X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/libsecurity_codesigning/lib/syspolicy.sql diff --git a/libsecurity_codesigning/lib/syspolicy.sql b/libsecurity_codesigning/lib/syspolicy.sql deleted file mode 100644 index 745533f6..00000000 --- a/libsecurity_codesigning/lib/syspolicy.sql +++ /dev/null @@ -1,204 +0,0 @@ --- --- Copyright (c) 2011-2012 Apple Inc. All Rights Reserved. --- --- @APPLE_LICENSE_HEADER_START@ --- --- This file contains Original Code and/or Modifications of Original Code --- as defined in and that are subject to the Apple Public Source License --- Version 2.0 (the 'License'). You may not use this file except in --- compliance with the License. Please obtain a copy of the License at --- http://www.opensource.apple.com/apsl/ and read it before using this --- file. --- --- The Original Code and all software distributed under the License are --- distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER --- EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, --- INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, --- FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. --- Please see the License for the specific language governing rights and --- limitations under the License. --- --- @APPLE_LICENSE_HEADER_END@ --- --- --- System Policy master database - file format and initial contents --- --- This is currently for sqlite3 --- --- NOTES: --- Dates are uniformly in julian form. We use 5000000 as the canonical "never" expiration --- value; that's a day in the year 8977. --- -PRAGMA user_version = 1; -PRAGMA foreign_keys = true; -PRAGMA legacy_file_format = false; -PRAGMA recursive_triggers = true; - - --- --- The feature table hold configuration features and options --- -CREATE TABLE feature ( - id INTEGER PRIMARY KEY, -- canononical - name TEXT NOT NULL UNIQUE, -- name of option - value TEXT NULL, -- value of option, if any - remarks TEXT NULL -- optional remarks string -); - - --- --- The primary authority. This table is conceptually scanned --- in priority order, with the highest-priority matching enabled record --- determining the outcome. --- -CREATE TABLE authority ( - id INTEGER PRIMARY KEY AUTOINCREMENT, -- canonical - version INTEGER NOT NULL DEFAULT (1) -- semantic version of this rule - CHECK (version > 0), - type INTEGER NOT NULL, -- operation type - requirement TEXT NULL -- code requirement - CHECK ((requirement IS NULL) = ((flags & 1) != 0)), - allow INTEGER NOT NULL DEFAULT (1) -- allow (1) or deny (0) - CHECK (allow = 0 OR allow = 1), - disabled INTEGER NOT NULL DEFAULT (0) -- disable count (stacks; enabled if zero) - CHECK (disabled >= 0), - expires FLOAT NOT NULL DEFAULT (5000000), -- expiration of rule authority (Julian date) - priority REAL NOT NULL DEFAULT (0), -- rule priority (full float) - label TEXT NULL, -- text label for authority rule - filter_unsigned TEXT NULL, -- prescreen for handling unsigned code - flags INTEGER NOT NULL DEFAULT (0), -- amalgamated binary flags - -- following fields are for documentation only - ctime FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- rule creation time (Julian) - mtime FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- time rule was last changed (Julian) - user TEXT NULL, -- user requesting this rule (NULL if unknown) - remarks TEXT NULL -- optional remarks string -); - --- index -CREATE INDEX authority_type ON authority (type); -CREATE INDEX authority_priority ON authority (priority); -CREATE INDEX authority_expires ON authority (expires); - --- update mtime if a record is changed -CREATE TRIGGER authority_update AFTER UPDATE ON authority -BEGIN - UPDATE authority SET mtime = JULIANDAY('now') WHERE id = old.id; -END; - --- rules that are actively considered -CREATE VIEW active_authority AS -SELECT * from authority -WHERE disabled = 0 AND JULIANDAY('now') < expires AND (flags & 1) = 0; - --- rules subject to priority scan: active_authority but including disabled rules -CREATE VIEW scan_authority AS -SELECT * from authority -WHERE JULIANDAY('now') < expires AND (flags & 1) = 0; - - --- --- A table to carry (potentially large-ish) filesystem data stored as a bookmark blob. --- -CREATE TABLE bookmarkhints ( - id INTEGER PRIMARY KEY AUTOINCREMENT, - bookmark BLOB NOT NULL, - authority INTEGER NOT NULL - REFERENCES authority(id) ON DELETE CASCADE -); - - --- --- Upgradable features already contained in this baseline. --- See policydatabase.cpp for upgrade code. --- -INSERT INTO feature (name, value, remarks) - VALUES ('bookmarkhints', 'present', 'builtin'); -INSERT INTO feature (name, value, remarks) - VALUES ('codesignedpackages', 'present', 'builtin'); -INSERT INTO feature (name, value, remarks) - VALUES ('filter_unsigned', 'present', 'builtin'); - - --- --- Initial canonical contents of a fresh database --- - --- virtual rule anchoring negative cache entries (no rule found) -insert into authority (type, allow, priority, flags, label) - values (1, 0, -1.0E100, 1, 'No Matching Rule'); - --- any "genuine Apple-signed" installers -insert into authority (type, allow, priority, flags, label, requirement) - values (2, 1, -1, 2, 'Apple Installer', 'anchor apple generic and certificate 1[subject.CN] = "Apple Software Update Certification Authority"'); - --- Apple code signing -insert into authority (type, allow, flags, label, requirement) - values (1, 1, 2, 'Apple System', 'anchor apple'); - --- Mac App Store code signing -insert into authority (type, allow, flags, label, requirement) - values (1, 1, 2, 'Mac App Store', 'anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9] exists'); - --- Mac App Store installer signing -insert into authority (type, allow, flags, label, requirement) - values (2, 1, 2, 'Mac App Store', 'anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.10] exists'); - --- Caspian code and archive signing -insert into authority (type, allow, flags, label, requirement) - values (1, 1, 2, 'Developer ID', 'anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists'); -insert into authority (type, allow, flags, label, requirement) - values (2, 1, 2, 'Developer ID', 'anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and (certificate leaf[field.1.2.840.113635.100.6.1.14] or certificate leaf[field.1.2.840.113635.100.6.1.13])'); - - --- --- The cache table lists previously determined outcomes --- for individual objects (by object hash). Entries come from --- full evaluations of authority records, or by explicitly inserting --- override rules that preempt the normal authority. --- EACH object record must have a parent authority record from which it is derived; --- this may be a normal authority rule or an override rule. If the parent rule is deleted, --- all objects created from it are automatically removed (by sqlite itself). --- -CREATE TABLE object ( - id INTEGER PRIMARY KEY, -- canonical - type INTEGER NOT NULL, -- operation type - hash CDHASH NOT NULL, -- canonical hash of object - allow INTEGER NOT NULL, -- allow (1) or deny (0) - expires FLOAT NOT NULL DEFAULT (5000000), -- expiration of object entry - authority INTEGER NOT NULL -- governing authority rule - REFERENCES authority(id) ON DELETE CASCADE, - -- following fields are for documentation only - path TEXT NULL, -- path of object at record creation time - ctime FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- record creation time - mtime FLOAT NOT NULL DEFAULT (JULIANDAY('now')), -- record modification time - remarks TEXT NULL -- optional remarks string -); - --- index -CREATE INDEX object_type ON object (type); -CREATE INDEX object_expires ON object (expires); -CREATE UNIQUE INDEX object_hash ON object (hash); - --- update mtime if a record is changed -CREATE TRIGGER object_update AFTER UPDATE ON object -BEGIN - UPDATE object SET mtime = JULIANDAY('now') WHERE id = old.id; -END; - - --- --- Some useful views on objects. These are for administration; they are not used by the assessor. --- -CREATE VIEW object_state AS -SELECT object.id, object.type, object.allow, - CASE object.expires WHEN 5000000 THEN NULL ELSE STRFTIME('%Y-%m-%d %H:%M:%f', object.expires, 'localtime') END AS expiration, - (object.expires - JULIANDAY('now')) * 86400 as remaining, - authority.label, - object.authority, - object.path, - object.ctime, - authority.requirement, - authority.disabled, - object.remarks -FROM object, authority -WHERE object.authority = authority.id;