---
--- Copyright (c) 2011-2012 Apple Inc. All Rights Reserved.
---
--- @APPLE_LICENSE_HEADER_START@
---
--- This file contains Original Code and/or Modifications of Original Code
--- as defined in and that are subject to the Apple Public Source License
--- Version 2.0 (the 'License'). You may not use this file except in
--- compliance with the License. Please obtain a copy of the License at
--- http://www.opensource.apple.com/apsl/ and read it before using this
--- file.
---
--- The Original Code and all software distributed under the License are
--- distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
--- EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
--- INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
--- FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
--- Please see the License for the specific language governing rights and
--- limitations under the License.
---
--- @APPLE_LICENSE_HEADER_END@
---
---
--- System Policy master database - file format and initial contents
---
--- This is currently for sqlite3
---
--- NOTES:
--- Dates are uniformly in julian form. We use 5000000 as the canonical "never" expiration
--- value; that's a day in the year 8977.
---
-PRAGMA user_version = 1;
-PRAGMA foreign_keys = true;
-PRAGMA legacy_file_format = false;
-PRAGMA recursive_triggers = true;
-
-
---
--- The feature table hold configuration features and options
---
-CREATE TABLE feature (
- id INTEGER PRIMARY KEY, -- canononical
- name TEXT NOT NULL UNIQUE, -- name of option
- value TEXT NULL, -- value of option, if any
- remarks TEXT NULL -- optional remarks string
-);
-
-
---
--- The primary authority. This table is conceptually scanned
--- in priority order, with the highest-priority matching enabled record
--- determining the outcome.
---
-CREATE TABLE authority (
- id INTEGER PRIMARY KEY AUTOINCREMENT, -- canonical
- version INTEGER NOT NULL DEFAULT (1) -- semantic version of this rule
- CHECK (version > 0),
- type INTEGER NOT NULL, -- operation type
- requirement TEXT NULL -- code requirement
- CHECK ((requirement IS NULL) = ((flags & 1) != 0)),
- allow INTEGER NOT NULL DEFAULT (1) -- allow (1) or deny (0)
- CHECK (allow = 0 OR allow = 1),
- disabled INTEGER NOT NULL DEFAULT (0) -- disable count (stacks; enabled if zero)
- CHECK (disabled >= 0),
- expires FLOAT NOT NULL DEFAULT (5000000), -- expiration of rule authority (Julian date)
- priority REAL NOT NULL DEFAULT (0), -- rule priority (full float)
- label TEXT NULL, -- text label for authority rule
- filter_unsigned TEXT NULL, -- prescreen for handling unsigned code
- flags INTEGER NOT NULL DEFAULT (0), -- amalgamated binary flags
- -- following fields are for documentation only
- ctime FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- rule creation time (Julian)
- mtime FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- time rule was last changed (Julian)
- user TEXT NULL, -- user requesting this rule (NULL if unknown)
- remarks TEXT NULL -- optional remarks string
-);
-
--- index
-CREATE INDEX authority_type ON authority (type);
-CREATE INDEX authority_priority ON authority (priority);
-CREATE INDEX authority_expires ON authority (expires);
-
--- update mtime if a record is changed
-CREATE TRIGGER authority_update AFTER UPDATE ON authority
-BEGIN
- UPDATE authority SET mtime = JULIANDAY('now') WHERE id = old.id;
-END;
-
--- rules that are actively considered
-CREATE VIEW active_authority AS
-SELECT * from authority
-WHERE disabled = 0 AND JULIANDAY('now') < expires AND (flags & 1) = 0;
-
--- rules subject to priority scan: active_authority but including disabled rules
-CREATE VIEW scan_authority AS
-SELECT * from authority
-WHERE JULIANDAY('now') < expires AND (flags & 1) = 0;
-
-
---
--- A table to carry (potentially large-ish) filesystem data stored as a bookmark blob.
---
-CREATE TABLE bookmarkhints (
- id INTEGER PRIMARY KEY AUTOINCREMENT,
- bookmark BLOB NOT NULL,
- authority INTEGER NOT NULL
- REFERENCES authority(id) ON DELETE CASCADE
-);
-
-
---
--- Upgradable features already contained in this baseline.
--- See policydatabase.cpp for upgrade code.
---
-INSERT INTO feature (name, value, remarks)
- VALUES ('bookmarkhints', 'present', 'builtin');
-INSERT INTO feature (name, value, remarks)
- VALUES ('codesignedpackages', 'present', 'builtin');
-INSERT INTO feature (name, value, remarks)
- VALUES ('filter_unsigned', 'present', 'builtin');
-
-
---
--- Initial canonical contents of a fresh database
---
-
--- virtual rule anchoring negative cache entries (no rule found)
-insert into authority (type, allow, priority, flags, label)
- values (1, 0, -1.0E100, 1, 'No Matching Rule');
-
--- any "genuine Apple-signed" installers
-insert into authority (type, allow, priority, flags, label, requirement)
- values (2, 1, -1, 2, 'Apple Installer', 'anchor apple generic and certificate 1[subject.CN] = "Apple Software Update Certification Authority"');
-
--- Apple code signing
-insert into authority (type, allow, flags, label, requirement)
- values (1, 1, 2, 'Apple System', 'anchor apple');
-
--- Mac App Store code signing
-insert into authority (type, allow, flags, label, requirement)
- values (1, 1, 2, 'Mac App Store', 'anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9] exists');
-
--- Mac App Store installer signing
-insert into authority (type, allow, flags, label, requirement)
- values (2, 1, 2, 'Mac App Store', 'anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.10] exists');
-
--- Caspian code and archive signing
-insert into authority (type, allow, flags, label, requirement)
- values (1, 1, 2, 'Developer ID', 'anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists');
-insert into authority (type, allow, flags, label, requirement)
- values (2, 1, 2, 'Developer ID', 'anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and (certificate leaf[field.1.2.840.113635.100.6.1.14] or certificate leaf[field.1.2.840.113635.100.6.1.13])');
-
-
---
--- The cache table lists previously determined outcomes
--- for individual objects (by object hash). Entries come from
--- full evaluations of authority records, or by explicitly inserting
--- override rules that preempt the normal authority.
--- EACH object record must have a parent authority record from which it is derived;
--- this may be a normal authority rule or an override rule. If the parent rule is deleted,
--- all objects created from it are automatically removed (by sqlite itself).
---
-CREATE TABLE object (
- id INTEGER PRIMARY KEY, -- canonical
- type INTEGER NOT NULL, -- operation type
- hash CDHASH NOT NULL, -- canonical hash of object
- allow INTEGER NOT NULL, -- allow (1) or deny (0)
- expires FLOAT NOT NULL DEFAULT (5000000), -- expiration of object entry
- authority INTEGER NOT NULL -- governing authority rule
- REFERENCES authority(id) ON DELETE CASCADE,
- -- following fields are for documentation only
- path TEXT NULL, -- path of object at record creation time
- ctime FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- record creation time
- mtime FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- record modification time
- remarks TEXT NULL -- optional remarks string
-);
-
--- index
-CREATE INDEX object_type ON object (type);
-CREATE INDEX object_expires ON object (expires);
-CREATE UNIQUE INDEX object_hash ON object (hash);
-
--- update mtime if a record is changed
-CREATE TRIGGER object_update AFTER UPDATE ON object
-BEGIN
- UPDATE object SET mtime = JULIANDAY('now') WHERE id = old.id;
-END;
-
-
---
--- Some useful views on objects. These are for administration; they are not used by the assessor.
---
-CREATE VIEW object_state AS
-SELECT object.id, object.type, object.allow,
- CASE object.expires WHEN 5000000 THEN NULL ELSE STRFTIME('%Y-%m-%d %H:%M:%f', object.expires, 'localtime') END AS expiration,
- (object.expires - JULIANDAY('now')) * 86400 as remaining,
- authority.label,
- object.authority,
- object.path,
- object.ctime,
- authority.requirement,
- authority.disabled,
- object.remarks
-FROM object, authority
-WHERE object.authority = authority.id;
projects / apple / security.git / blobdiff