2 -- Copyright (c) 2011-2012 Apple Inc. All Rights Reserved.
4 -- @APPLE_LICENSE_HEADER_START@
6 -- This file contains Original Code and/or Modifications of Original Code
7 -- as defined in and that are subject to the Apple Public Source License
8 -- Version 2.0 (the 'License'). You may not use this file except in
9 -- compliance with the License. Please obtain a copy of the License at
10 -- http://www.opensource.apple.com/apsl/ and read it before using this
13 -- The Original Code and all software distributed under the License are
14 -- distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 -- EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 -- INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 -- FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 -- Please see the License for the specific language governing rights and
19 -- limitations under the License.
21 -- @APPLE_LICENSE_HEADER_END@
24 -- System Policy master database - file format and initial contents
26 -- This is currently for sqlite3
29 -- Dates are uniformly in julian form. We use 5000000 as the canonical "never" expiration
30 -- value; that's a day in the year 8977.
32 PRAGMA user_version
= 1;
33 PRAGMA foreign_keys
= true;
34 PRAGMA legacy_file_format
= false;
35 PRAGMA recursive_triggers
= true;
39 -- The feature table hold configuration features and options
41 CREATE TABLE feature (
42 id INTEGER PRIMARY KEY, -- canononical
43 name TEXT NOT NULL UNIQUE, -- name of option
44 value TEXT NULL, -- value of option, if any
45 remarks
TEXT NULL -- optional remarks string
50 -- The primary authority. This table is conceptually scanned
51 -- in priority order, with the highest-priority matching enabled record
52 -- determining the outcome.
54 CREATE TABLE authority (
55 id INTEGER PRIMARY KEY AUTOINCREMENT
, -- canonical
56 version INTEGER NOT NULL DEFAULT (1) -- semantic version of this rule
58 type INTEGER NOT NULL, -- operation type
59 requirement
TEXT NULL -- code requirement
60 CHECK ((requirement
IS NULL) = ((flags
& 1) != 0)),
61 allow
INTEGER NOT NULL DEFAULT (1) -- allow (1) or deny (0)
62 CHECK (allow
= 0 OR allow
= 1),
63 disabled
INTEGER NOT NULL DEFAULT (0) -- disable count (stacks; enabled if zero)
64 CHECK (disabled
>= 0),
65 expires
FLOAT NOT NULL DEFAULT (5000000), -- expiration of rule authority (Julian date)
66 priority
REAL NOT NULL DEFAULT (0), -- rule priority (full float)
67 label
TEXT NULL, -- text label for authority rule
68 flags
INTEGER NOT NULL DEFAULT (0), -- amalgamated binary flags
69 -- following fields are for documentation only
70 ctime
FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- rule creation time (Julian)
71 mtime
FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- time rule was last changed (Julian)
72 user TEXT NULL, -- user requesting this rule (NULL if unknown)
73 remarks
TEXT NULL -- optional remarks string
77 CREATE INDEX authority_type
ON authority (type);
78 CREATE INDEX authority_priority
ON authority (priority
);
79 CREATE INDEX authority_expires
ON authority (expires
);
81 -- update mtime if a record is changed
82 CREATE TRIGGER authority_update
AFTER UPDATE ON authority
84 UPDATE authority
SET mtime
= JULIANDAY('now') WHERE id = old.
id;
87 -- rules that are actively considered
88 CREATE VIEW active_authority
AS
89 SELECT * from authority
90 WHERE disabled
= 0 AND JULIANDAY('now') < expires
AND (flags
& 1) = 0;
92 -- rules subject to priority scan: active_authority but including disabled rules
93 CREATE VIEW scan_authority
AS
94 SELECT * from authority
95 WHERE JULIANDAY('now') < expires
AND (flags
& 1) = 0;
99 -- A table to carry (potentially large-ish) filesystem data stored as a bookmark blob.
101 CREATE TABLE bookmarkhints (
102 id INTEGER PRIMARY KEY AUTOINCREMENT
,
103 bookmark
BLOB NOT NULL,
104 authority
INTEGER NOT NULL
105 REFERENCES authority(id) ON DELETE CASCADE
110 -- Upgradable features already contained in this baseline.
111 -- See policydatabase.cpp for upgrade code.
113 INSERT INTO feature (name, value, remarks
)
114 VALUES ('bookmarkhints', 'value', 'builtin');
115 INSERT INTO feature (name, value, remarks
)
116 VALUES ('codesignedpackages', 'value', 'builtin');
120 -- Initial canonical contents of a fresh database
123 -- virtual rule anchoring negative cache entries (no rule found)
124 insert into authority (type, allow
, priority
, flags
, label
)
125 values (1, 0, -1.0E100
, 1, 'No Matching Rule');
127 -- any Apple-signed installers except Developer ID
128 insert into authority (type, allow
, priority
, flags
, label
, requirement
)
129 values (2, 1, -1, 2, 'Apple Installer', 'anchor apple generic and ! certificate 1[field.1.2.840.113635.100.6.2.6]');
131 -- Apple code signing
132 insert into authority (type, allow
, flags
, label
, requirement
)
133 values (1, 1, 2, 'Apple System', 'anchor apple');
135 -- Mac App Store signing
136 insert into authority (type, allow
, flags
, label
, requirement
)
137 values (1, 1, 2, 'Mac App Store', 'anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9] exists');
139 -- Caspian code and archive signing
140 insert into authority (type, allow
, flags
, label
, requirement
)
141 values (1, 1, 2, 'Developer ID', 'anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists');
142 insert into authority (type, allow
, flags
, label
, requirement
)
143 values (2, 1, 2, 'Developer ID', 'anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and (certificate leaf[field.1.2.840.113635.100.6.1.14] or certificate leaf[field.1.2.840.113635.100.6.1.13])');
147 -- The cache table lists previously determined outcomes
148 -- for individual objects (by object hash). Entries come from
149 -- full evaluations of authority records, or by explicitly inserting
150 -- override rules that preempt the normal authority.
151 -- EACH object record must have a parent authority record from which it is derived;
152 -- this may be a normal authority rule or an override rule. If the parent rule is deleted,
153 -- all objects created from it are automatically removed (by sqlite itself).
155 CREATE TABLE object (
156 id INTEGER PRIMARY KEY, -- canonical
157 type INTEGER NOT NULL, -- operation type
158 hash CDHASH
NOT NULL, -- canonical hash of object
159 allow
INTEGER NOT NULL, -- allow (1) or deny (0)
160 expires
FLOAT NOT NULL DEFAULT (5000000), -- expiration of object entry
161 authority
INTEGER NOT NULL -- governing authority rule
162 REFERENCES authority(id) ON DELETE CASCADE,
163 -- following fields are for documentation only
164 path TEXT NULL, -- path of object at record creation time
165 ctime
FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- record creation time
166 mtime
FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- record modification time
167 remarks
TEXT NULL -- optional remarks string
171 CREATE INDEX object_type
ON object (type);
172 CREATE INDEX object_expires
ON object (expires
);
173 CREATE UNIQUE INDEX object_hash
ON object (hash
);
175 -- update mtime if a record is changed
176 CREATE TRIGGER object_update
AFTER UPDATE ON object
178 UPDATE object SET mtime
= JULIANDAY('now') WHERE id = old.
id;
183 -- Some useful views on objects. These are for administration; they are not used by the assessor.
185 CREATE VIEW object_state
AS
186 SELECT object.
id, object.
type, object.allow
,
187 CASE object.expires
WHEN 5000000 THEN NULL ELSE STRFTIME('%Y-%m-%d %H:%M:%f', object.expires
, 'localtime') END AS expiration
,
188 (object.expires
- JULIANDAY('now')) * 86400 as remaining
,
193 authority.requirement
,
196 FROM object, authority
197 WHERE object.authority
= authority.
id;
projects / apple / security.git / blob