/* * Copyright (c) 2018 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. * * @APPLE_LICENSE_HEADER_END@ */ import Foundation struct RawPolicy { let policyVersion: Int let policyHash: String let policyData: String let plaintextPolicy: TPPolicyDocument } let prevailingPolicyVersion: UInt64 = 5 let prevailingPolicyHash: String = "SHA256:O/ECQlWhvNlLmlDNh2+nal/yekUC87bXpV3k+6kznSo=" func builtInPolicyDocuments() -> [TPPolicyDocument] { // These bytes are generated by tppolicy let rawPolicies = [ RawPolicy( policyVersion: 1, policyHash: "SHA256:TLXrcQmY4ue3oP5pCX1pwsi9BF8cKfohlJBilCroeBs=", policyData: "CAESDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSCwoDTWFjEgRmdWxsEgwKBGlNYWMSBGZ1bGwSDQoHQXBwbGVUVhICdHYSDgoFV2F0Y2gSBXdhdGNoGhEKCVBDU0VzY3JvdxIEZnVsbBoXCgRXaUZpEgRmdWxsEgJ0dhIFd2F0Y2gaGQoRU2FmYXJpQ3JlZGl0Q2FyZHMSBGZ1bGwiDAoEZnVsbBIEZnVsbCIUCgV3YXRjaBIEZnVsbBIFd2F0Y2giDgoCdHYSBGZ1bGwSAnR2", plaintextPolicy: try! TPPolicyDocument(version: 1, modelToCategory: [ ["prefix": "iPhone", "category": "full"], ["prefix": "iPad", "category": "full"], ["prefix": "Mac", "category": "full"], ["prefix": "iMac", "category": "full"], ["prefix": "AppleTV", "category": "tv"], ["prefix": "Watch", "category": "watch"], ], categoriesByView: [ "PCSEscrow": ["full"], "WiFi": ["full", "tv", "watch"], "SafariCreditCards": ["full"], ], introducersByCategory: [ "full": ["full"], "watch": ["full", "watch"], "tv": ["full", "tv"], ], redactions: [:], keyViewMapping: [], hashAlgo: .SHA256) ), RawPolicy( policyVersion: 2, policyHash: "SHA256:ZL1WBUCyO155rHBJQeghomCCKGmfjtS0jvsK+UEvx5o=", policyData: "CAISDgoGaUN5Y2xlEgRmdWxsEg4KBmlQaG9uZRIEZnVsbBIMCgRpUGFkEgRmdWxsEgsKA01hYxIEZnVsbBIMCgRpTWFjEgRmdWxsEg0KB0FwcGxlVFYSAnR2Eg4KBVdhdGNoEgV3YXRjaBoRCglQQ1NFc2Nyb3cSBGZ1bGwaFwoEV2lGaRIEZnVsbBICdHYSBXdhdGNoGhkKEVNhZmFyaUNyZWRpdENhcmRzEgRmdWxsIgwKBGZ1bGwSBGZ1bGwiFAoFd2F0Y2gSBGZ1bGwSBXdhdGNoIg4KAnR2EgRmdWxsEgJ0dg==", plaintextPolicy: try! TPPolicyDocument(version: 2, modelToCategory: [ ["prefix": "iCycle", "category": "full"], ["prefix": "iPhone", "category": "full"], ["prefix": "iPad", "category": "full"], ["prefix": "Mac", "category": "full"], ["prefix": "iMac", "category": "full"], ["prefix": "AppleTV", "category": "tv"], ["prefix": "Watch", "category": "watch"], ], categoriesByView: [ "PCSEscrow": ["full"], "WiFi": ["full", "tv", "watch"], "SafariCreditCards": ["full"], ], introducersByCategory: [ "full": ["full"], "tv": ["full", "tv"], "watch": ["full", "watch"], ], redactions: [:], keyViewMapping: [], hashAlgo: .SHA256) ), RawPolicy(policyVersion: 3, policyHash: "SHA256:JZzazSuHXrUhiOfSgElsg6vYKpnvvEPVpciR8FewRWg=", policyData: "CAMSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSCwoDTWFjEgRmdWxsEgwKBGlNYWMSBGZ1bGwSDQoHQXBwbGVUVhICdHYSDgoFV2F0Y2gSBXdhdGNoEhcKDkF1ZGlvQWNjZXNzb3J5EgVhdWRpbxocCg1EZXZpY2VQYWlyaW5nEgRmdWxsEgV3YXRjaBoXCghBcHBsZVBheRIEZnVsbBIFd2F0Y2gaJAoVUHJvdGVjdGVkQ2xvdWRTdG9yYWdlEgRmdWxsEgV3YXRjaBoXCghCYWNrc3RvcBIEZnVsbBIFd2F0Y2gaGQoKQXV0b1VubG9jaxIEZnVsbBIFd2F0Y2gaHwoQU2VjdXJlT2JqZWN0U3luYxIEZnVsbBIFd2F0Y2gaIAoRU2FmYXJpQ3JlZGl0Q2FyZHMSBGZ1bGwSBXdhdGNoGhMKBEhvbWUSBGZ1bGwSBXdhdGNoGh4KD1NhZmFyaVBhc3N3b3JkcxIEZnVsbBIFd2F0Y2gaGwoMQXBwbGljYXRpb25zEgRmdWxsEgV3YXRjaBoVCgZFbmdyYW0SBGZ1bGwSBXdhdGNoGi0KE0xpbWl0ZWRQZWVyc0FsbG93ZWQSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aFgoHTWFuYXRlZRIEZnVsbBIFd2F0Y2gaHgoEV2lGaRIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxoVCgZIZWFsdGgSBGZ1bGwSBXdhdGNoIhMKBGZ1bGwSBGZ1bGwSBXdhdGNoIhsKBWF1ZGlvEgRmdWxsEgV3YXRjaBIFYXVkaW8iFAoFd2F0Y2gSBGZ1bGwSBXdhdGNoIhUKAnR2EgRmdWxsEgV3YXRjaBICdHYyIgoWAAQiEgIEdndodAoKXkFwcGxlUGF5JBIIQXBwbGVQYXkyJgoYAAQiFAIEdndodAoMXkF1dG9VbmxvY2skEgpBdXRvVW5sb2NrMh4KFAAEIhACBHZ3aHQKCF5FbmdyYW0kEgZFbmdyYW0yHgoUAAQiEAIEdndodAoIXkhlYWx0aCQSBkhlYWx0aDIaChIABCIOAgR2d2h0CgZeSG9tZSQSBEhvbWUyIAoVAAQiEQIEdndodAoJXk1hbmF0ZWUkEgdNYW5hdGVlMjgKIQAEIh0CBHZ3aHQKFV5MaW1pdGVkUGVlcnNBbGxvd2VkJBITTGltaXRlZFBlZXJzQWxsb3dlZDJdClAAAhIeAAQiGgIEdndodAoSXkNvbnRpbnVpdHlVbmxvY2skEhUABCIRAgR2d2h0CgleSG9tZUtpdCQSFQAEIhECBHZ3aHQKCV5BcHBsZVRWJBIJTm90U3luY2VkMisKGwAEIhcCBGFncnAKD15bMC05QS1aXXsxMH1cLhIMQXBwbGljYXRpb25zMsUBCrABAAISNAABChMABCIPAgVjbGFzcwoGXmdlbnAkChsABCIXAgRhZ3JwCg9eY29tLmFwcGxlLnNiZCQSPQABChMABCIPAgVjbGFzcwoGXmtleXMkCiQABCIgAgRhZ3JwChheY29tLmFwcGxlLnNlY3VyaXR5LnNvcyQSGQAEIhUCBHZ3aHQKDV5CYWNrdXBCYWdWMCQSHAAEIhgCBHZ3aHQKEF5pQ2xvdWRJZGVudGl0eSQSEFNlY3VyZU9iamVjdFN5bmMyYwpbAAISEgAEIg4CBHZ3aHQKBl5XaUZpJBJDAAEKEwAEIg8CBWNsYXNzCgZeZ2VucCQKEwAEIg8CBGFncnAKB15hcHBsZSQKFQAEIhECBHN2Y2UKCV5BaXJQb3J0JBIEV2lGaTLbAgrBAgACEhkABCIVAgR2d2h0Cg1eUENTQ2xvdWRLaXQkEhcABCITAgR2d2h0CgteUENTRXNjcm93JBIUAAQiEAIEdndodAoIXlBDU0ZERSQSGQAEIhUCBHZ3aHQKDV5QQ1NGZWxkc3BhciQSGQAEIhUCBHZ3aHQKDV5QQ1NNYWlsRHJvcCQSGgAEIhYCBHZ3aHQKDl5QQ1NNYXN0ZXJLZXkkEhYABCISAgR2d2h0CgpeUENTTm90ZXMkEhcABCITAgR2d2h0CgteUENTUGhvdG9zJBIYAAQiFAIEdndodAoMXlBDU1NoYXJpbmckEh0ABCIZAgR2d2h0ChFeUENTaUNsb3VkQmFja3VwJBIcAAQiGAIEdndodAoQXlBDU2lDbG91ZERyaXZlJBIZAAQiFQIEdndodAoNXlBDU2lNZXNzYWdlJBIVUHJvdGVjdGVkQ2xvdWRTdG9yYWdlMkAKKwAEIicCBGFncnAKH15jb20uYXBwbGUuc2FmYXJpLmNyZWRpdC1jYXJkcyQSEVNhZmFyaUNyZWRpdENhcmRzMjQKIQAEIh0CBGFncnAKFV5jb20uYXBwbGUuY2ZuZXR3b3JrJBIPU2FmYXJpUGFzc3dvcmRzMm0KXAACEh4ABCIaAgR2d2h0ChJeQWNjZXNzb3J5UGFpcmluZyQSGgAEIhYCBHZ3aHQKDl5OYW5vUmVnaXN0cnkkEhwABCIYAgR2d2h0ChBeV2F0Y2hNaWdyYXRpb24kEg1EZXZpY2VQYWlyaW5nMi0KIQAEIh0CBGFncnAKFV5jb20uYXBwbGUuY2ZuZXR3b3JrJBIIQmFja3N0b3A=", plaintextPolicy: try! TPPolicyDocument(version: 3, modelToCategory: [ ["prefix": "iPhone", "category": "full"], ["prefix": "iPad", "category": "full"], ["prefix": "Mac", "category": "full"], ["prefix": "iMac", "category": "full"], ["prefix": "AppleTV", "category": "tv"], ["prefix": "Watch", "category": "watch"], ["prefix": "AudioAccessory", "category": "audio"], ], categoriesByView: [ "AutoUnlock": ["full", "watch"], "ApplePay": ["full", "watch"], "Engram": ["full", "watch"], "Health": ["full", "watch"], "Home": ["full", "watch"], "LimitedPeersAllowed": ["full", "watch", "tv", "audio"], "Manatee": ["full", "watch"], "Applications": ["full", "watch"], "SecureObjectSync": ["full", "watch"], "WiFi": ["full", "watch", "tv", "audio"], "ProtectedCloudStorage": ["full", "watch"], "SafariCreditCards": ["full", "watch"], "SafariPasswords": ["full", "watch"], "DevicePairing": ["full", "watch"], "Backstop": ["full", "watch"], ], introducersByCategory: [ "full": ["full", "watch"], "watch": ["full", "watch"], "tv": ["full", "watch", "tv"], "audio": ["full", "watch", "audio"], ], redactions: [:], keyViewMapping: [ TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")), TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")), TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")), TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")), TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")), TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")), TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")), // These items will not be synced by Octagon TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"), ])), TPPBPolicyKeyViewMapping(view: "Applications", matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")), TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.andMatch([ TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"), TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.sbd$"), ]), TPDictionaryMatchingRule.andMatch([ TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"), TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.security.sos$"), ]), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"), ])), TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"), TPDictionaryMatchingRule.andMatch([ TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"), TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"), TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"), ]), ])), TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSCloudKit$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSEscrow$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSFDE$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSFeldspar$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSMailDrop$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSMasterKey$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSNotes$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSPhotos$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSSharing$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSiCloudBackup$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSiCloudDrive$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSiMessage$"), ])), TPPBPolicyKeyViewMapping(view: "SafariCreditCards", matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.safari.credit-cards$")), TPPBPolicyKeyViewMapping(view: "SafariPasswords", matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")), TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"), ])), TPPBPolicyKeyViewMapping(view: "Backstop", matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")), ], hashAlgo: .SHA256) ), RawPolicy(policyVersion: 4, policyHash: "SHA256:Tjdu5QrWGvKWMx7k3VWFrEWSsBDPZAwCql9ybDkvFs8=", policyData: "CAQSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSCwoDTWFjEgRmdWxsEgwKBGlNYWMSBGZ1bGwSDQoHQXBwbGVUVhICdHYSDgoFV2F0Y2gSBXdhdGNoEhcKDkF1ZGlvQWNjZXNzb3J5EgVhdWRpbxoTCgRIb21lEgRmdWxsEgV3YXRjaBobCgxBcHBsaWNhdGlvbnMSBGZ1bGwSBXdhdGNoGh4KBFdpRmkSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aGQoKQXV0b1VubG9jaxIEZnVsbBIFd2F0Y2gaFwoIQXBwbGVQYXkSBGZ1bGwSBXdhdGNoGhUKBkhlYWx0aBIEZnVsbBIFd2F0Y2gaFgoHTWFuYXRlZRIEZnVsbBIFd2F0Y2gaLQoTTGltaXRlZFBlZXJzQWxsb3dlZBIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxokChVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2USBGZ1bGwSBXdhdGNoGhgKCVBhc3N3b3JkcxIEZnVsbBIFd2F0Y2gaHAoNRGV2aWNlUGFpcmluZxIEZnVsbBIFd2F0Y2gaHwoQU2VjdXJlT2JqZWN0U3luYxIEZnVsbBIFd2F0Y2gaFQoGRW5ncmFtEgRmdWxsEgV3YXRjaBoaCgtDcmVkaXRDYXJkcxIEZnVsbBIFd2F0Y2giGwoFYXVkaW8SBGZ1bGwSBXdhdGNoEgVhdWRpbyITCgRmdWxsEgRmdWxsEgV3YXRjaCIUCgV3YXRjaBIEZnVsbBIFd2F0Y2giFQoCdHYSBGZ1bGwSBXdhdGNoEgJ0djIiChYABCISAgR2d2h0CgpeQXBwbGVQYXkkEghBcHBsZVBheTImChgABCIUAgR2d2h0CgxeQXV0b1VubG9jayQSCkF1dG9VbmxvY2syHgoUAAQiEAIEdndodAoIXkVuZ3JhbSQSBkVuZ3JhbTIeChQABCIQAgR2d2h0CgheSGVhbHRoJBIGSGVhbHRoMhoKEgAEIg4CBHZ3aHQKBl5Ib21lJBIESG9tZTIgChUABCIRAgR2d2h0CgleTWFuYXRlZSQSB01hbmF0ZWUyOAohAAQiHQIEdndodAoVXkxpbWl0ZWRQZWVyc0FsbG93ZWQkEhNMaW1pdGVkUGVlcnNBbGxvd2VkMl0KUAACEh4ABCIaAgR2d2h0ChJeQ29udGludWl0eVVubG9jayQSFQAEIhECBHZ3aHQKCV5Ib21lS2l0JBIVAAQiEQIEdndodAoJXkFwcGxlVFYkEglOb3RTeW5jZWQyKwobAAQiFwIEYWdycAoPXlswLTlBLVpdezEwfVwuEgxBcHBsaWNhdGlvbnMyxQEKsAEAAhI0AAEKEwAEIg8CBWNsYXNzCgZeZ2VucCQKGwAEIhcCBGFncnAKD15jb20uYXBwbGUuc2JkJBI9AAEKEwAEIg8CBWNsYXNzCgZea2V5cyQKJAAEIiACBGFncnAKGF5jb20uYXBwbGUuc2VjdXJpdHkuc29zJBIZAAQiFQIEdndodAoNXkJhY2t1cEJhZ1YwJBIcAAQiGAIEdndodAoQXmlDbG91ZElkZW50aXR5JBIQU2VjdXJlT2JqZWN0U3luYzJjClsAAhISAAQiDgIEdndodAoGXldpRmkkEkMAAQoTAAQiDwIFY2xhc3MKBl5nZW5wJAoTAAQiDwIEYWdycAoHXmFwcGxlJAoVAAQiEQIEc3ZjZQoJXkFpclBvcnQkEgRXaUZpMucCCs0CAAISGgAEIhYCBHZ3aHQKDl5QQ1MtQ2xvdWRLaXQkEhgABCIUAgR2d2h0CgxeUENTLUVzY3JvdyQSFQAEIhECBHZ3aHQKCV5QQ1MtRkRFJBIaAAQiFgIEdndodAoOXlBDUy1GZWxkc3BhciQSGgAEIhYCBHZ3aHQKDl5QQ1MtTWFpbERyb3AkEhsABCIXAgR2d2h0Cg9eUENTLU1hc3RlcktleSQSFwAEIhMCBHZ3aHQKC15QQ1MtTm90ZXMkEhgABCIUAgR2d2h0CgxeUENTLVBob3RvcyQSGQAEIhUCBHZ3aHQKDV5QQ1MtU2hhcmluZyQSHgAEIhoCBHZ3aHQKEl5QQ1MtaUNsb3VkQmFja3VwJBIdAAQiGQIEdndodAoRXlBDUy1pQ2xvdWREcml2ZSQSGgAEIhYCBHZ3aHQKDl5QQ1MtaU1lc3NhZ2UkEhVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2UyOgorAAQiJwIEYWdycAofXmNvbS5hcHBsZS5zYWZhcmkuY3JlZGl0LWNhcmRzJBILQ3JlZGl0Q2FyZHMyLgohAAQiHQIEYWdycAoVXmNvbS5hcHBsZS5jZm5ldHdvcmskEglQYXNzd29yZHMybQpcAAISHgAEIhoCBHZ3aHQKEl5BY2Nlc3NvcnlQYWlyaW5nJBIaAAQiFgIEdndodAoOXk5hbm9SZWdpc3RyeSQSHAAEIhgCBHZ3aHQKEF5XYXRjaE1pZ3JhdGlvbiQSDURldmljZVBhaXJpbmc=", plaintextPolicy: try! TPPolicyDocument(version: 4, modelToCategory: [ ["prefix": "iPhone", "category": "full"], ["prefix": "iPad", "category": "full"], ["prefix": "Mac", "category": "full"], ["prefix": "iMac", "category": "full"], ["prefix": "AppleTV", "category": "tv"], ["prefix": "Watch", "category": "watch"], ["prefix": "AudioAccessory", "category": "audio"], ], categoriesByView: [ "AutoUnlock": ["full", "watch"], "ApplePay": ["full", "watch"], "Engram": ["full", "watch"], "Health": ["full", "watch"], "Home": ["full", "watch"], "LimitedPeersAllowed": ["full", "watch", "tv", "audio"], "Manatee": ["full", "watch"], "Applications": ["full", "watch"], "SecureObjectSync": ["full", "watch"], "WiFi": ["full", "watch", "tv", "audio"], "ProtectedCloudStorage": ["full", "watch"], "CreditCards": ["full", "watch"], "Passwords": ["full", "watch"], "DevicePairing": ["full", "watch"], ], introducersByCategory: [ "full": ["full", "watch"], "watch": ["full", "watch"], "tv": ["full", "watch", "tv"], "audio": ["full", "watch", "audio"], ], redactions: [:], keyViewMapping: [ TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")), TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")), TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")), TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")), TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")), TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")), TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")), // These items will not be synced by Octagon TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"), ])), TPPBPolicyKeyViewMapping(view: "Applications", matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")), TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.andMatch([ TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"), TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.sbd$"), ]), TPDictionaryMatchingRule.andMatch([ TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"), TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.security.sos$"), ]), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"), ])), TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"), TPDictionaryMatchingRule.andMatch([ TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"), TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"), TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"), ]), ])), TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-CloudKit$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Escrow$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-FDE$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Feldspar$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MailDrop$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MasterKey$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Notes$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Photos$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Sharing$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudBackup$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudDrive$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iMessage$"), ])), TPPBPolicyKeyViewMapping(view: "CreditCards", matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.safari.credit-cards$")), TPPBPolicyKeyViewMapping(view: "Passwords", matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")), TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"), ])), ], hashAlgo: .SHA256) ), RawPolicy(policyVersion: 5, policyHash: "SHA256:O/ECQlWhvNlLmlDNh2+nal/yekUC87bXpV3k+6kznSo=", policyData: "CAUSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSDAoEaVBvZBIEZnVsbBILCgNNYWMSBGZ1bGwSDAoEaU1hYxIEZnVsbBINCgdBcHBsZVRWEgJ0dhIOCgVXYXRjaBIFd2F0Y2gSFwoOQXVkaW9BY2Nlc3NvcnkSBWF1ZGlvGhsKDEFwcGxpY2F0aW9ucxIEZnVsbBIFd2F0Y2gaHwoQU2VjdXJlT2JqZWN0U3luYxIEZnVsbBIFd2F0Y2gaHAoNRGV2aWNlUGFpcmluZxIEZnVsbBIFd2F0Y2gaGgoLQ3JlZGl0Q2FyZHMSBGZ1bGwSBXdhdGNoGhUKBkhlYWx0aBIEZnVsbBIFd2F0Y2gaLQoTTGltaXRlZFBlZXJzQWxsb3dlZBIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxokChVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2USBGZ1bGwSBXdhdGNoGhcKCEFwcGxlUGF5EgRmdWxsEgV3YXRjaBoZCgpBdXRvVW5sb2NrEgRmdWxsEgV3YXRjaBoWCgdNYW5hdGVlEgRmdWxsEgV3YXRjaBoYCglQYXNzd29yZHMSBGZ1bGwSBXdhdGNoGhUKBkVuZ3JhbRIEZnVsbBIFd2F0Y2gaHgoEV2lGaRIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxoTCgRIb21lEgRmdWxsEgV3YXRjaCIbCgVhdWRpbxIEZnVsbBIFd2F0Y2gSBWF1ZGlvIhMKBGZ1bGwSBGZ1bGwSBXdhdGNoIhUKAnR2EgRmdWxsEgV3YXRjaBICdHYiFAoFd2F0Y2gSBGZ1bGwSBXdhdGNoMiIKFgAEIhICBHZ3aHQKCl5BcHBsZVBheSQSCEFwcGxlUGF5MiYKGAAEIhQCBHZ3aHQKDF5BdXRvVW5sb2NrJBIKQXV0b1VubG9jazIeChQABCIQAgR2d2h0CgheRW5ncmFtJBIGRW5ncmFtMh4KFAAEIhACBHZ3aHQKCF5IZWFsdGgkEgZIZWFsdGgyGgoSAAQiDgIEdndodAoGXkhvbWUkEgRIb21lMiAKFQAEIhECBHZ3aHQKCV5NYW5hdGVlJBIHTWFuYXRlZTI4CiEABCIdAgR2d2h0ChVeTGltaXRlZFBlZXJzQWxsb3dlZCQSE0xpbWl0ZWRQZWVyc0FsbG93ZWQyXQpQAAISHgAEIhoCBHZ3aHQKEl5Db250aW51aXR5VW5sb2NrJBIVAAQiEQIEdndodAoJXkhvbWVLaXQkEhUABCIRAgR2d2h0CgleQXBwbGVUViQSCU5vdFN5bmNlZDIrChsABCIXAgRhZ3JwCg9eWzAtOUEtWl17MTB9XC4SDEFwcGxpY2F0aW9uczLFAQqwAQACEjQAAQoTAAQiDwIFY2xhc3MKBl5nZW5wJAobAAQiFwIEYWdycAoPXmNvbS5hcHBsZS5zYmQkEj0AAQoTAAQiDwIFY2xhc3MKBl5rZXlzJAokAAQiIAIEYWdycAoYXmNvbS5hcHBsZS5zZWN1cml0eS5zb3MkEhkABCIVAgR2d2h0Cg1eQmFja3VwQmFnVjAkEhwABCIYAgR2d2h0ChBeaUNsb3VkSWRlbnRpdHkkEhBTZWN1cmVPYmplY3RTeW5jMmMKWwACEhIABCIOAgR2d2h0CgZeV2lGaSQSQwABChMABCIPAgVjbGFzcwoGXmdlbnAkChMABCIPAgRhZ3JwCgdeYXBwbGUkChUABCIRAgRzdmNlCgleQWlyUG9ydCQSBFdpRmkynQMKgwMAAhIYAAQiFAIEdndodAoMXlBDUy1CYWNrdXAkEhoABCIWAgR2d2h0Cg5eUENTLUNsb3VkS2l0JBIYAAQiFAIEdndodAoMXlBDUy1Fc2Nyb3ckEhUABCIRAgR2d2h0CgleUENTLUZERSQSGgAEIhYCBHZ3aHQKDl5QQ1MtRmVsZHNwYXIkEhoABCIWAgR2d2h0Cg5eUENTLU1haWxEcm9wJBIaAAQiFgIEdndodAoOXlBDUy1NYWlsZHJvcCQSGwAEIhcCBHZ3aHQKD15QQ1MtTWFzdGVyS2V5JBIXAAQiEwIEdndodAoLXlBDUy1Ob3RlcyQSGAAEIhQCBHZ3aHQKDF5QQ1MtUGhvdG9zJBIZAAQiFQIEdndodAoNXlBDUy1TaGFyaW5nJBIeAAQiGgIEdndodAoSXlBDUy1pQ2xvdWRCYWNrdXAkEh0ABCIZAgR2d2h0ChFeUENTLWlDbG91ZERyaXZlJBIaAAQiFgIEdndodAoOXlBDUy1pTWVzc2FnZSQSFVByb3RlY3RlZENsb3VkU3RvcmFnZTI6CisABCInAgRhZ3JwCh9eY29tLmFwcGxlLnNhZmFyaS5jcmVkaXQtY2FyZHMkEgtDcmVkaXRDYXJkczIuCiEABCIdAgRhZ3JwChVeY29tLmFwcGxlLmNmbmV0d29yayQSCVBhc3N3b3JkczJtClwAAhIeAAQiGgIEdndodAoSXkFjY2Vzc29yeVBhaXJpbmckEhoABCIWAgR2d2h0Cg5eTmFub1JlZ2lzdHJ5JBIcAAQiGAIEdndodAoQXldhdGNoTWlncmF0aW9uJBINRGV2aWNlUGFpcmluZzIOCgIABhIIQmFja3N0b3A=", plaintextPolicy: try! TPPolicyDocument(version: 5, modelToCategory: [ ["prefix": "iPhone", "category": "full"], ["prefix": "iPad", "category": "full"], ["prefix": "iPod", "category": "full"], ["prefix": "Mac", "category": "full"], ["prefix": "iMac", "category": "full"], ["prefix": "AppleTV", "category": "tv"], ["prefix": "Watch", "category": "watch"], ["prefix": "AudioAccessory", "category": "audio"], ], categoriesByView: [ "AutoUnlock": ["full", "watch"], "ApplePay": ["full", "watch"], "Engram": ["full", "watch"], "Health": ["full", "watch"], "Home": ["full", "watch"], "LimitedPeersAllowed": ["full", "watch", "tv", "audio"], "Manatee": ["full", "watch"], "Applications": ["full", "watch"], "SecureObjectSync": ["full", "watch"], "WiFi": ["full", "watch", "tv", "audio"], "ProtectedCloudStorage": ["full", "watch"], "CreditCards": ["full", "watch"], "Passwords": ["full", "watch"], "DevicePairing": ["full", "watch"], ], introducersByCategory: [ "full": ["full", "watch"], "watch": ["full", "watch"], "tv": ["full", "watch", "tv"], "audio": ["full", "watch", "audio"], ], redactions: [:], keyViewMapping: [ TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")), TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")), TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")), TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")), TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")), TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")), TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")), // These items will not be synced by Octagon TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"), ])), TPPBPolicyKeyViewMapping(view: "Applications", matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")), TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.andMatch([ TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"), TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.sbd$"), ]), TPDictionaryMatchingRule.andMatch([ TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"), TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.security.sos$"), ]), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"), ])), TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"), TPDictionaryMatchingRule.andMatch([ TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"), TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"), TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"), ]), ])), TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Backup$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-CloudKit$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Escrow$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-FDE$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Feldspar$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MailDrop$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Maildrop$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MasterKey$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Notes$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Photos$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Sharing$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudBackup$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudDrive$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iMessage$"), ])), TPPBPolicyKeyViewMapping(view: "CreditCards", matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.safari.credit-cards$")), TPPBPolicyKeyViewMapping(view: "Passwords", matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")), TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule: TPDictionaryMatchingRule.orMatch([ TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"), TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"), ])), TPPBPolicyKeyViewMapping(view: "Backstop", matchingRule: TPDictionaryMatchingRule.trueMatch()), ], hashAlgo: .SHA256) ), ] assert(rawPolicies.filter { prevailingPolicyVersion == $0.policyVersion }.count == 1) return rawPolicies.map { raw in let data = Data(base64Encoded: raw.policyData)! let doc = TPPolicyDocument.policyDoc(withHash: raw.policyHash, data: data)! assert(doc.policyVersion == raw.policyVersion) if raw.policyVersion == prevailingPolicyVersion { assert(prevailingPolicyHash == raw.policyHash) } assert(doc.isEqual(to: raw.plaintextPolicy)) return doc } }