[apple/security.git] / OSX / libsecurity_codesigning / gke / gkclear

#!/usr/bin/python
#
# gkclear - clear system state for Gatekeeper recording sessions
#
# This removes DetachedSignatures, resets SystemPolicy, and removes existing gke files.
#
import sys
import os
import signal
import errno
import subprocess
import shutil


#
# Usage and fail
#
def usage():
	print >>sys.stderr, "Usage: %s" % sys.argv[0]
	sys.exit(2)

def fail(whatever):
	print >>sys.stderr, "%s: %s" % (sys.argv[0], whatever)
	sys.exit(1)


#
# Argument processing
#
if len(sys.argv) != 1:
	usage()


#
# Places and things
#
db = "/var/db/"
detachedsignatures = db + "DetachedSignatures"
gkeauth = db + "gke.auth"
gkesigs = db + "gke.sigs"
policydb = db + "SystemPolicy"
policydb_default = db + ".SystemPolicy-default"


# must be root
if os.getuid() != 0:
	fail("Must have root privileges")


#
# Make sure Gatekeeper is disabled
#
subprocess.check_call(["/usr/sbin/spctl", "--master-disable"])


#
# Clear detached signatures database
#
for file in [detachedsignatures, gkeauth, gkesigs]:
	try:
		os.remove(file)
	except OSError, e:
		if e[0] != errno.ENOENT:
			raise


#
# Reset system policy to default values
#
shutil.copyfile(policydb_default, policydb)


#
# Kill any extant syspolicyd to flush state
#
null = open("/dev/null", "w")
subprocess.call(["/usr/bin/killall", "syspolicyd"], stderr=null)


#
# Done
#
print "System state has been reset."
sys.exit(0)
Commit	Line	Data
b1ab9ed8 A	1	#!/usr/bin/python
	2	#
	3	# gkclear - clear system state for Gatekeeper recording sessions
	4	#
	5	# This removes DetachedSignatures, resets SystemPolicy, and removes existing gke files.
	6	#
	7	import sys
	8	import os
	9	import signal
	10	import errno
	11	import subprocess
	12	import shutil
	13
	14
	15	#
	16	# Usage and fail
	17	#
	18	def usage():
	19	print >>sys.stderr, "Usage: %s" % sys.argv[0]
	20	sys.exit(2)
	21
	22	def fail(whatever):
	23	print >>sys.stderr, "%s: %s" % (sys.argv[0], whatever)
	24	sys.exit(1)
	25
	26
	27	#
	28	# Argument processing
	29	#
	30	if len(sys.argv) != 1:
	31	usage()
	32
	33
	34	#
	35	# Places and things
	36	#
	37	db = "/var/db/"
	38	detachedsignatures = db + "DetachedSignatures"
	39	gkeauth = db + "gke.auth"
	40	gkesigs = db + "gke.sigs"
	41	policydb = db + "SystemPolicy"
	42	policydb_default = db + ".SystemPolicy-default"
	43
	44
	45	# must be root
	46	if os.getuid() != 0:
	47	fail("Must have root privileges")
	48
	49
	50	#
	51	# Make sure Gatekeeper is disabled
	52	#
	53	subprocess.check_call(["/usr/sbin/spctl", "--master-disable"])
	54
	55
	56	#
	57	# Clear detached signatures database
	58	#
	59	for file in [detachedsignatures, gkeauth, gkesigs]:
	60	try:
	61	os.remove(file)
	62	except OSError, e:
	63	if e[0] != errno.ENOENT:
	64	raise
65
66
67	#
68	# Reset system policy to default values
69	#
70	shutil.copyfile(policydb_default, policydb)
71
72
73	#
74	# Kill any extant syspolicyd to flush state
75	#
76	null = open("/dev/null", "w")
77	subprocess.call(["/usr/bin/killall", "syspolicyd"], stderr=null)
78
79
80	#
81	# Done
82	#
83	print "System state has been reset."
84	sys.exit(0)