ["full", "watch"],
242 "CreditCards": ["full", "watch"],
243 "Passwords": ["full", "watch"],
244 "DevicePairing": ["full", "watch"],
245 ],
246 introducersByCategory: [
247 "full": ["full", "watch"],
248 "watch": ["full", "watch"],
249 "tv": ["full", "watch", "tv"],
250 "audio": ["full", "watch", "audio"],
251 ],
252 redactions: [:],
253 keyViewMapping: [
254 TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")),
255 TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")),
256 TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")),
257 TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")),
258 TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")),
259 TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")),
260 TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")),
261
262 // These items will not be synced by Octagon
263 TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule:
264 TPDictionaryMatchingRule.orMatch([
265 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"),
266 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"),
267 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"),
268 ])),
269
270 TPPBPolicyKeyViewMapping(view: "Applications", matchingRule:
271 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")),
272
273 TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule:
274 TPDictionaryMatchingRule.orMatch([
275 TPDictionaryMatchingRule.andMatch([
276 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
277 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.sbd$"),
278 ]),
279 TPDictionaryMatchingRule.andMatch([
280 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"),
281 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.security.sos$"),
282 ]),
283 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"),
284 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"),
285 ])),
286
287 TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule:
288 TPDictionaryMatchingRule.orMatch([
289 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"),
290 TPDictionaryMatchingRule.andMatch([
291 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
292 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"),
293 TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"),
294 ]),
295 ])),
296
297 TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule:
298 TPDictionaryMatchingRule.orMatch([
299 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-CloudKit$"),
300 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Escrow$"),
301 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-FDE$"),
302 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Feldspar$"),
303 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MailDrop$"),
304 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MasterKey$"),
305 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Notes$"),
306 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Photos$"),
307 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Sharing$"),
308 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudBackup$"),
309 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudDrive$"),
310 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iMessage$"),
311 ])),
312
313 TPPBPolicyKeyViewMapping(view: "CreditCards",
314 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.safari.credit-cards$")),
315
316 TPPBPolicyKeyViewMapping(view: "Passwords",
317 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")),
318
319 TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule:
320 TPDictionaryMatchingRule.orMatch([
321 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"),
322 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"),
323 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"),
324 ])),
325 ],
d64be36e
A		 326 userControllableViewList: [],
327 piggybackViews: [],
b54c578e
A		 328 hashAlgo: .SHA256)
329 ),
330
b3971512 331 RawPolicy(version: TPPolicyVersion(version: 5, hash: "SHA256:O/ECQlWhvNlLmlDNh2+nal/yekUC87bXpV3k+6kznSo="),
b54c578e
A		 332 policyData: "CAUSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSDAoEaVBvZBIEZnVsbBILCgNNYWMSBGZ1bGwSDAoEaU1hYxIEZnVsbBINCgdBcHBsZVRWEgJ0dhIOCgVXYXRjaBIFd2F0Y2gSFwoOQXVkaW9BY2Nlc3NvcnkSBWF1ZGlvGhsKDEFwcGxpY2F0aW9ucxIEZnVsbBIFd2F0Y2gaHwoQU2VjdXJlT2JqZWN0U3luYxIEZnVsbBIFd2F0Y2gaHAoNRGV2aWNlUGFpcmluZxIEZnVsbBIFd2F0Y2gaGgoLQ3JlZGl0Q2FyZHMSBGZ1bGwSBXdhdGNoGhUKBkhlYWx0aBIEZnVsbBIFd2F0Y2gaLQoTTGltaXRlZFBlZXJzQWxsb3dlZBIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxokChVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2USBGZ1bGwSBXdhdGNoGhcKCEFwcGxlUGF5EgRmdWxsEgV3YXRjaBoZCgpBdXRvVW5sb2NrEgRmdWxsEgV3YXRjaBoWCgdNYW5hdGVlEgRmdWxsEgV3YXRjaBoYCglQYXNzd29yZHMSBGZ1bGwSBXdhdGNoGhUKBkVuZ3JhbRIEZnVsbBIFd2F0Y2gaHgoEV2lGaRIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxoTCgRIb21lEgRmdWxsEgV3YXRjaCIbCgVhdWRpbxIEZnVsbBIFd2F0Y2gSBWF1ZGlvIhMKBGZ1bGwSBGZ1bGwSBXdhdGNoIhUKAnR2EgRmdWxsEgV3YXRjaBICdHYiFAoFd2F0Y2gSBGZ1bGwSBXdhdGNoMiIKFgAEIhICBHZ3aHQKCl5BcHBsZVBheSQSCEFwcGxlUGF5MiYKGAAEIhQCBHZ3aHQKDF5BdXRvVW5sb2NrJBIKQXV0b1VubG9jazIeChQABCIQAgR2d2h0CgheRW5ncmFtJBIGRW5ncmFtMh4KFAAEIhACBHZ3aHQKCF5IZWFsdGgkEgZIZWFsdGgyGgoSAAQiDgIEdndodAoGXkhvbWUkEgRIb21lMiAKFQAEIhECBHZ3aHQKCV5NYW5hdGVlJBIHTWFuYXRlZTI4CiEABCIdAgR2d2h0ChVeTGltaXRlZFBlZXJzQWxsb3dlZCQSE0xpbWl0ZWRQZWVyc0FsbG93ZWQyXQpQAAISHgAEIhoCBHZ3aHQKEl5Db250aW51aXR5VW5sb2NrJBIVAAQiEQIEdndodAoJXkhvbWVLaXQkEhUABCIRAgR2d2h0CgleQXBwbGVUViQSCU5vdFN5bmNlZDIrChsABCIXAgRhZ3JwCg9eWzAtOUEtWl17MTB9XC4SDEFwcGxpY2F0aW9uczLFAQqwAQACEjQAAQoTAAQiDwIFY2xhc3MKBl5nZW5wJAobAAQiFwIEYWdycAoPXmNvbS5hcHBsZS5zYmQkEj0AAQoTAAQiDwIFY2xhc3MKBl5rZXlzJAokAAQiIAIEYWdycAoYXmNvbS5hcHBsZS5zZWN1cml0eS5zb3MkEhkABCIVAgR2d2h0Cg1eQmFja3VwQmFnVjAkEhwABCIYAgR2d2h0ChBeaUNsb3VkSWRlbnRpdHkkEhBTZWN1cmVPYmplY3RTeW5jMmMKWwACEhIABCIOAgR2d2h0CgZeV2lGaSQSQwABChMABCIPAgVjbGFzcwoGXmdlbnAkChMABCIPAgRhZ3JwCgdeYXBwbGUkChUABCIRAgRzdmNlCgleQWlyUG9ydCQSBFdpRmkynQMKgwMAAhIYAAQiFAIEdndodAoMXlBDUy1CYWNrdXAkEhoABCIWAgR2d2h0Cg5eUENTLUNsb3VkS2l0JBIYAAQiFAIEdndodAoMXlBDUy1Fc2Nyb3ckEhUABCIRAgR2d2h0CgleUENTLUZERSQSGgAEIhYCBHZ3aHQKDl5QQ1MtRmVsZHNwYXIkEhoABCIWAgR2d2h0Cg5eUENTLU1haWxEcm9wJBIaAAQiFgIEdndodAoOXlBDUy1NYWlsZHJvcCQSGwAEIhcCBHZ3aHQKD15QQ1MtTWFzdGVyS2V5JBIXAAQiEwIEdndodAoLXlBDUy1Ob3RlcyQSGAAEIhQCBHZ3aHQKDF5QQ1MtUGhvdG9zJBIZAAQiFQIEdndodAoNXlBDUy1TaGFyaW5nJBIeAAQiGgIEdndodAoSXlBDUy1pQ2xvdWRCYWNrdXAkEh0ABCIZAgR2d2h0ChFeUENTLWlDbG91ZERyaXZlJBIaAAQiFgIEdndodAoOXlBDUy1pTWVzc2FnZSQSFVByb3RlY3RlZENsb3VkU3RvcmFnZTI6CisABCInAgRhZ3JwCh9eY29tLmFwcGxlLnNhZmFyaS5jcmVkaXQtY2FyZHMkEgtDcmVkaXRDYXJkczIuCiEABCIdAgRhZ3JwChVeY29tLmFwcGxlLmNmbmV0d29yayQSCVBhc3N3b3JkczJtClwAAhIeAAQiGgIEdndodAoSXkFjY2Vzc29yeVBhaXJpbmckEhoABCIWAgR2d2h0Cg5eTmFub1JlZ2lzdHJ5JBIcAAQiGAIEdndodAoQXldhdGNoTWlncmF0aW9uJBINRGV2aWNlUGFpcmluZzIOCgIABhIIQmFja3N0b3A=",
333 plaintextPolicy: try! TPPolicyDocument(version: 5,
334 modelToCategory: [
335 ["prefix": "iPhone", "category": "full"],
336 ["prefix": "iPad", "category": "full"],
337 ["prefix": "iPod", "category": "full"],
338 ["prefix": "Mac", "category": "full"],
339 ["prefix": "iMac", "category": "full"],
340 ["prefix": "AppleTV", "category": "tv"],
341 ["prefix": "Watch", "category": "watch"],
342 ["prefix": "AudioAccessory", "category": "audio"],
343 ],
344 categoriesByView: [
345 "AutoUnlock": ["full", "watch"],
346 "ApplePay": ["full", "watch"],
347 "Engram": ["full", "watch"],
348 "Health": ["full", "watch"],
349 "Home": ["full", "watch"],
350 "LimitedPeersAllowed": ["full", "watch", "tv", "audio"],
351 "Manatee": ["full", "watch"],
352 "Applications": ["full", "watch"],
353 "SecureObjectSync": ["full", "watch"],
354 "WiFi": ["full", "watch", "tv", "audio"],
355 "ProtectedCloudStorage": ["full", "watch"],
356 "CreditCards": ["full", "watch"],
357 "Passwords": ["full", "watch"],
358 "DevicePairing": ["full", "watch"],
359 ],
360 introducersByCategory: [
361 "full": ["full", "watch"],
362 "watch": ["full", "watch"],
363 "tv": ["full", "watch", "tv"],
364 "audio": ["full", "watch", "audio"],
365 ],
366 redactions: [:],
367 keyViewMapping: [
368 TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")),
369 TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")),
370 TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")),
371 TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")),
372 TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")),
373 TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")),
374 TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")),
375
376 // These items will not be synced by Octagon
377 TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule:
378 TPDictionaryMatchingRule.orMatch([
379 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"),
380 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"),
381 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"),
382 ])),
383
384 TPPBPolicyKeyViewMapping(view: "Applications", matchingRule:
385 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")),
386
387 TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule:
388 TPDictionaryMatchingRule.orMatch([
389 TPDictionaryMatchingRule.andMatch([
390 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
391 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.sbd$"),
392 ]),
393 TPDictionaryMatchingRule.andMatch([
394 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"),
395 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.security.sos$"),
396 ]),
397 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"),
398 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"),
399 ])),
400
401 TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule:
402 TPDictionaryMatchingRule.orMatch([
403 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"),
404 TPDictionaryMatchingRule.andMatch([
405 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
406 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"),
407 TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"),
408 ]),
409 ])),
410
411 TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule:
412 TPDictionaryMatchingRule.orMatch([
413 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Backup$"),
414 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-CloudKit$"),
415 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Escrow$"),
416 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-FDE$"),
417 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Feldspar$"),
418 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MailDrop$"),
419 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Maildrop$"),
420 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MasterKey$"),
421 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Notes$"),
422 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Photos$"),
423 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Sharing$"),
424 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudBackup$"),
425 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudDrive$"),
426 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iMessage$"),
427 ])),
428
429 TPPBPolicyKeyViewMapping(view: "CreditCards",
430 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.safari.credit-cards$")),
431
432 TPPBPolicyKeyViewMapping(view: "Passwords",
433 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")),
434
435 TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule:
436 TPDictionaryMatchingRule.orMatch([
437 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"),
438 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"),
439 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"),
440 ])),
441
442 TPPBPolicyKeyViewMapping(view: "Backstop", matchingRule:
443 TPDictionaryMatchingRule.trueMatch()),
444 ],
d64be36e
A		 445 userControllableViewList: [],
446 piggybackViews: [],
b54c578e
A		 447 hashAlgo: .SHA256)
448 ),
b3971512
A		 449
450 RawPolicy(version: TPPolicyVersion(version: 6, hash: "SHA256:L2Px1aYyR1tgChe8dIyTBSmCHCWEFJirZ3ELMFXz2PY="),
451 policyData: "CAYSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSDAoEaVBvZBIEZnVsbBILCgNNYWMSBGZ1bGwSDAoEaU1hYxIEZnVsbBINCgdBcHBsZVRWEgJ0dhIOCgVXYXRjaBIFd2F0Y2gSFwoOQXVkaW9BY2Nlc3NvcnkSBWF1ZGlvGhoKC0NyZWRpdENhcmRzEgRmdWxsEgV3YXRjaBofChBTZWN1cmVPYmplY3RTeW5jEgRmdWxsEgV3YXRjaBoVCgZIZWFsdGgSBGZ1bGwSBXdhdGNoGhkKCkF1dG9VbmxvY2sSBGZ1bGwSBXdhdGNoGh4KBFdpRmkSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aHgoESG9tZRIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxokChVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2USBGZ1bGwSBXdhdGNoGi0KE0xpbWl0ZWRQZWVyc0FsbG93ZWQSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aGAoJUGFzc3dvcmRzEgRmdWxsEgV3YXRjaBobCgxBcHBsaWNhdGlvbnMSBGZ1bGwSBXdhdGNoGhwKDURldmljZVBhaXJpbmcSBGZ1bGwSBXdhdGNoGhcKCEFwcGxlUGF5EgRmdWxsEgV3YXRjaBoWCgdNYW5hdGVlEgRmdWxsEgV3YXRjaBoVCgZFbmdyYW0SBGZ1bGwSBXdhdGNoIhsKBWF1ZGlvEgRmdWxsEgV3YXRjaBIFYXVkaW8iFQoCdHYSBGZ1bGwSBXdhdGNoEgJ0diIUCgV3YXRjaBIEZnVsbBIFd2F0Y2giEwoEZnVsbBIEZnVsbBIFd2F0Y2gyIgoWAAQiEgIEdndodAoKXkFwcGxlUGF5JBIIQXBwbGVQYXkyJgoYAAQiFAIEdndodAoMXkF1dG9VbmxvY2skEgpBdXRvVW5sb2NrMh4KFAAEIhACBHZ3aHQKCF5FbmdyYW0kEgZFbmdyYW0yHgoUAAQiEAIEdndodAoIXkhlYWx0aCQSBkhlYWx0aDIaChIABCIOAgR2d2h0CgZeSG9tZSQSBEhvbWUyIAoVAAQiEQIEdndodAoJXk1hbmF0ZWUkEgdNYW5hdGVlMjgKIQAEIh0CBHZ3aHQKFV5MaW1pdGVkUGVlcnNBbGxvd2VkJBITTGltaXRlZFBlZXJzQWxsb3dlZDJdClAAAhIeAAQiGgIEdndodAoSXkNvbnRpbnVpdHlVbmxvY2skEhUABCIRAgR2d2h0CgleSG9tZUtpdCQSFQAEIhECBHZ3aHQKCV5BcHBsZVRWJBIJTm90U3luY2VkMisKGwAEIhcCBGFncnAKD15bMC05QS1aXXsxMH1cLhIMQXBwbGljYXRpb25zMsoBCrUBAAISNgABChMABCIPAgVjbGFzcwoGXmdlbnAkCh0ABCIZAgRhZ3JwChFeY29tXC5hcHBsZVwuc2JkJBJAAAEKEwAEIg8CBWNsYXNzCgZea2V5cyQKJwAEIiMCBGFncnAKG15jb21cLmFwcGxlXC5zZWN1cml0eVwuc29zJBIZAAQiFQIEdndodAoNXkJhY2t1cEJhZ1YwJBIcAAQiGAIEdndodAoQXmlDbG91ZElkZW50aXR5JBIQU2VjdXJlT2JqZWN0U3luYzJjClsAAhISAAQiDgIEdndodAoGXldpRmkkEkMAAQoTAAQiDwIFY2xhc3MKBl5nZW5wJAoTAAQiDwIEYWdycAoHXmFwcGxlJAoVAAQiEQIEc3ZjZQoJXkFpclBvcnQkEgRXaUZpMp0DCoMDAAISGAAEIhQCBHZ3aHQKDF5QQ1MtQmFja3VwJBIaAAQiFgIEdndodAoOXlBDUy1DbG91ZEtpdCQSGAAEIhQCBHZ3aHQKDF5QQ1MtRXNjcm93JBIVAAQiEQIEdndodAoJXlBDUy1GREUkEhoABCIWAgR2d2h0Cg5eUENTLUZlbGRzcGFyJBIaAAQiFgIEdndodAoOXlBDUy1NYWlsRHJvcCQSGgAEIhYCBHZ3aHQKDl5QQ1MtTWFpbGRyb3AkEhsABCIXAgR2d2h0Cg9eUENTLU1hc3RlcktleSQSFwAEIhMCBHZ3aHQKC15QQ1MtTm90ZXMkEhgABCIUAgR2d2h0CgxeUENTLVBob3RvcyQSGQAEIhUCBHZ3aHQKDV5QQ1MtU2hhcmluZyQSHgAEIhoCBHZ3aHQKEl5QQ1MtaUNsb3VkQmFja3VwJBIdAAQiGQIEdndodAoRXlBDUy1pQ2xvdWREcml2ZSQSGgAEIhYCBHZ3aHQKDl5QQ1MtaU1lc3NhZ2UkEhVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2UyPQouAAQiKgIEYWdycAoiXmNvbVwuYXBwbGVcLnNhZmFyaVwuY3JlZGl0LWNhcmRzJBILQ3JlZGl0Q2FyZHMyMAojAAQiHwIEYWdycAoXXmNvbVwuYXBwbGVcLmNmbmV0d29yayQSCVBhc3N3b3JkczJtClwAAhIeAAQiGgIEdndodAoSXkFjY2Vzc29yeVBhaXJpbmckEhoABCIWAgR2d2h0Cg5eTmFub1JlZ2lzdHJ5JBIcAAQiGAIEdndodAoQXldhdGNoTWlncmF0aW9uJBINRGV2aWNlUGFpcmluZzIOCgIABhIIQmFja3N0b3A=",
452 plaintextPolicy: try! TPPolicyDocument(version: 6,
453 modelToCategory: [
454 ["prefix": "iPhone", "category": "full"],
455 ["prefix": "iPad", "category": "full"],
456 ["prefix": "iPod", "category": "full"],
457 ["prefix": "Mac", "category": "full"],
458 ["prefix": "iMac", "category": "full"],
459 ["prefix": "AppleTV", "category": "tv"],
460 ["prefix": "Watch", "category": "watch"],
461 ["prefix": "AudioAccessory", "category": "audio"],
462 ],
463 categoriesByView: [
464 "AutoUnlock": ["full", "watch"],
465 "ApplePay": ["full", "watch"],
466 "Engram": ["full", "watch"],
467 "Health": ["full", "watch"],
468 "Home": ["full", "watch", "tv", "audio"],
469 "LimitedPeersAllowed": ["full", "watch", "tv", "audio"],
470 "Manatee": ["full", "watch"],
471 "Applications": ["full", "watch"],
472 "SecureObjectSync": ["full", "watch"],
473 "WiFi": ["full", "watch", "tv", "audio"],
474 "ProtectedCloudStorage": ["full", "watch"],
475 "CreditCards": ["full", "watch"],
476 "Passwords": ["full", "watch"],
477 "DevicePairing": ["full", "watch"],
478 ],
479 introducersByCategory: [
480 "full": ["full", "watch"],
481 "watch": ["full", "watch"],
482 "tv": ["full", "watch", "tv"],
483 "audio": ["full", "watch", "audio"],
484 ],
485 redactions: [:],
486 keyViewMapping: [
487 TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")),
488 TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")),
489 TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")),
490 TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")),
491 TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")),
492 TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")),
493 TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")),
494
495 // These items will not be synced by Octagon
496 TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule:
497 TPDictionaryMatchingRule.orMatch([
498 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"),
499 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"),
500 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"),
501 ])),
502
503 TPPBPolicyKeyViewMapping(view: "Applications", matchingRule:
504 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")),
505
506 TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule:
507 TPDictionaryMatchingRule.orMatch([
508 TPDictionaryMatchingRule.andMatch([
509 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
510 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com\\.apple\\.sbd$"),
511 ]),
512 TPDictionaryMatchingRule.andMatch([
513 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"),
514 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com\\.apple\\.security\\.sos$"),
515 ]),
516 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"),
517 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"),
518 ])),
519
520 TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule:
521 TPDictionaryMatchingRule.orMatch([
522 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"),
523 TPDictionaryMatchingRule.andMatch([
524 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
525 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"),
526 TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"),
527 ]),
528 ])),
529
530 TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule:
531 TPDictionaryMatchingRule.orMatch([
532 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Backup$"),
533 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-CloudKit$"),
534 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Escrow$"),
535 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-FDE$"),
536 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Feldspar$"),
537 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MailDrop$"),
538 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Maildrop$"),
539 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MasterKey$"),
540 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Notes$"),
541 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Photos$"),
542 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Sharing$"),
543 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudBackup$"),
544 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudDrive$"),
545 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iMessage$"),
546 ])),
547
548 TPPBPolicyKeyViewMapping(view: "CreditCards",
549 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com\\.apple\\.safari\\.credit-cards$")),
550
551 TPPBPolicyKeyViewMapping(view: "Passwords",
552 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com\\.apple\\.cfnetwork$")),
553
554 TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule:
555 TPDictionaryMatchingRule.orMatch([
556 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"),
557 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"),
558 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"),
559 ])),
560
561 TPPBPolicyKeyViewMapping(view: "Backstop", matchingRule:
562 TPDictionaryMatchingRule.trueMatch()),
563 ],
d64be36e
A		 564 userControllableViewList: [],
565 piggybackViews: [],
566 hashAlgo: .SHA256)
567 ),
568 RawPolicy(version: TPPolicyVersion(version: 7, hash: "SHA256:dL8Qujqzprhp6FdH5GzNMtPlnZtLWMwfiiF7aykr8WU="),
569 policyData: "CAcSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSDAoEaVBvZBIEZnVsbBILCgNNYWMSBGZ1bGwSDAoEaU1hYxIEZnVsbBINCgdBcHBsZVRWEgJ0dhIOCgVXYXRjaBIFd2F0Y2gSFwoOQXVkaW9BY2Nlc3NvcnkSBWF1ZGlvGh4KBEhvbWUSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aJAoVUHJvdGVjdGVkQ2xvdWRTdG9yYWdlEgRmdWxsEgV3YXRjaBoYCglQYXNzd29yZHMSBGZ1bGwSBXdhdGNoGh8KEFNlY3VyZU9iamVjdFN5bmMSBGZ1bGwSBXdhdGNoGh4KBFdpRmkSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aGgoLQ3JlZGl0Q2FyZHMSBGZ1bGwSBXdhdGNoGhcKCEFwcGxlUGF5EgRmdWxsEgV3YXRjaBoVCgZIZWFsdGgSBGZ1bGwSBXdhdGNoGhkKCkF1dG9VbmxvY2sSBGZ1bGwSBXdhdGNoGi0KE0xpbWl0ZWRQZWVyc0FsbG93ZWQSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aHAoNRGV2aWNlUGFpcmluZxIEZnVsbBIFd2F0Y2gaFgoHTWFuYXRlZRIEZnVsbBIFd2F0Y2gaFQoGRW5ncmFtEgRmdWxsEgV3YXRjaBoXCghCYWNrc3RvcBIEZnVsbBIFd2F0Y2gaGwoMQXBwbGljYXRpb25zEgRmdWxsEgV3YXRjaCITCgRmdWxsEgRmdWxsEgV3YXRjaCIVCgJ0dhIEZnVsbBIFd2F0Y2gSAnR2IhQKBXdhdGNoEgRmdWxsEgV3YXRjaCIbCgVhdWRpbxIEZnVsbBIFd2F0Y2gSBWF1ZGlvMiIKFgAEIhICBHZ3aHQKCl5BcHBsZVBheSQSCEFwcGxlUGF5MiYKGAAEIhQCBHZ3aHQKDF5BdXRvVW5sb2NrJBIKQXV0b1VubG9jazIeChQABCIQAgR2d2h0CgheRW5ncmFtJBIGRW5ncmFtMh4KFAAEIhACBHZ3aHQKCF5IZWFsdGgkEgZIZWFsdGgyGgoSAAQiDgIEdndodAoGXkhvbWUkEgRIb21lMiAKFQAEIhECBHZ3aHQKCV5NYW5hdGVlJBIHTWFuYXRlZTI4CiEABCIdAgR2d2h0ChVeTGltaXRlZFBlZXJzQWxsb3dlZCQSE0xpbWl0ZWRQZWVyc0FsbG93ZWQyXQpQAAISHgAEIhoCBHZ3aHQKEl5Db250aW51aXR5VW5sb2NrJBIVAAQiEQIEdndodAoJXkhvbWVLaXQkEhUABCIRAgR2d2h0CgleQXBwbGVUViQSCU5vdFN5bmNlZDIrChsABCIXAgRhZ3JwCg9eWzAtOUEtWl17MTB9XC4SDEFwcGxpY2F0aW9uczLKAQq1AQACEjYAAQoTAAQiDwIFY2xhc3MKBl5nZW5wJAodAAQiGQIEYWdycAoRXmNvbVwuYXBwbGVcLnNiZCQSQAABChMABCIPAgVjbGFzcwoGXmtleXMkCicABCIjAgRhZ3JwChteY29tXC5hcHBsZVwuc2VjdXJpdHlcLnNvcyQSGQAEIhUCBHZ3aHQKDV5CYWNrdXBCYWdWMCQSHAAEIhgCBHZ3aHQKEF5pQ2xvdWRJZGVudGl0eSQSEFNlY3VyZU9iamVjdFN5bmMyYwpbAAISEgAEIg4CBHZ3aHQKBl5XaUZpJBJDAAEKEwAEIg8CBWNsYXNzCgZeZ2VucCQKEwAEIg8CBGFncnAKB15hcHBsZSQKFQAEIhECBHN2Y2UKCV5BaXJQb3J0JBIEV2lGaTKdAwqDAwACEhgABCIUAgR2d2h0CgxeUENTLUJhY2t1cCQSGgAEIhYCBHZ3aHQKDl5QQ1MtQ2xvdWRLaXQkEhgABCIUAgR2d2h0CgxeUENTLUVzY3JvdyQSFQAEIhECBHZ3aHQKCV5QQ1MtRkRFJBIaAAQiFgIEdndodAoOXlBDUy1GZWxkc3BhciQSGgAEIhYCBHZ3aHQKDl5QQ1MtTWFpbERyb3AkEhoABCIWAgR2d2h0Cg5eUENTLU1haWxkcm9wJBIbAAQiFwIEdndodAoPXlBDUy1NYXN0ZXJLZXkkEhcABCITAgR2d2h0CgteUENTLU5vdGVzJBIYAAQiFAIEdndodAoMXlBDUy1QaG90b3MkEhkABCIVAgR2d2h0Cg1eUENTLVNoYXJpbmckEh4ABCIaAgR2d2h0ChJeUENTLWlDbG91ZEJhY2t1cCQSHQAEIhkCBHZ3aHQKEV5QQ1MtaUNsb3VkRHJpdmUkEhoABCIWAgR2d2h0Cg5eUENTLWlNZXNzYWdlJBIVUHJvdGVjdGVkQ2xvdWRTdG9yYWdlMj0KLgAEIioCBGFncnAKIl5jb21cLmFwcGxlXC5zYWZhcmlcLmNyZWRpdC1jYXJkcyQSC0NyZWRpdENhcmRzMjAKIwAEIh8CBGFncnAKF15jb21cLmFwcGxlXC5jZm5ldHdvcmskEglQYXNzd29yZHMybQpcAAISHgAEIhoCBHZ3aHQKEl5BY2Nlc3NvcnlQYWlyaW5nJBIaAAQiFgIEdndodAoOXk5hbm9SZWdpc3RyeSQSHAAEIhgCBHZ3aHQKEF5XYXRjaE1pZ3JhdGlvbiQSDURldmljZVBhaXJpbmcyDgoCAAYSCEJhY2tzdG9w",
570 plaintextPolicy: try! TPPolicyDocument(version: 7,
571 modelToCategory: [
572 ["prefix": "iPhone", "category": "full"],
573 ["prefix": "iPad", "category": "full"],
574 ["prefix": "iPod", "category": "full"],
575 ["prefix": "Mac", "category": "full"],
576 ["prefix": "iMac", "category": "full"],
577 ["prefix": "AppleTV", "category": "tv"],
578 ["prefix": "Watch", "category": "watch"],
579 ["prefix": "AudioAccessory", "category": "audio"],
580 ],
581 categoriesByView: [
582 "AutoUnlock": ["full", "watch"],
583 "ApplePay": ["full", "watch"],
584 "Backstop": ["full", "watch"],
585 "Engram": ["full", "watch"],
586 "Health": ["full", "watch"],
587 "Home": ["full", "watch", "tv", "audio"],
588 "LimitedPeersAllowed": ["full", "watch", "tv", "audio"],
589 "Manatee": ["full", "watch"],
590 "Applications": ["full", "watch"],
591 "SecureObjectSync": ["full", "watch"],
592 "WiFi": ["full", "watch", "tv", "audio"],
593 "ProtectedCloudStorage": ["full", "watch"],
594 "CreditCards": ["full", "watch"],
595 "Passwords": ["full", "watch"],
596 "DevicePairing": ["full", "watch"],
597 ],
598 introducersByCategory: [
599 "full": ["full", "watch"],
600 "watch": ["full", "watch"],
601 "tv": ["full", "watch", "tv"],
602 "audio": ["full", "watch", "audio"],
603 ],
604 redactions: [:],
605 keyViewMapping: [
606 TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")),
607 TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")),
608 TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")),
609 TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")),
610 TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")),
611 TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")),
612 TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")),
613
614 // These items will not be synced by Octagon
615 TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule:
616 TPDictionaryMatchingRule.orMatch([
617 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"),
618 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"),
619 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"),
620 ])),
621
622 TPPBPolicyKeyViewMapping(view: "Applications", matchingRule:
623 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")),
624
625 TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule:
626 TPDictionaryMatchingRule.orMatch([
627 TPDictionaryMatchingRule.andMatch([
628 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
629 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com\\.apple\\.sbd$"),
630 ]),
631 TPDictionaryMatchingRule.andMatch([
632 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"),
633 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com\\.apple\\.security\\.sos$"),
634 ]),
635 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"),
636 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"),
637 ])),
638
639 TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule:
640 TPDictionaryMatchingRule.orMatch([
641 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"),
642 TPDictionaryMatchingRule.andMatch([
643 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
644 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"),
645 TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"),
646 ]),
647 ])),
648
649 TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule:
650 TPDictionaryMatchingRule.orMatch([
651 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Backup$"),
652 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-CloudKit$"),
653 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Escrow$"),
654 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-FDE$"),
655 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Feldspar$"),
656 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MailDrop$"),
657 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Maildrop$"),
658 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MasterKey$"),
659 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Notes$"),
660 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Photos$"),
661 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Sharing$"),
662 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudBackup$"),
663 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudDrive$"),
664 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iMessage$"),
665 ])),
666
667 TPPBPolicyKeyViewMapping(view: "CreditCards",
668 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com\\.apple\\.safari\\.credit-cards$")),
669
670 TPPBPolicyKeyViewMapping(view: "Passwords",
671 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com\\.apple\\.cfnetwork$")),
672
673 TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule:
674 TPDictionaryMatchingRule.orMatch([
675 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"),
676 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"),
677 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"),
678 ])),
679
680 TPPBPolicyKeyViewMapping(view: "Backstop", matchingRule:
681 TPDictionaryMatchingRule.trueMatch()),
682 ],
683 userControllableViewList: [],
684 piggybackViews: [],
b3971512
A		 685 hashAlgo: .SHA256)
686 ),
d64be36e
A		 687
688 // Note to you, the next person to add a policy:
689 // We added user_controllable_views to the policy proto after creating v7. Pushing a new policy just to fill
690 // in that section seemed unnecessary. When you create v8, please fill it in. See the hacky v7 patch in TPPolicy.m.
691 // We added views_to_piggyback to the policy proto after creating v7 as well.
692
b54c578e 693 ]
b3971512 694 // swiftlint:enable force_try
b54c578e 695
b3971512 696 assert(rawPolicies.filter { prevailingPolicyVersion.versionNumber == $0.version.versionNumber }.count == 1)
b54c578e
A		 697
698 return rawPolicies.map { raw in
699 let data = Data(base64Encoded: raw.policyData)!
b3971512
A		 700 let doc = TPPolicyDocument.policyDoc(withHash: raw.version.policyHash, data: data)!
701
d64be36e 702 if !doc.isEqual(to: raw.plaintextPolicy) {
b3971512
A		 703 let bodyData = raw.plaintextPolicy.protobuf
704 let bodyBase64 = bodyData.base64EncodedString()
705 let hash = TPHashBuilder.hash(with: .SHA256, of: bodyData)
706 os_log("raw policy doesn't match encoded bytes, new hash would be: %{public}@ new data: %{public}@", log: tplogDebug, hash, bodyBase64)
707 }
708
709 assert(doc.version.versionNumber == raw.version.versionNumber)
710 if raw.version.versionNumber == prevailingPolicyVersion.versionNumber {
711 assert(prevailingPolicyVersion.policyHash == raw.version.policyHash)
b54c578e
A		 712 }
713 assert(doc.isEqual(to: raw.plaintextPolicy))
714 return doc
715 }
716}
mirror of Security