]> git.saurik.com Git - apple/security.git/blob - Security/libsecurity_codesigning/gke/gkclear
Security-57031.20.26.tar.gz
[apple/security.git] / Security / libsecurity_codesigning / gke / gkclear
1 #!/usr/bin/python
2 #
3 # gkclear - clear system state for Gatekeeper recording sessions
4 #
5 # This removes DetachedSignatures, resets SystemPolicy, and removes existing gke files.
6 #
7 import sys
8 import os
9 import signal
10 import errno
11 import subprocess
12 import shutil
13
14
15 #
16 # Usage and fail
17 #
18 def usage():
19 print >>sys.stderr, "Usage: %s" % sys.argv[0]
20 sys.exit(2)
21
22 def fail(whatever):
23 print >>sys.stderr, "%s: %s" % (sys.argv[0], whatever)
24 sys.exit(1)
25
26
27 #
28 # Argument processing
29 #
30 if len(sys.argv) != 1:
31 usage()
32
33
34 #
35 # Places and things
36 #
37 db = "/var/db/"
38 detachedsignatures = db + "DetachedSignatures"
39 gkeauth = db + "gke.auth"
40 gkesigs = db + "gke.sigs"
41 policydb = db + "SystemPolicy"
42 policydb_default = db + ".SystemPolicy-default"
43
44
45 # must be root
46 if os.getuid() != 0:
47 fail("Must have root privileges")
48
49
50 #
51 # Make sure Gatekeeper is disabled
52 #
53 subprocess.check_call(["/usr/sbin/spctl", "--master-disable"])
54
55
56 #
57 # Clear detached signatures database
58 #
59 for file in [detachedsignatures, gkeauth, gkesigs]:
60 try:
61 os.remove(file)
62 except OSError, e:
63 if e[0] != errno.ENOENT:
64 raise
65
66
67 #
68 # Reset system policy to default values
69 #
70 shutil.copyfile(policydb_default, policydb)
71
72
73 #
74 # Kill any extant syspolicyd to flush state
75 #
76 null = open("/dev/null", "w")
77 subprocess.call(["/usr/bin/killall", "syspolicyd"], stderr=null)
78
79
80 #
81 # Done
82 #
83 print "System state has been reset."
84 sys.exit(0)