]>
git.saurik.com Git - apple/security.git/blob - Security/libsecurity_codesigning/gke/gkclear
3 # gkclear - clear system state for Gatekeeper recording sessions
5 # This removes DetachedSignatures, resets SystemPolicy, and removes existing gke files.
19 print >>sys
.stderr
, "Usage: %s" % sys
.argv
[0]
23 print >>sys
.stderr
, "%s: %s" % (sys
.argv
[0], whatever
)
30 if len(sys
.argv
) != 1:
38 detachedsignatures
= db
+ "DetachedSignatures"
39 gkeauth
= db
+ "gke.auth"
40 gkesigs
= db
+ "gke.sigs"
41 policydb
= db
+ "SystemPolicy"
42 policydb_default
= db
+ ".SystemPolicy-default"
47 fail("Must have root privileges")
51 # Make sure Gatekeeper is disabled
53 subprocess
.check_call(["/usr/sbin/spctl", "--master-disable"])
57 # Clear detached signatures database
59 for file in [detachedsignatures
, gkeauth
, gkesigs
]:
63 if e
[0] != errno
.ENOENT
:
68 # Reset system policy to default values
70 shutil
.copyfile(policydb_default
, policydb
)
74 # Kill any extant syspolicyd to flush state
76 null
= open("/dev/null", "w")
77 subprocess
.call(["/usr/bin/killall", "syspolicyd"], stderr
=null
)
83 print "System state has been reset."