]> git.saurik.com Git - apple/security.git/blob - keychain/TrustedPeersHelper/Policy.swift
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.101.1.tar.gz
[apple/security.git] / keychain / TrustedPeersHelper / Policy.swift
1 /*
2 * Copyright (c) 2018 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 import Foundation
25
26 struct RawPolicy {
27 let version: TPPolicyVersion
28 let policyData: String
29 let plaintextPolicy: TPPolicyDocument
30 }
31
32 let prevailingPolicyVersion = TPPolicyVersion(version: 6, hash: "SHA256:L2Px1aYyR1tgChe8dIyTBSmCHCWEFJirZ3ELMFXz2PY=")
33
34 // Some peers don't know how to handle new policies when pairing. If we're pairing with one of those,
35 // we must prepare our identity using this policy.
36 let frozenPolicyVersion = TPPolicyVersion(version: 5, hash: "SHA256:O/ECQlWhvNlLmlDNh2+nal/yekUC87bXpV3k+6kznSo=")
37
38 func builtInPolicyDocuments() -> [TPPolicyDocument] {
39
40 // swiftlint:disable force_try
41 // These bytes are generated by tppolicy
42 let rawPolicies = [
43 RawPolicy(
44 version: TPPolicyVersion(version: 1, hash: "SHA256:TLXrcQmY4ue3oP5pCX1pwsi9BF8cKfohlJBilCroeBs="),
45 policyData: "CAESDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSCwoDTWFjEgRmdWxsEgwKBGlNYWMSBGZ1bGwSDQoHQXBwbGVUVhICdHYSDgoFV2F0Y2gSBXdhdGNoGhEKCVBDU0VzY3JvdxIEZnVsbBoXCgRXaUZpEgRmdWxsEgJ0dhIFd2F0Y2gaGQoRU2FmYXJpQ3JlZGl0Q2FyZHMSBGZ1bGwiDAoEZnVsbBIEZnVsbCIUCgV3YXRjaBIEZnVsbBIFd2F0Y2giDgoCdHYSBGZ1bGwSAnR2",
46 plaintextPolicy: try! TPPolicyDocument(version: 1,
47 modelToCategory: [
48 ["prefix": "iPhone", "category": "full"],
49 ["prefix": "iPad", "category": "full"],
50 ["prefix": "Mac", "category": "full"],
51 ["prefix": "iMac", "category": "full"],
52 ["prefix": "AppleTV", "category": "tv"],
53 ["prefix": "Watch", "category": "watch"],
54 ],
55 categoriesByView: [
56 "PCSEscrow": ["full"],
57 "WiFi": ["full", "tv", "watch"],
58 "SafariCreditCards": ["full"],
59 ],
60 introducersByCategory: [
61 "full": ["full"],
62 "watch": ["full", "watch"],
63 "tv": ["full", "tv"],
64 ],
65 redactions: [:],
66 keyViewMapping: [],
67 hashAlgo: .SHA256)
68 ),
69
70 RawPolicy(
71 version: TPPolicyVersion(version: 2, hash: "SHA256:ZL1WBUCyO155rHBJQeghomCCKGmfjtS0jvsK+UEvx5o="),
72 policyData: "CAISDgoGaUN5Y2xlEgRmdWxsEg4KBmlQaG9uZRIEZnVsbBIMCgRpUGFkEgRmdWxsEgsKA01hYxIEZnVsbBIMCgRpTWFjEgRmdWxsEg0KB0FwcGxlVFYSAnR2Eg4KBVdhdGNoEgV3YXRjaBoRCglQQ1NFc2Nyb3cSBGZ1bGwaFwoEV2lGaRIEZnVsbBICdHYSBXdhdGNoGhkKEVNhZmFyaUNyZWRpdENhcmRzEgRmdWxsIgwKBGZ1bGwSBGZ1bGwiFAoFd2F0Y2gSBGZ1bGwSBXdhdGNoIg4KAnR2EgRmdWxsEgJ0dg==",
73 plaintextPolicy: try! TPPolicyDocument(version: 2,
74 modelToCategory: [
75 ["prefix": "iCycle", "category": "full"],
76 ["prefix": "iPhone", "category": "full"],
77 ["prefix": "iPad", "category": "full"],
78 ["prefix": "Mac", "category": "full"],
79 ["prefix": "iMac", "category": "full"],
80 ["prefix": "AppleTV", "category": "tv"],
81 ["prefix": "Watch", "category": "watch"],
82 ],
83 categoriesByView: [
84 "PCSEscrow": ["full"],
85 "WiFi": ["full", "tv", "watch"],
86 "SafariCreditCards": ["full"],
87 ],
88 introducersByCategory: [
89 "full": ["full"],
90 "tv": ["full", "tv"],
91 "watch": ["full", "watch"],
92 ],
93 redactions: [:],
94 keyViewMapping: [],
95 hashAlgo: .SHA256)
96 ),
97
98 RawPolicy(version: TPPolicyVersion(version: 3, hash: "SHA256:JZzazSuHXrUhiOfSgElsg6vYKpnvvEPVpciR8FewRWg="),
99 policyData: "CAMSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSCwoDTWFjEgRmdWxsEgwKBGlNYWMSBGZ1bGwSDQoHQXBwbGVUVhICdHYSDgoFV2F0Y2gSBXdhdGNoEhcKDkF1ZGlvQWNjZXNzb3J5EgVhdWRpbxocCg1EZXZpY2VQYWlyaW5nEgRmdWxsEgV3YXRjaBoXCghBcHBsZVBheRIEZnVsbBIFd2F0Y2gaJAoVUHJvdGVjdGVkQ2xvdWRTdG9yYWdlEgRmdWxsEgV3YXRjaBoXCghCYWNrc3RvcBIEZnVsbBIFd2F0Y2gaGQoKQXV0b1VubG9jaxIEZnVsbBIFd2F0Y2gaHwoQU2VjdXJlT2JqZWN0U3luYxIEZnVsbBIFd2F0Y2gaIAoRU2FmYXJpQ3JlZGl0Q2FyZHMSBGZ1bGwSBXdhdGNoGhMKBEhvbWUSBGZ1bGwSBXdhdGNoGh4KD1NhZmFyaVBhc3N3b3JkcxIEZnVsbBIFd2F0Y2gaGwoMQXBwbGljYXRpb25zEgRmdWxsEgV3YXRjaBoVCgZFbmdyYW0SBGZ1bGwSBXdhdGNoGi0KE0xpbWl0ZWRQZWVyc0FsbG93ZWQSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aFgoHTWFuYXRlZRIEZnVsbBIFd2F0Y2gaHgoEV2lGaRIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxoVCgZIZWFsdGgSBGZ1bGwSBXdhdGNoIhMKBGZ1bGwSBGZ1bGwSBXdhdGNoIhsKBWF1ZGlvEgRmdWxsEgV3YXRjaBIFYXVkaW8iFAoFd2F0Y2gSBGZ1bGwSBXdhdGNoIhUKAnR2EgRmdWxsEgV3YXRjaBICdHYyIgoWAAQiEgIEdndodAoKXkFwcGxlUGF5JBIIQXBwbGVQYXkyJgoYAAQiFAIEdndodAoMXkF1dG9VbmxvY2skEgpBdXRvVW5sb2NrMh4KFAAEIhACBHZ3aHQKCF5FbmdyYW0kEgZFbmdyYW0yHgoUAAQiEAIEdndodAoIXkhlYWx0aCQSBkhlYWx0aDIaChIABCIOAgR2d2h0CgZeSG9tZSQSBEhvbWUyIAoVAAQiEQIEdndodAoJXk1hbmF0ZWUkEgdNYW5hdGVlMjgKIQAEIh0CBHZ3aHQKFV5MaW1pdGVkUGVlcnNBbGxvd2VkJBITTGltaXRlZFBlZXJzQWxsb3dlZDJdClAAAhIeAAQiGgIEdndodAoSXkNvbnRpbnVpdHlVbmxvY2skEhUABCIRAgR2d2h0CgleSG9tZUtpdCQSFQAEIhECBHZ3aHQKCV5BcHBsZVRWJBIJTm90U3luY2VkMisKGwAEIhcCBGFncnAKD15bMC05QS1aXXsxMH1cLhIMQXBwbGljYXRpb25zMsUBCrABAAISNAABChMABCIPAgVjbGFzcwoGXmdlbnAkChsABCIXAgRhZ3JwCg9eY29tLmFwcGxlLnNiZCQSPQABChMABCIPAgVjbGFzcwoGXmtleXMkCiQABCIgAgRhZ3JwChheY29tLmFwcGxlLnNlY3VyaXR5LnNvcyQSGQAEIhUCBHZ3aHQKDV5CYWNrdXBCYWdWMCQSHAAEIhgCBHZ3aHQKEF5pQ2xvdWRJZGVudGl0eSQSEFNlY3VyZU9iamVjdFN5bmMyYwpbAAISEgAEIg4CBHZ3aHQKBl5XaUZpJBJDAAEKEwAEIg8CBWNsYXNzCgZeZ2VucCQKEwAEIg8CBGFncnAKB15hcHBsZSQKFQAEIhECBHN2Y2UKCV5BaXJQb3J0JBIEV2lGaTLbAgrBAgACEhkABCIVAgR2d2h0Cg1eUENTQ2xvdWRLaXQkEhcABCITAgR2d2h0CgteUENTRXNjcm93JBIUAAQiEAIEdndodAoIXlBDU0ZERSQSGQAEIhUCBHZ3aHQKDV5QQ1NGZWxkc3BhciQSGQAEIhUCBHZ3aHQKDV5QQ1NNYWlsRHJvcCQSGgAEIhYCBHZ3aHQKDl5QQ1NNYXN0ZXJLZXkkEhYABCISAgR2d2h0CgpeUENTTm90ZXMkEhcABCITAgR2d2h0CgteUENTUGhvdG9zJBIYAAQiFAIEdndodAoMXlBDU1NoYXJpbmckEh0ABCIZAgR2d2h0ChFeUENTaUNsb3VkQmFja3VwJBIcAAQiGAIEdndodAoQXlBDU2lDbG91ZERyaXZlJBIZAAQiFQIEdndodAoNXlBDU2lNZXNzYWdlJBIVUHJvdGVjdGVkQ2xvdWRTdG9yYWdlMkAKKwAEIicCBGFncnAKH15jb20uYXBwbGUuc2FmYXJpLmNyZWRpdC1jYXJkcyQSEVNhZmFyaUNyZWRpdENhcmRzMjQKIQAEIh0CBGFncnAKFV5jb20uYXBwbGUuY2ZuZXR3b3JrJBIPU2FmYXJpUGFzc3dvcmRzMm0KXAACEh4ABCIaAgR2d2h0ChJeQWNjZXNzb3J5UGFpcmluZyQSGgAEIhYCBHZ3aHQKDl5OYW5vUmVnaXN0cnkkEhwABCIYAgR2d2h0ChBeV2F0Y2hNaWdyYXRpb24kEg1EZXZpY2VQYWlyaW5nMi0KIQAEIh0CBGFncnAKFV5jb20uYXBwbGUuY2ZuZXR3b3JrJBIIQmFja3N0b3A=",
100 plaintextPolicy: try! TPPolicyDocument(version: 3,
101 modelToCategory: [
102 ["prefix": "iPhone", "category": "full"],
103 ["prefix": "iPad", "category": "full"],
104 ["prefix": "Mac", "category": "full"],
105 ["prefix": "iMac", "category": "full"],
106 ["prefix": "AppleTV", "category": "tv"],
107 ["prefix": "Watch", "category": "watch"],
108 ["prefix": "AudioAccessory", "category": "audio"],
109 ],
110 categoriesByView: [
111 "AutoUnlock": ["full", "watch"],
112 "ApplePay": ["full", "watch"],
113 "Engram": ["full", "watch"],
114 "Health": ["full", "watch"],
115 "Home": ["full", "watch"],
116 "LimitedPeersAllowed": ["full", "watch", "tv", "audio"],
117 "Manatee": ["full", "watch"],
118
119 "Applications": ["full", "watch"],
120 "SecureObjectSync": ["full", "watch"],
121 "WiFi": ["full", "watch", "tv", "audio"],
122 "ProtectedCloudStorage": ["full", "watch"],
123 "SafariCreditCards": ["full", "watch"],
124 "SafariPasswords": ["full", "watch"],
125 "DevicePairing": ["full", "watch"],
126 "Backstop": ["full", "watch"],
127 ],
128 introducersByCategory: [
129 "full": ["full", "watch"],
130 "watch": ["full", "watch"],
131 "tv": ["full", "watch", "tv"],
132 "audio": ["full", "watch", "audio"],
133 ],
134 redactions: [:],
135 keyViewMapping: [
136 TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")),
137 TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")),
138 TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")),
139 TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")),
140 TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")),
141 TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")),
142 TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")),
143
144 // These items will not be synced by Octagon
145 TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule:
146 TPDictionaryMatchingRule.orMatch([
147 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"),
148 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"),
149 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"),
150 ])),
151
152 TPPBPolicyKeyViewMapping(view: "Applications", matchingRule:
153 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")),
154
155 TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule:
156 TPDictionaryMatchingRule.orMatch([
157 TPDictionaryMatchingRule.andMatch([
158 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
159 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.sbd$"),
160 ]),
161 TPDictionaryMatchingRule.andMatch([
162 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"),
163 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.security.sos$"),
164 ]),
165 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"),
166 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"),
167 ])),
168
169 TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule:
170 TPDictionaryMatchingRule.orMatch([
171 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"),
172 TPDictionaryMatchingRule.andMatch([
173 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
174 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"),
175 TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"),
176 ]),
177 ])),
178
179 TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule:
180 TPDictionaryMatchingRule.orMatch([
181 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSCloudKit$"),
182 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSEscrow$"),
183 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSFDE$"),
184 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSFeldspar$"),
185 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSMailDrop$"),
186 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSMasterKey$"),
187 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSNotes$"),
188 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSPhotos$"),
189 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSSharing$"),
190 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSiCloudBackup$"),
191 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSiCloudDrive$"),
192 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSiMessage$"),
193 ])),
194
195 TPPBPolicyKeyViewMapping(view: "SafariCreditCards",
196 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.safari.credit-cards$")),
197
198 TPPBPolicyKeyViewMapping(view: "SafariPasswords",
199 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")),
200
201 TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule:
202 TPDictionaryMatchingRule.orMatch([
203 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"),
204 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"),
205 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"),
206 ])),
207
208 TPPBPolicyKeyViewMapping(view: "Backstop",
209 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")),
210 ],
211 hashAlgo: .SHA256)
212 ),
213 RawPolicy(version: TPPolicyVersion(version: 4, hash: "SHA256:Tjdu5QrWGvKWMx7k3VWFrEWSsBDPZAwCql9ybDkvFs8="),
214 policyData: "CAQSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSCwoDTWFjEgRmdWxsEgwKBGlNYWMSBGZ1bGwSDQoHQXBwbGVUVhICdHYSDgoFV2F0Y2gSBXdhdGNoEhcKDkF1ZGlvQWNjZXNzb3J5EgVhdWRpbxoTCgRIb21lEgRmdWxsEgV3YXRjaBobCgxBcHBsaWNhdGlvbnMSBGZ1bGwSBXdhdGNoGh4KBFdpRmkSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aGQoKQXV0b1VubG9jaxIEZnVsbBIFd2F0Y2gaFwoIQXBwbGVQYXkSBGZ1bGwSBXdhdGNoGhUKBkhlYWx0aBIEZnVsbBIFd2F0Y2gaFgoHTWFuYXRlZRIEZnVsbBIFd2F0Y2gaLQoTTGltaXRlZFBlZXJzQWxsb3dlZBIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxokChVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2USBGZ1bGwSBXdhdGNoGhgKCVBhc3N3b3JkcxIEZnVsbBIFd2F0Y2gaHAoNRGV2aWNlUGFpcmluZxIEZnVsbBIFd2F0Y2gaHwoQU2VjdXJlT2JqZWN0U3luYxIEZnVsbBIFd2F0Y2gaFQoGRW5ncmFtEgRmdWxsEgV3YXRjaBoaCgtDcmVkaXRDYXJkcxIEZnVsbBIFd2F0Y2giGwoFYXVkaW8SBGZ1bGwSBXdhdGNoEgVhdWRpbyITCgRmdWxsEgRmdWxsEgV3YXRjaCIUCgV3YXRjaBIEZnVsbBIFd2F0Y2giFQoCdHYSBGZ1bGwSBXdhdGNoEgJ0djIiChYABCISAgR2d2h0CgpeQXBwbGVQYXkkEghBcHBsZVBheTImChgABCIUAgR2d2h0CgxeQXV0b1VubG9jayQSCkF1dG9VbmxvY2syHgoUAAQiEAIEdndodAoIXkVuZ3JhbSQSBkVuZ3JhbTIeChQABCIQAgR2d2h0CgheSGVhbHRoJBIGSGVhbHRoMhoKEgAEIg4CBHZ3aHQKBl5Ib21lJBIESG9tZTIgChUABCIRAgR2d2h0CgleTWFuYXRlZSQSB01hbmF0ZWUyOAohAAQiHQIEdndodAoVXkxpbWl0ZWRQZWVyc0FsbG93ZWQkEhNMaW1pdGVkUGVlcnNBbGxvd2VkMl0KUAACEh4ABCIaAgR2d2h0ChJeQ29udGludWl0eVVubG9jayQSFQAEIhECBHZ3aHQKCV5Ib21lS2l0JBIVAAQiEQIEdndodAoJXkFwcGxlVFYkEglOb3RTeW5jZWQyKwobAAQiFwIEYWdycAoPXlswLTlBLVpdezEwfVwuEgxBcHBsaWNhdGlvbnMyxQEKsAEAAhI0AAEKEwAEIg8CBWNsYXNzCgZeZ2VucCQKGwAEIhcCBGFncnAKD15jb20uYXBwbGUuc2JkJBI9AAEKEwAEIg8CBWNsYXNzCgZea2V5cyQKJAAEIiACBGFncnAKGF5jb20uYXBwbGUuc2VjdXJpdHkuc29zJBIZAAQiFQIEdndodAoNXkJhY2t1cEJhZ1YwJBIcAAQiGAIEdndodAoQXmlDbG91ZElkZW50aXR5JBIQU2VjdXJlT2JqZWN0U3luYzJjClsAAhISAAQiDgIEdndodAoGXldpRmkkEkMAAQoTAAQiDwIFY2xhc3MKBl5nZW5wJAoTAAQiDwIEYWdycAoHXmFwcGxlJAoVAAQiEQIEc3ZjZQoJXkFpclBvcnQkEgRXaUZpMucCCs0CAAISGgAEIhYCBHZ3aHQKDl5QQ1MtQ2xvdWRLaXQkEhgABCIUAgR2d2h0CgxeUENTLUVzY3JvdyQSFQAEIhECBHZ3aHQKCV5QQ1MtRkRFJBIaAAQiFgIEdndodAoOXlBDUy1GZWxkc3BhciQSGgAEIhYCBHZ3aHQKDl5QQ1MtTWFpbERyb3AkEhsABCIXAgR2d2h0Cg9eUENTLU1hc3RlcktleSQSFwAEIhMCBHZ3aHQKC15QQ1MtTm90ZXMkEhgABCIUAgR2d2h0CgxeUENTLVBob3RvcyQSGQAEIhUCBHZ3aHQKDV5QQ1MtU2hhcmluZyQSHgAEIhoCBHZ3aHQKEl5QQ1MtaUNsb3VkQmFja3VwJBIdAAQiGQIEdndodAoRXlBDUy1pQ2xvdWREcml2ZSQSGgAEIhYCBHZ3aHQKDl5QQ1MtaU1lc3NhZ2UkEhVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2UyOgorAAQiJwIEYWdycAofXmNvbS5hcHBsZS5zYWZhcmkuY3JlZGl0LWNhcmRzJBILQ3JlZGl0Q2FyZHMyLgohAAQiHQIEYWdycAoVXmNvbS5hcHBsZS5jZm5ldHdvcmskEglQYXNzd29yZHMybQpcAAISHgAEIhoCBHZ3aHQKEl5BY2Nlc3NvcnlQYWlyaW5nJBIaAAQiFgIEdndodAoOXk5hbm9SZWdpc3RyeSQSHAAEIhgCBHZ3aHQKEF5XYXRjaE1pZ3JhdGlvbiQSDURldmljZVBhaXJpbmc=",
215 plaintextPolicy: try! TPPolicyDocument(version: 4,
216 modelToCategory: [
217 ["prefix": "iPhone", "category": "full"],
218 ["prefix": "iPad", "category": "full"],
219 ["prefix": "Mac", "category": "full"],
220 ["prefix": "iMac", "category": "full"],
221 ["prefix": "AppleTV", "category": "tv"],
222 ["prefix": "Watch", "category": "watch"],
223 ["prefix": "AudioAccessory", "category": "audio"],
224 ],
225 categoriesByView: [
226 "AutoUnlock": ["full", "watch"],
227 "ApplePay": ["full", "watch"],
228 "Engram": ["full", "watch"],
229 "Health": ["full", "watch"],
230 "Home": ["full", "watch"],
231 "LimitedPeersAllowed": ["full", "watch", "tv", "audio"],
232 "Manatee": ["full", "watch"],
233 "Applications": ["full", "watch"],
234 "SecureObjectSync": ["full", "watch"],
235 "WiFi": ["full", "watch", "tv", "audio"],
236 "ProtectedCloudStorage": ["full", "watch"],
237 "CreditCards": ["full", "watch"],
238 "Passwords": ["full", "watch"],
239 "DevicePairing": ["full", "watch"],
240 ],
241 introducersByCategory: [
242 "full": ["full", "watch"],
243 "watch": ["full", "watch"],
244 "tv": ["full", "watch", "tv"],
245 "audio": ["full", "watch", "audio"],
246 ],
247 redactions: [:],
248 keyViewMapping: [
249 TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")),
250 TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")),
251 TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")),
252 TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")),
253 TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")),
254 TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")),
255 TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")),
256
257 // These items will not be synced by Octagon
258 TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule:
259 TPDictionaryMatchingRule.orMatch([
260 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"),
261 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"),
262 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"),
263 ])),
264
265 TPPBPolicyKeyViewMapping(view: "Applications", matchingRule:
266 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")),
267
268 TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule:
269 TPDictionaryMatchingRule.orMatch([
270 TPDictionaryMatchingRule.andMatch([
271 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
272 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.sbd$"),
273 ]),
274 TPDictionaryMatchingRule.andMatch([
275 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"),
276 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.security.sos$"),
277 ]),
278 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"),
279 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"),
280 ])),
281
282 TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule:
283 TPDictionaryMatchingRule.orMatch([
284 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"),
285 TPDictionaryMatchingRule.andMatch([
286 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
287 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"),
288 TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"),
289 ]),
290 ])),
291
292 TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule:
293 TPDictionaryMatchingRule.orMatch([
294 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-CloudKit$"),
295 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Escrow$"),
296 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-FDE$"),
297 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Feldspar$"),
298 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MailDrop$"),
299 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MasterKey$"),
300 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Notes$"),
301 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Photos$"),
302 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Sharing$"),
303 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudBackup$"),
304 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudDrive$"),
305 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iMessage$"),
306 ])),
307
308 TPPBPolicyKeyViewMapping(view: "CreditCards",
309 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.safari.credit-cards$")),
310
311 TPPBPolicyKeyViewMapping(view: "Passwords",
312 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")),
313
314 TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule:
315 TPDictionaryMatchingRule.orMatch([
316 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"),
317 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"),
318 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"),
319 ])),
320 ],
321 hashAlgo: .SHA256)
322 ),
323
324 RawPolicy(version: TPPolicyVersion(version: 5, hash: "SHA256:O/ECQlWhvNlLmlDNh2+nal/yekUC87bXpV3k+6kznSo="),
325 policyData: "CAUSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSDAoEaVBvZBIEZnVsbBILCgNNYWMSBGZ1bGwSDAoEaU1hYxIEZnVsbBINCgdBcHBsZVRWEgJ0dhIOCgVXYXRjaBIFd2F0Y2gSFwoOQXVkaW9BY2Nlc3NvcnkSBWF1ZGlvGhsKDEFwcGxpY2F0aW9ucxIEZnVsbBIFd2F0Y2gaHwoQU2VjdXJlT2JqZWN0U3luYxIEZnVsbBIFd2F0Y2gaHAoNRGV2aWNlUGFpcmluZxIEZnVsbBIFd2F0Y2gaGgoLQ3JlZGl0Q2FyZHMSBGZ1bGwSBXdhdGNoGhUKBkhlYWx0aBIEZnVsbBIFd2F0Y2gaLQoTTGltaXRlZFBlZXJzQWxsb3dlZBIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxokChVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2USBGZ1bGwSBXdhdGNoGhcKCEFwcGxlUGF5EgRmdWxsEgV3YXRjaBoZCgpBdXRvVW5sb2NrEgRmdWxsEgV3YXRjaBoWCgdNYW5hdGVlEgRmdWxsEgV3YXRjaBoYCglQYXNzd29yZHMSBGZ1bGwSBXdhdGNoGhUKBkVuZ3JhbRIEZnVsbBIFd2F0Y2gaHgoEV2lGaRIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxoTCgRIb21lEgRmdWxsEgV3YXRjaCIbCgVhdWRpbxIEZnVsbBIFd2F0Y2gSBWF1ZGlvIhMKBGZ1bGwSBGZ1bGwSBXdhdGNoIhUKAnR2EgRmdWxsEgV3YXRjaBICdHYiFAoFd2F0Y2gSBGZ1bGwSBXdhdGNoMiIKFgAEIhICBHZ3aHQKCl5BcHBsZVBheSQSCEFwcGxlUGF5MiYKGAAEIhQCBHZ3aHQKDF5BdXRvVW5sb2NrJBIKQXV0b1VubG9jazIeChQABCIQAgR2d2h0CgheRW5ncmFtJBIGRW5ncmFtMh4KFAAEIhACBHZ3aHQKCF5IZWFsdGgkEgZIZWFsdGgyGgoSAAQiDgIEdndodAoGXkhvbWUkEgRIb21lMiAKFQAEIhECBHZ3aHQKCV5NYW5hdGVlJBIHTWFuYXRlZTI4CiEABCIdAgR2d2h0ChVeTGltaXRlZFBlZXJzQWxsb3dlZCQSE0xpbWl0ZWRQZWVyc0FsbG93ZWQyXQpQAAISHgAEIhoCBHZ3aHQKEl5Db250aW51aXR5VW5sb2NrJBIVAAQiEQIEdndodAoJXkhvbWVLaXQkEhUABCIRAgR2d2h0CgleQXBwbGVUViQSCU5vdFN5bmNlZDIrChsABCIXAgRhZ3JwCg9eWzAtOUEtWl17MTB9XC4SDEFwcGxpY2F0aW9uczLFAQqwAQACEjQAAQoTAAQiDwIFY2xhc3MKBl5nZW5wJAobAAQiFwIEYWdycAoPXmNvbS5hcHBsZS5zYmQkEj0AAQoTAAQiDwIFY2xhc3MKBl5rZXlzJAokAAQiIAIEYWdycAoYXmNvbS5hcHBsZS5zZWN1cml0eS5zb3MkEhkABCIVAgR2d2h0Cg1eQmFja3VwQmFnVjAkEhwABCIYAgR2d2h0ChBeaUNsb3VkSWRlbnRpdHkkEhBTZWN1cmVPYmplY3RTeW5jMmMKWwACEhIABCIOAgR2d2h0CgZeV2lGaSQSQwABChMABCIPAgVjbGFzcwoGXmdlbnAkChMABCIPAgRhZ3JwCgdeYXBwbGUkChUABCIRAgRzdmNlCgleQWlyUG9ydCQSBFdpRmkynQMKgwMAAhIYAAQiFAIEdndodAoMXlBDUy1CYWNrdXAkEhoABCIWAgR2d2h0Cg5eUENTLUNsb3VkS2l0JBIYAAQiFAIEdndodAoMXlBDUy1Fc2Nyb3ckEhUABCIRAgR2d2h0CgleUENTLUZERSQSGgAEIhYCBHZ3aHQKDl5QQ1MtRmVsZHNwYXIkEhoABCIWAgR2d2h0Cg5eUENTLU1haWxEcm9wJBIaAAQiFgIEdndodAoOXlBDUy1NYWlsZHJvcCQSGwAEIhcCBHZ3aHQKD15QQ1MtTWFzdGVyS2V5JBIXAAQiEwIEdndodAoLXlBDUy1Ob3RlcyQSGAAEIhQCBHZ3aHQKDF5QQ1MtUGhvdG9zJBIZAAQiFQIEdndodAoNXlBDUy1TaGFyaW5nJBIeAAQiGgIEdndodAoSXlBDUy1pQ2xvdWRCYWNrdXAkEh0ABCIZAgR2d2h0ChFeUENTLWlDbG91ZERyaXZlJBIaAAQiFgIEdndodAoOXlBDUy1pTWVzc2FnZSQSFVByb3RlY3RlZENsb3VkU3RvcmFnZTI6CisABCInAgRhZ3JwCh9eY29tLmFwcGxlLnNhZmFyaS5jcmVkaXQtY2FyZHMkEgtDcmVkaXRDYXJkczIuCiEABCIdAgRhZ3JwChVeY29tLmFwcGxlLmNmbmV0d29yayQSCVBhc3N3b3JkczJtClwAAhIeAAQiGgIEdndodAoSXkFjY2Vzc29yeVBhaXJpbmckEhoABCIWAgR2d2h0Cg5eTmFub1JlZ2lzdHJ5JBIcAAQiGAIEdndodAoQXldhdGNoTWlncmF0aW9uJBINRGV2aWNlUGFpcmluZzIOCgIABhIIQmFja3N0b3A=",
326 plaintextPolicy: try! TPPolicyDocument(version: 5,
327 modelToCategory: [
328 ["prefix": "iPhone", "category": "full"],
329 ["prefix": "iPad", "category": "full"],
330 ["prefix": "iPod", "category": "full"],
331 ["prefix": "Mac", "category": "full"],
332 ["prefix": "iMac", "category": "full"],
333 ["prefix": "AppleTV", "category": "tv"],
334 ["prefix": "Watch", "category": "watch"],
335 ["prefix": "AudioAccessory", "category": "audio"],
336 ],
337 categoriesByView: [
338 "AutoUnlock": ["full", "watch"],
339 "ApplePay": ["full", "watch"],
340 "Engram": ["full", "watch"],
341 "Health": ["full", "watch"],
342 "Home": ["full", "watch"],
343 "LimitedPeersAllowed": ["full", "watch", "tv", "audio"],
344 "Manatee": ["full", "watch"],
345 "Applications": ["full", "watch"],
346 "SecureObjectSync": ["full", "watch"],
347 "WiFi": ["full", "watch", "tv", "audio"],
348 "ProtectedCloudStorage": ["full", "watch"],
349 "CreditCards": ["full", "watch"],
350 "Passwords": ["full", "watch"],
351 "DevicePairing": ["full", "watch"],
352 ],
353 introducersByCategory: [
354 "full": ["full", "watch"],
355 "watch": ["full", "watch"],
356 "tv": ["full", "watch", "tv"],
357 "audio": ["full", "watch", "audio"],
358 ],
359 redactions: [:],
360 keyViewMapping: [
361 TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")),
362 TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")),
363 TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")),
364 TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")),
365 TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")),
366 TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")),
367 TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")),
368
369 // These items will not be synced by Octagon
370 TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule:
371 TPDictionaryMatchingRule.orMatch([
372 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"),
373 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"),
374 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"),
375 ])),
376
377 TPPBPolicyKeyViewMapping(view: "Applications", matchingRule:
378 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")),
379
380 TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule:
381 TPDictionaryMatchingRule.orMatch([
382 TPDictionaryMatchingRule.andMatch([
383 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
384 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.sbd$"),
385 ]),
386 TPDictionaryMatchingRule.andMatch([
387 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"),
388 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.security.sos$"),
389 ]),
390 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"),
391 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"),
392 ])),
393
394 TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule:
395 TPDictionaryMatchingRule.orMatch([
396 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"),
397 TPDictionaryMatchingRule.andMatch([
398 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
399 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"),
400 TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"),
401 ]),
402 ])),
403
404 TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule:
405 TPDictionaryMatchingRule.orMatch([
406 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Backup$"),
407 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-CloudKit$"),
408 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Escrow$"),
409 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-FDE$"),
410 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Feldspar$"),
411 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MailDrop$"),
412 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Maildrop$"),
413 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MasterKey$"),
414 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Notes$"),
415 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Photos$"),
416 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Sharing$"),
417 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudBackup$"),
418 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudDrive$"),
419 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iMessage$"),
420 ])),
421
422 TPPBPolicyKeyViewMapping(view: "CreditCards",
423 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.safari.credit-cards$")),
424
425 TPPBPolicyKeyViewMapping(view: "Passwords",
426 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")),
427
428 TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule:
429 TPDictionaryMatchingRule.orMatch([
430 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"),
431 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"),
432 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"),
433 ])),
434
435 TPPBPolicyKeyViewMapping(view: "Backstop", matchingRule:
436 TPDictionaryMatchingRule.trueMatch()),
437 ],
438 hashAlgo: .SHA256)
439 ),
440
441 RawPolicy(version: TPPolicyVersion(version: 6, hash: "SHA256:L2Px1aYyR1tgChe8dIyTBSmCHCWEFJirZ3ELMFXz2PY="),
442 policyData: "CAYSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSDAoEaVBvZBIEZnVsbBILCgNNYWMSBGZ1bGwSDAoEaU1hYxIEZnVsbBINCgdBcHBsZVRWEgJ0dhIOCgVXYXRjaBIFd2F0Y2gSFwoOQXVkaW9BY2Nlc3NvcnkSBWF1ZGlvGhoKC0NyZWRpdENhcmRzEgRmdWxsEgV3YXRjaBofChBTZWN1cmVPYmplY3RTeW5jEgRmdWxsEgV3YXRjaBoVCgZIZWFsdGgSBGZ1bGwSBXdhdGNoGhkKCkF1dG9VbmxvY2sSBGZ1bGwSBXdhdGNoGh4KBFdpRmkSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aHgoESG9tZRIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxokChVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2USBGZ1bGwSBXdhdGNoGi0KE0xpbWl0ZWRQZWVyc0FsbG93ZWQSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aGAoJUGFzc3dvcmRzEgRmdWxsEgV3YXRjaBobCgxBcHBsaWNhdGlvbnMSBGZ1bGwSBXdhdGNoGhwKDURldmljZVBhaXJpbmcSBGZ1bGwSBXdhdGNoGhcKCEFwcGxlUGF5EgRmdWxsEgV3YXRjaBoWCgdNYW5hdGVlEgRmdWxsEgV3YXRjaBoVCgZFbmdyYW0SBGZ1bGwSBXdhdGNoIhsKBWF1ZGlvEgRmdWxsEgV3YXRjaBIFYXVkaW8iFQoCdHYSBGZ1bGwSBXdhdGNoEgJ0diIUCgV3YXRjaBIEZnVsbBIFd2F0Y2giEwoEZnVsbBIEZnVsbBIFd2F0Y2gyIgoWAAQiEgIEdndodAoKXkFwcGxlUGF5JBIIQXBwbGVQYXkyJgoYAAQiFAIEdndodAoMXkF1dG9VbmxvY2skEgpBdXRvVW5sb2NrMh4KFAAEIhACBHZ3aHQKCF5FbmdyYW0kEgZFbmdyYW0yHgoUAAQiEAIEdndodAoIXkhlYWx0aCQSBkhlYWx0aDIaChIABCIOAgR2d2h0CgZeSG9tZSQSBEhvbWUyIAoVAAQiEQIEdndodAoJXk1hbmF0ZWUkEgdNYW5hdGVlMjgKIQAEIh0CBHZ3aHQKFV5MaW1pdGVkUGVlcnNBbGxvd2VkJBITTGltaXRlZFBlZXJzQWxsb3dlZDJdClAAAhIeAAQiGgIEdndodAoSXkNvbnRpbnVpdHlVbmxvY2skEhUABCIRAgR2d2h0CgleSG9tZUtpdCQSFQAEIhECBHZ3aHQKCV5BcHBsZVRWJBIJTm90U3luY2VkMisKGwAEIhcCBGFncnAKD15bMC05QS1aXXsxMH1cLhIMQXBwbGljYXRpb25zMsoBCrUBAAISNgABChMABCIPAgVjbGFzcwoGXmdlbnAkCh0ABCIZAgRhZ3JwChFeY29tXC5hcHBsZVwuc2JkJBJAAAEKEwAEIg8CBWNsYXNzCgZea2V5cyQKJwAEIiMCBGFncnAKG15jb21cLmFwcGxlXC5zZWN1cml0eVwuc29zJBIZAAQiFQIEdndodAoNXkJhY2t1cEJhZ1YwJBIcAAQiGAIEdndodAoQXmlDbG91ZElkZW50aXR5JBIQU2VjdXJlT2JqZWN0U3luYzJjClsAAhISAAQiDgIEdndodAoGXldpRmkkEkMAAQoTAAQiDwIFY2xhc3MKBl5nZW5wJAoTAAQiDwIEYWdycAoHXmFwcGxlJAoVAAQiEQIEc3ZjZQoJXkFpclBvcnQkEgRXaUZpMp0DCoMDAAISGAAEIhQCBHZ3aHQKDF5QQ1MtQmFja3VwJBIaAAQiFgIEdndodAoOXlBDUy1DbG91ZEtpdCQSGAAEIhQCBHZ3aHQKDF5QQ1MtRXNjcm93JBIVAAQiEQIEdndodAoJXlBDUy1GREUkEhoABCIWAgR2d2h0Cg5eUENTLUZlbGRzcGFyJBIaAAQiFgIEdndodAoOXlBDUy1NYWlsRHJvcCQSGgAEIhYCBHZ3aHQKDl5QQ1MtTWFpbGRyb3AkEhsABCIXAgR2d2h0Cg9eUENTLU1hc3RlcktleSQSFwAEIhMCBHZ3aHQKC15QQ1MtTm90ZXMkEhgABCIUAgR2d2h0CgxeUENTLVBob3RvcyQSGQAEIhUCBHZ3aHQKDV5QQ1MtU2hhcmluZyQSHgAEIhoCBHZ3aHQKEl5QQ1MtaUNsb3VkQmFja3VwJBIdAAQiGQIEdndodAoRXlBDUy1pQ2xvdWREcml2ZSQSGgAEIhYCBHZ3aHQKDl5QQ1MtaU1lc3NhZ2UkEhVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2UyPQouAAQiKgIEYWdycAoiXmNvbVwuYXBwbGVcLnNhZmFyaVwuY3JlZGl0LWNhcmRzJBILQ3JlZGl0Q2FyZHMyMAojAAQiHwIEYWdycAoXXmNvbVwuYXBwbGVcLmNmbmV0d29yayQSCVBhc3N3b3JkczJtClwAAhIeAAQiGgIEdndodAoSXkFjY2Vzc29yeVBhaXJpbmckEhoABCIWAgR2d2h0Cg5eTmFub1JlZ2lzdHJ5JBIcAAQiGAIEdndodAoQXldhdGNoTWlncmF0aW9uJBINRGV2aWNlUGFpcmluZzIOCgIABhIIQmFja3N0b3A=",
443 plaintextPolicy: try! TPPolicyDocument(version: 6,
444 modelToCategory: [
445 ["prefix": "iPhone", "category": "full"],
446 ["prefix": "iPad", "category": "full"],
447 ["prefix": "iPod", "category": "full"],
448 ["prefix": "Mac", "category": "full"],
449 ["prefix": "iMac", "category": "full"],
450 ["prefix": "AppleTV", "category": "tv"],
451 ["prefix": "Watch", "category": "watch"],
452 ["prefix": "AudioAccessory", "category": "audio"],
453 ],
454 categoriesByView: [
455 "AutoUnlock": ["full", "watch"],
456 "ApplePay": ["full", "watch"],
457 "Engram": ["full", "watch"],
458 "Health": ["full", "watch"],
459 "Home": ["full", "watch", "tv", "audio"],
460 "LimitedPeersAllowed": ["full", "watch", "tv", "audio"],
461 "Manatee": ["full", "watch"],
462 "Applications": ["full", "watch"],
463 "SecureObjectSync": ["full", "watch"],
464 "WiFi": ["full", "watch", "tv", "audio"],
465 "ProtectedCloudStorage": ["full", "watch"],
466 "CreditCards": ["full", "watch"],
467 "Passwords": ["full", "watch"],
468 "DevicePairing": ["full", "watch"],
469 ],
470 introducersByCategory: [
471 "full": ["full", "watch"],
472 "watch": ["full", "watch"],
473 "tv": ["full", "watch", "tv"],
474 "audio": ["full", "watch", "audio"],
475 ],
476 redactions: [:],
477 keyViewMapping: [
478 TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")),
479 TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")),
480 TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")),
481 TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")),
482 TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")),
483 TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")),
484 TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")),
485
486 // These items will not be synced by Octagon
487 TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule:
488 TPDictionaryMatchingRule.orMatch([
489 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"),
490 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"),
491 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"),
492 ])),
493
494 TPPBPolicyKeyViewMapping(view: "Applications", matchingRule:
495 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")),
496
497 TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule:
498 TPDictionaryMatchingRule.orMatch([
499 TPDictionaryMatchingRule.andMatch([
500 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
501 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com\\.apple\\.sbd$"),
502 ]),
503 TPDictionaryMatchingRule.andMatch([
504 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"),
505 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com\\.apple\\.security\\.sos$"),
506 ]),
507 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"),
508 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"),
509 ])),
510
511 TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule:
512 TPDictionaryMatchingRule.orMatch([
513 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"),
514 TPDictionaryMatchingRule.andMatch([
515 TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
516 TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"),
517 TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"),
518 ]),
519 ])),
520
521 TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule:
522 TPDictionaryMatchingRule.orMatch([
523 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Backup$"),
524 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-CloudKit$"),
525 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Escrow$"),
526 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-FDE$"),
527 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Feldspar$"),
528 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MailDrop$"),
529 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Maildrop$"),
530 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MasterKey$"),
531 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Notes$"),
532 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Photos$"),
533 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Sharing$"),
534 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudBackup$"),
535 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudDrive$"),
536 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iMessage$"),
537 ])),
538
539 TPPBPolicyKeyViewMapping(view: "CreditCards",
540 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com\\.apple\\.safari\\.credit-cards$")),
541
542 TPPBPolicyKeyViewMapping(view: "Passwords",
543 matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com\\.apple\\.cfnetwork$")),
544
545 TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule:
546 TPDictionaryMatchingRule.orMatch([
547 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"),
548 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"),
549 TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"),
550 ])),
551
552 TPPBPolicyKeyViewMapping(view: "Backstop", matchingRule:
553 TPDictionaryMatchingRule.trueMatch()),
554 ],
555 hashAlgo: .SHA256)
556 ),
557 ]
558 // swiftlint:enable force_try
559
560 assert(rawPolicies.filter { prevailingPolicyVersion.versionNumber == $0.version.versionNumber }.count == 1)
561
562 return rawPolicies.map { raw in
563 let data = Data(base64Encoded: raw.policyData)!
564 let doc = TPPolicyDocument.policyDoc(withHash: raw.version.policyHash, data: data)!
565
566 if(!doc.isEqual(to: raw.plaintextPolicy)) {
567 let bodyData = raw.plaintextPolicy.protobuf
568 let bodyBase64 = bodyData.base64EncodedString()
569 let hash = TPHashBuilder.hash(with: .SHA256, of: bodyData)
570 os_log("raw policy doesn't match encoded bytes, new hash would be: %{public}@ new data: %{public}@", log: tplogDebug, hash, bodyBase64)
571 }
572
573 assert(doc.version.versionNumber == raw.version.versionNumber)
574 if raw.version.versionNumber == prevailingPolicyVersion.versionNumber {
575 assert(prevailingPolicyVersion.policyHash == raw.version.policyHash)
576 }
577 assert(doc.isEqual(to: raw.plaintextPolicy))
578 return doc
579 }
580 }
mirror of Security