securityd-55009.tar.gz

diff --git a/doc/BLOBFORMAT b/doc/BLOBFORMAT
index 6e426695c194d4ae7cc01c05b3358d28ba0e4293..a6f423db92433b18f9f465f1ede9b5284084887e 100644 (file)
--- a/doc/BLOBFORMAT
+++ b/doc/BLOBFORMAT
@@ -58,6 +58,6 @@ Decode (input DSK, DEK, KB output PRIVATE_KEY_BYTES, PUBLIC_KEY_BYTES)
 2. Verify the 20 byte SHA1HMAC of TEMP5 using DSK against SIG if if fails the blob is invalid.
 3. Split TEMP5 in LEN(PUBLIC_KEY_BYTES) , PUBLIC_KEY_BYTES and TEMP4.
 4. Decrypt TEMP4 using DEK with an IV of 0x4adda22c79e82105 in CBC mode with PKCS1 padding call the result TEMP3.
 2. Verify the 20 byte SHA1HMAC of TEMP5 using DSK against SIG if if fails the blob is invalid.
 3. Split TEMP5 in LEN(PUBLIC_KEY_BYTES) , PUBLIC_KEY_BYTES and TEMP4.
 4. Decrypt TEMP4 using DEK with an IV of 0x4adda22c79e82105 in CBC mode with PKCS1 padding call the result TEMP3.

-5. Reverse the order of the octects in TEMP3 and call the result TEMP2.
+5. Reverse the order of the octects in TEMP3 and call the result TEMP2. 

 6. Split TEMP2 in IV (first 8 bytes) and TEMP1 (rest).
 7. Decrypt TEMP1 using DEK (3DES) and IV in CBC mode with PKCS1 padding.  Call the plaintext PRIVATE_KEY_BYTES.
 6. Split TEMP2 in IV (first 8 bytes) and TEMP1 (rest).
 7. Decrypt TEMP1 using DEK (3DES) and IV in CBC mode with PKCS1 padding.  Call the plaintext PRIVATE_KEY_BYTES.

diff --git a/dtrace/securityd-watch.d b/dtrace/securityd-watch.d
index 631c2fcabaeef0fb0a24a40b3780c5b1256eceec..aa405871cadb82460f2c59318c8fa725a3803aa3 100755 (executable)
--- a/dtrace/securityd-watch.d
+++ b/dtrace/securityd-watch.d
@@ -1,6 +1,7 @@
 #!/usr/sbin/dtrace -q -s
 
 
 #!/usr/sbin/dtrace -q -s
 
 

+

 /*
  * Tracking state
  */
 /*
  * Tracking state
  */


@@ -201,9 +202,53 @@ securityd*:::request-return
 /*
  * Sessions
  */
 /*
  * Sessions
  */

-securityd*:::session-*
+typedef uint32_t SessionId;
+
+struct Session {
+       DTHandle handle;
+       SessionId sessionid;
+};
+struct Session session[SessionId];
+
+struct xauditinfo {
+       uint32_t        ai_auid;                /* audit user id */
+       struct {
+               unsigned int low;
+               unsigned int high;
+       } ai_mask;
+       struct {
+               uint32_t dev;
+               uint32_t type;
+               uint32_t addr[4];
+       } ai_termid;
+       au_asid_t ai_asid;              /* audit session id */
+       au_asflgs_t ai_flags;   /* audit session flags */
+};
+self struct xauditinfo *ai;
+
+securityd*:::session-create
+{
+       session[arg1].handle = arg0;
+       session[arg1].sessionid = arg1;
+       self->ai = copyin(arg2, sizeof(struct xauditinfo));
+       printf("%u T%d:%s(<%x>,id=%d,uid=%d,flags=%#x)\n", timestamp, self->mytid, probename,
+               arg0, arg1, self->ai->ai_auid, self->ai->ai_flags);
+}
+
+securityd*:::session-kill
+{
+       printf("%u T%d:%s(<%x>,id=%d)\n", timestamp, self->mytid, probename, arg0, arg1);
+}
+
+securityd*:::session-destroy
+{
+       printf("%u T%d:%s(<%x>,id=%d)\n", timestamp, self->mytid, probename, arg0, arg1);
+}
+
+securityd*:::session-notify

 {
 {

-       printf("%u T%d:%s(<%x>,0x%x)\n", timestamp, self->mytid, probename, arg0, arg1);
+       printf("%u T%d:%s(<%x>,id=%d,events=0x%x,uid=%d)\n", timestamp, self->mytid, probename,
+               session[arg0].handle, arg0, arg1, arg2);

 }
 
 
 }
 
 

diff --git a/etc/authorization.plist b/etc/authorization.plist
index e1b9c04f84df981153b3f9dd4cea79390291bb40..9fc6c32286a413113d096b0cfbcd3a7054a83db7 100644 (file)
--- a/etc/authorization.plist
+++ b/etc/authorization.plist
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <?xml version="1.0" encoding="UTF-8"?>

-<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

 <plist version="1.0">
 <dict>
        <key>comment</key>
 <plist version="1.0">
 <dict>
        <key>comment</key>


@@ -34,272 +34,2764 @@ See remaining rules for examples.
                        <key>rule</key>
                        <string>default</string>
                </dict>
                        <key>rule</key>
                        <string>default</string>
                </dict>

-               <key>config.add.</key>
+               <key>com.apple.</key>
+               <dict>
+                       <key>rule</key>
+                       <string>default</string>
+               </dict>
+               <key>com.apple.DiskManagement.</key>

                <dict>
                        <key>class</key>
                <dict>
                        <key>class</key>

-                       <string>allow</string>
+                       <string>rule</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>Wildcard right for adding rights.  Anyone is allowed to add any (non-wildcard) rights.</string>
+                       <string>Used by diskmanagementd to allow access to its privileged functions</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل القرص</string>
+                               <key>cs</key>
+                               <string>Změnit Disk</string>
+                               <key>da</key>
+                               <string>Juster disk</string>
+                               <key>de</key>
+                               <string>Volume ändern</string>
+                               <key>en</key>
+                               <string>Modify Disk</string>
+                               <key>es</key>
+                               <string>Modificar disco</string>
+                               <key>fi</key>
+                               <string>Muokkaa levyä</string>
+                               <key>fr</key>
+                               <string>Modifier le disque</string>
+                               <key>hu</key>
+                               <string>Lemez módosítása</string>
+                               <key>it</key>
+                               <string>Modifica disco</string>
+                               <key>ja</key>
+                               <string>ディスクを変更</string>
+                               <key>ko</key>
+                               <string>디스크 수정</string>
+                               <key>nb</key>
+                               <string>Endre disk</string>
+                               <key>nl</key>
+                               <string>Wijzig schijf</string>
+                               <key>pl</key>
+                               <string>Modyfikuj dysk</string>
+                               <key>pt</key>
+                               <string>Modificar Disco</string>
+                               <key>pt-PT</key>
+                               <string>Modificar disco</string>
+                               <key>ru</key>
+                               <string>Модифицировать диск</string>
+                               <key>sv</key>
+                               <string>Ändra skiva</string>
+                               <key>tr</key>
+                               <string>Diski Değiştir</string>
+                               <key>zh-Hans</key>
+                               <string>修改磁盘</string>
+                               <key>zh-Hant</key>
+                               <string>修改磁碟</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تعديل القرص المحدد.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší změnit vybraný disk.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at ændre den valgte disk.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, das ausgewählte Volume zu ändern.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to modify the selected disk.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando modificar el disco seleccionado.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää muokata valittua levyä.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de modifier le disque sélectionné.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja módosítani a kijelölt lemezt.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di modificare il disco selezionato.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、選択中のディスクを変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 선택한 디스크를 변경하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å endre den markerte disken.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de geselecteerde schijf te wijzigen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zmodyfikować zaznaczony dysk.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando modificar o disco selecionado.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar modificar o disco seleccionado.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается модифицировать выбранный диск.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ändra den markerade skivan.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, seçilen diski değiştirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图修改所选磁盘。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試修改所選磁碟。</string>
+                       </dict>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>is-root</string>
+                               <string>is-admin</string>
+                               <string>default</string>
+                       </array>
+                       <key>shared</key>
+                       <true/>

                </dict>
                </dict>

-               <key>config.config.</key>
+               <key>com.apple.DiskManagement.reserveKEK</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <true/>

                        <key>class</key>
                        <key>class</key>

-                       <string>deny</string>
+                       <string>user</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>Wildcard right for any change to meta-rights for db modification.  Not allowed programmatically (just edit this file).</string>
+                       <string>Used by diskmanagementd to allow use of the reserve KEK.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>en</key>
+                               <string>Modify Disk</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to modify an encrypted disk.</string>
+                       </dict>
+                       <key>group</key>
+                       <string>admin</string>
+                       <key>shared</key>
+                       <false/>

                </dict>
                </dict>

-               <key>config.modify.</key>
+               <key>com.apple.KerberosAgent</key>

                <dict>
                <dict>

+                       <key>class</key>
+                       <string>evaluate-mechanisms</string>
+                       <key>comment</key>
+                       <string>Used to acquire Kerberos credentials.</string>
+                       <key>mechanisms</key>
+                       <array>
+                               <string>KerberosAgent:kerberos-dialog</string>
+                               <string>KerberosAgent:kerberos-authenticate,privileged</string>
+                       </array>
+               </dict>
+               <key>com.apple.OpenScripting.additions.send</key>
+               <dict>
+                       <key>allow-root</key>
+                       <true/>
+                       <key>class</key>
+                       <string>user</string>
+                       <key>comment</key>
+                       <string>Used to send restricted scripting addition commands to processes that require authorization to handle the events.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>إرسال الأوامر</string>
+                               <key>cs</key>
+                               <string>Odeslat příkazy</string>
+                               <key>da</key>
+                               <string>Send kommandoer</string>
+                               <key>de</key>
+                               <string>Befehle senden</string>
+                               <key>en</key>
+                               <string>Send Commands</string>
+                               <key>es</key>
+                               <string>Enviar comandos</string>
+                               <key>fi</key>
+                               <string>Lähetä komennot</string>
+                               <key>fr</key>
+                               <string>Envoyer des commandes</string>
+                               <key>hu</key>
+                               <string>Parancsok küldése</string>
+                               <key>it</key>
+                               <string>Invia comandi</string>
+                               <key>ja</key>
+                               <string>コマンドを送信</string>
+                               <key>ko</key>
+                               <string>명령 보내기</string>
+                               <key>nb</key>
+                               <string>Send kommandoer</string>
+                               <key>nl</key>
+                               <string>Stuur commando's</string>
+                               <key>pl</key>
+                               <string>Wyślij polecenia</string>
+                               <key>pt</key>
+                               <string>Enviar Comandos</string>
+                               <key>pt-PT</key>
+                               <string>Enviar comandos</string>
+                               <key>ru</key>
+                               <string>Отправить команды</string>
+                               <key>sv</key>
+                               <string>Skicka kommandon</string>
+                               <key>tr</key>
+                               <string>Komutları Gönder</string>
+                               <key>zh-Hans</key>
+                               <string>发送命令</string>
+                               <key>zh-Hant</key>
+                               <string>傳送指令</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ إرسال أوامر إضافة برامج نصية محظورة إلى التطبيقات.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší odeslat omezené příkazy skriptovacího doplňku jiným aplikacím.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at sende begrænsede instrukstilføjelseskommandoer til andre programmer.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, Befehle für beschränkte Scripting Additions an andere Programme zu senden.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to send restricted scripting addition commands to other applications.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando enviar comandos de adición de scripts restringidos a otras aplicaciones.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää lähettää rajoitettuja komentosarjalisäyskomentoja muille ohjelmille.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye d’envoyer des commandes restreintes de compléments de pilotage vers d’autres applications.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál szkripthozzáadási parancsokat küldeni más alkalmazásoknak.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di inviare alle applicazioni comandi con restrizioni per estensioni AppleScript.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、制限付きスクリプティングの追加コマンドをほかのアプリケーションに送信しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 다른 응용 프로그램으로 제한된 스크립팅 추가 명령을 보내려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å sende begrensede prosedyretilleggkommandoer til andre programmer.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert beperkte script-extracommando's naar andere programma's te sturen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje wysłać zastrzeżone skryptowe polecenia dodania do innych programów.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando enviar comandos restringidos de adição de roteiros para outros aplicativos.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está tentar enviar comandos restritos de adição a outras aplicações.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается отправить команды дополнения к скрипту в другие программы.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker skicka begränsade skripttilläggkommandon till andra program.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, diğer uygulamalara sınırlı betik yazma eki komutları göndermeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图给其他应用程序发送受限制的脚本添加命令。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試將受限的工序指令附加程式的指令傳送到其他應用程式。</string>
+                       </dict>
+                       <key>group</key>
+                       <string>admin</string>
+               </dict>
+               <key>com.apple.Safari.parental-controls</key>
+               <dict>
+                       <key>allow-root</key>
+                       <true/>

                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>

-                       <string>Wildcard right for modifying rights.  Admins are allowed to modify any (non-wildcard) rights.  Root does not require authentication.</string>
+                       <string>Checked when changing parental controls for Safari.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل الإعدادات</string>
+                               <key>cs</key>
+                               <string>Změnit nastavení</string>
+                               <key>da</key>
+                               <string>Juster indstillinger</string>
+                               <key>de</key>
+                               <string>Einstellungen ändern</string>
+                               <key>en</key>
+                               <string>Modify Settings</string>
+                               <key>es</key>
+                               <string>Modificar ajustes</string>
+                               <key>fi</key>
+                               <string>Muokkaa asetuksia</string>
+                               <key>fr</key>
+                               <string>Modifer les réglages</string>
+                               <key>hu</key>
+                               <string>Beállítások módosítása</string>
+                               <key>it</key>
+                               <string>Modifica impostazioni</string>
+                               <key>ja</key>
+                               <string>設定を変更</string>
+                               <key>ko</key>
+                               <string>설정 수정</string>
+                               <key>nb</key>
+                               <string>Endre innstillinger</string>
+                               <key>nl</key>
+                               <string>Wijzig instellingen</string>
+                               <key>pl</key>
+                               <string>Zmień ustawienia</string>
+                               <key>pt</key>
+                               <string>Modificar Ajustes</string>
+                               <key>pt-PT</key>
+                               <string>Modificar definições</string>
+                               <key>ru</key>
+                               <string>Модифицировать настройки</string>
+                               <key>sv</key>
+                               <string>Ändra inställningar</string>
+                               <key>tr</key>
+                               <string>Ayarları Değiştir</string>
+                               <key>zh-Hans</key>
+                               <string>修改设置</string>
+                               <key>zh-Hant</key>
+                               <string>修改設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تعديل إعدادات الإشراف العائلي لـ Safari.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší změnit nastavení Rodičovského dohledu pro Safari.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at ændre indstillingerne til børnesikring i Safari.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Einstellungen für die Kindersicherheit in Safari zu ändern.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to modify the Parental Controls settings for Safari.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando modificar los ajustes de los controles parentales de Safari.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää muokata Safarin käyttörajoitusten asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de modifier les réglages du contrôle parental de Safari.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja módosítani a Safari szülői felügyeleti beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di modificare le impostazioni dei controlli censura di Safari.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、Safari の“ペアレンタルコントロール”環境設定を変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) Safari에 대한 유해 콘텐츠 차단 설정을 변경하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å endre foreldrekontrollinnstillingene for Safari.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de instellingen voor ouderlijk toezicht van Safari te wijzigen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zmienić ustawienia Nadzoru rodzicielskiego dla Safari.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando modificar os ajustes dos Controles Parentais para o Safari.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar modificar as definições do Controlo Parental do Safari.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается модифицировать настройки Родительского контроля в Safari.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ändra Föräldrakontrolls inställningar för Safari.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Safari için Ebeveyn Denetimi ayarlarını değiştirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图修改 Safari的“家长控制”设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試修改 Safari 的“分級保護控制”設定。</string>
+                       </dict>

                        <key>k-of-n</key>
                        <integer>1</integer>
                        <key>rule</key>
                        <array>
                        <key>k-of-n</key>
                        <integer>1</integer>
                        <key>rule</key>
                        <array>

-                               <string>is-root</string>
+                               <string>is-admin</string>

                                <string>authenticate-admin</string>
                        </array>
                                <string>authenticate-admin</string>
                        </array>

+                       <key>shared</key>
+                       <false/>
+                       <key>timeout</key>
+                       <integer>60</integer>

                </dict>
                </dict>

-               <key>config.remove.</key>
+               <key>com.apple.ServiceManagement.blesshelper</key>

                <dict>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>
                <dict>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>

-                       <string>Wildcard right for deleting rights.  Admins are allowed to delete any (non-wildcard) rights.  Root does not require authentication.</string>
+                       <string>Used by the ServiceManagement framework to add a privileged helper tool to the system launchd.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تثبيت المساعد</string>
+                               <key>cs</key>
+                               <string>Instalovat nástroj</string>
+                               <key>da</key>
+                               <string>Installer hjælpeprogram</string>
+                               <key>de</key>
+                               <string>Hilfsprogramm installieren</string>
+                               <key>en</key>
+                               <string>Install Helper</string>
+                               <key>es</key>
+                               <string>Instalar asistente</string>
+                               <key>fi</key>
+                               <string>Asenna avustaja</string>
+                               <key>fr</key>
+                               <string>Installer l’utilitaire</string>
+                               <key>hu</key>
+                               <string>Segédeszköz telepítése</string>
+                               <key>it</key>
+                               <string>Installa Helper</string>
+                               <key>ja</key>
+                               <string>ヘルパーをインストール</string>
+                               <key>ko</key>
+                               <string>보조 응용 프로그램 설치</string>
+                               <key>nb</key>
+                               <string>Installer hjelper</string>
+                               <key>nl</key>
+                               <string>Installeer Helper</string>
+                               <key>pl</key>
+                               <string>Zainstaluj narzędzie pomocnicze</string>
+                               <key>pt</key>
+                               <string>Instalar Auxiliar</string>
+                               <key>pt-PT</key>
+                               <string>Instalar Ferramenta de Ajuda </string>
+                               <key>ru</key>
+                               <string>Установить Helper</string>
+                               <key>sv</key>
+                               <string>Installera hjälpprogram</string>
+                               <key>tr</key>
+                               <string>Yardımcıyı Yükle</string>
+                               <key>zh-Hans</key>
+                               <string>安装帮助程序</string>
+                               <key>zh-Hant</key>
+                               <string>安裝輔助程式</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تثبيت أداة مساعد جديدة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší nainstalovat nový pomocný nástroj.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at installere et nyt hjælpeværktøj.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, ein neues Hilfsprogramm zu installieren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to install a new helper tool.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando instalar una herramienta asociada.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää asentaa uutta avustajatyökalua.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye d’installer un nouvel utilitaire.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál telepíteni egy új segédeszközt.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di installare un nuovo Helper.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、新しいヘルパーツールをインストールしようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 새로운 보조 도구를 설치하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å installere et nytt hjelpeverktøy.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert een nieuwe helpertool te installeren.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zainstalować nowe narzędzie pomocnicze.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando instalar uma nova ferramenta auxiliar.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar instalar uma nova ferramenta de ajuda.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается установить новый инструмент справки.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker installera ett nytt hjälpverktyg.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, yeni bir yardımcı araç yüklemeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图安装新的帮助程序工具。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試安裝新的輔助工具。</string>
+                       </dict>

                        <key>k-of-n</key>
                        <integer>1</integer>
                        <key>rule</key>
                        <array>
                                <string>is-root</string>
                        <key>k-of-n</key>
                        <integer>1</integer>
                        <key>rule</key>
                        <array>
                                <string>is-root</string>

-                               <string>authenticate-admin</string>
+                               <string>authenticate-admin-30</string>

                        </array>
                </dict>
                        </array>
                </dict>

-               <key>config.remove.system.</key>
+               <key>com.apple.ServiceManagement.daemons.modify</key>

                <dict>
                        <key>class</key>
                <dict>
                        <key>class</key>

-                       <string>deny</string>
+                       <string>rule</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>Wildcard right for deleting system rights.</string>
-               </dict>
-               <key>com.apple.</key>
-               <dict>
+                       <string>Used by the ServiceManagement framework to make changes to the system launchd's set of daemons.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>إضافة مساعد</string>
+                               <key>cs</key>
+                               <string>Přidat nástroj</string>
+                               <key>da</key>
+                               <string>Tilføj hjælpeprogram</string>
+                               <key>de</key>
+                               <string>Hilfsprogramm hinzufügen</string>
+                               <key>en</key>
+                               <string>Add Helper</string>
+                               <key>es</key>
+                               <string>Añadir asistente</string>
+                               <key>fi</key>
+                               <string>Lisää avustaja</string>
+                               <key>fr</key>
+                               <string>Ajouter l’utilitaire </string>
+                               <key>hu</key>
+                               <string>Segédeszköz hozzáadása</string>
+                               <key>it</key>
+                               <string>Aggiungi Helper</string>
+                               <key>ja</key>
+                               <string>ヘルパーを追加</string>
+                               <key>ko</key>
+                               <string>보조 응용 프로그램 추가</string>
+                               <key>nb</key>
+                               <string>Legg til hjelper</string>
+                               <key>nl</key>
+                               <string>Voeg Helper toe</string>
+                               <key>pl</key>
+                               <string>Dodaj narzędzie pomocnicze</string>
+                               <key>pt</key>
+                               <string>Adicionar Auxiliar</string>
+                               <key>pt-PT</key>
+                               <string>Adicionar Ferramenta de Ajuda</string>
+                               <key>ru</key>
+                               <string>Добавить Helper</string>
+                               <key>sv</key>
+                               <string>Lägg till hjälpprogram</string>
+                               <key>tr</key>
+                               <string>Yardımcı Ekle</string>
+                               <key>zh-Hans</key>
+                               <string>添加帮助程序</string>
+                               <key>zh-Hant</key>
+                               <string>加入輔助程式</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ إضافة أداة مساعد جديدة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší přidat nový pomocný nástroj.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at tilføje et nyt hjælpeværktøj.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, ein neues Hilfsprogramm hinzufügen.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to add a new helper tool.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando añadir una herramienta asociada.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää lisätä uuden avustajatyökalun.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye d’ajouter un nouvel utilitaire.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál hozzáadni egy új segédeszközt.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di aggiungere un nuovo Helper.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、新しいヘルパーツールを追加しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 새로운 보조 도구를 추가하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å legge til et nytt hjelpeverktøy.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert een nieuwe helpertool toe te voegen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje dodać nowe narzędzie pomocnicze.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando adicionar uma nova ferramenta auxiliar.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar adicionar uma nova ferramenta de ajuda.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается добавить новый инструмент справки.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker lägga till ett nytt hjälpverktyg.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, yeni bir yardımcı araç eklemeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图添加一个新的帮助程序工具。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試加入新的輔助工具。</string>
+                       </dict>
+                       <key>k-of-n</key>
+                       <integer>1</integer>

                        <key>rule</key>
                        <key>rule</key>

-                       <string>default</string>
+                       <array>
+                               <string>is-root</string>
+                               <string>entitled-admin-or-authenticate-admin</string>
+                       </array>

                </dict>
                </dict>

-               <key>system.</key>
+               <key>com.apple.SoftwareUpdate.scan</key>

                <dict>
                <dict>

+                       <key>class</key>
+                       <string>rule</string>
+                       <key>comment</key>
+                       <string>Checked when user is updating software.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تحقق</string>
+                               <key>cs</key>
+                               <string>Ověřit</string>
+                               <key>da</key>
+                               <string>Søg</string>
+                               <key>de</key>
+                               <string>Überprüfen</string>
+                               <key>en</key>
+                               <string>Check</string>
+                               <key>es</key>
+                               <string>Comprobar</string>
+                               <key>fi</key>
+                               <string>Tarkista</string>
+                               <key>fr</key>
+                               <string>Rechercher</string>
+                               <key>hu</key>
+                               <string>Ellenőrzés</string>
+                               <key>it</key>
+                               <string>Verifica</string>
+                               <key>ja</key>
+                               <string>確認</string>
+                               <key>ko</key>
+                               <string>확인</string>
+                               <key>nb</key>
+                               <string>Søk</string>
+                               <key>nl</key>
+                               <string>Markeer</string>
+                               <key>pl</key>
+                               <string>Sprawdź</string>
+                               <key>pt</key>
+                               <string>Verificar</string>
+                               <key>pt-PT</key>
+                               <string>Procurar</string>
+                               <key>ru</key>
+                               <string>Проверить</string>
+                               <key>sv</key>
+                               <string>Kontrollera</string>
+                               <key>tr</key>
+                               <string>Denetle</string>
+                               <key>zh-Hans</key>
+                               <string>检查</string>
+                               <key>zh-Hant</key>
+                               <string>檢查</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ التحقق من برنامج جديد موّفَر من Apple.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší ověřit dostupnost nového softwaru poskytovaného společností Apple.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at søge efter ny software leveret af Apple.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, neue von Apple bereitgestellte Software zu finden.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to check for new Apple-provided software.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando comprobar si hay software nuevo proporcionado por Apple.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää tarkistaa, onko uutta Applen ohjelmistoa saatavilla.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie de rechercher des nouveaux logiciels fournis par Apple.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál ellenőrizni egy új, Apple által szolgáltatott szoftvert.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta tentando di verificare se è disponibile nuovo software fornito da Apple.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、Apple 提供の新規ソフトウェアを確認しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) Apple에서 제공한 새로운 소프트웨어를 확인하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å søke etter ny programvare som er levert av Apple.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert te zoeken naar nieuwe van Apple afkomstige software.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje sprawdzić dostępność oprogramowania udostępnionego przez Apple.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando buscar novos softwares fornecidos pela Apple.</string>
+                               <key>pt-PT</key>
+                               <string>__APPNAME__ está a tentar procurar novo software da Apple.</string>
+                               <key>ru</key>
+                               <string>__APPNAME__ пытается проверить наличие нового ПО, предоставленного компанией Apple.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker kontrollera om ny programvara från Apple finns tillgänglig.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Apple tarafından sağlanan yeni yazılım olup olmadığını denetlemeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>__APPNAME__ 正在尝试检查是否存在新的 Apple 提供的软件。</string>
+                               <key>zh-Hant</key>
+                               <string>__APPNAME__ 正在嘗試檢查 Apple 提供的新軟體。</string>
+                       </dict>

                        <key>rule</key>
                        <key>rule</key>

-                       <string>default</string>
+                       <string>root-or-entitled-admin-or-authenticate-admin</string>

                </dict>
                </dict>

-               <key>sys.openfile.</key>
+               <key>com.apple.XType.fontmover.install</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <true/>

                        <key>class</key>
                        <string>user</string>
                        <key>class</key>
                        <string>user</string>

-                       <key>comment</key>
-                       <string>See authopen(1) for information on the use of this right.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تثبيت</string>
+                               <key>cs</key>
+                               <string>Instalovat</string>
+                               <key>de</key>
+                               <string>Installieren</string>
+                               <key>en</key>
+                               <string>Install</string>
+                               <key>es</key>
+                               <string>Instalar</string>
+                               <key>fi</key>
+                               <string>Asenna</string>
+                               <key>fr</key>
+                               <string>Install</string>
+                               <key>hu</key>
+                               <string>Telepítés</string>
+                               <key>it</key>
+                               <string>Installa</string>
+                               <key>ja</key>
+                               <string>インストール</string>
+                               <key>ko</key>
+                               <string>설치</string>
+                               <key>nb</key>
+                               <string>Installer</string>
+                               <key>nl</key>
+                               <string>Installeer</string>
+                               <key>pl</key>
+                               <string>Instaluj</string>
+                               <key>pt</key>
+                               <string>Instalar</string>
+                               <key>pt_PT</key>
+                               <string>Instalar</string>
+                               <key>ru</key>
+                               <string>Установить</string>
+                               <key>sv</key>
+                               <string>Installera</string>
+                               <key>tr</key>
+                               <string>Yükle</string>
+                               <key>zh_CN</key>
+                               <string>安装</string>
+                               <key>zh_TW</key>
+                               <string>安裝</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تثبيت خطوط النظام الجديدة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší nainstalovat nová systémová písma.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht neue Systemschriften zu installieren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to install new system fonts.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando instalar nuevos tipos de letra del sistema.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää asentaa uusia järjestelmäfontteja.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie d’installer de nouvelles polices système.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál új rendszer-betűtípust telepíteni.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta tentando di installare nuovi font di sistema.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、新規システムフォントをインストールしようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__에서 새로운 시스템 서체를 설치하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å installere nye systemfonter.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert nieuwe systeemlettertypen te installeren.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zainstalować nowe czcionki systemowe.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando instalar novas fontes do sistema.</string>
+                               <key>pt_PT</key>
+                               <string>__APPNAME__ está a tentar instalar novos tipos de letra do sistema.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается установить новые системные шрифты.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker installera nya systemtypsnitt.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, yeni sistem fontları yüklemeye çalışıyor.</string>
+                               <key>zh_CN</key>
+                               <string>“__APPNAME__”正试图安装新的系统字体。</string>
+                               <key>zh_TW</key>
+                               <string>“__APPNAME__”正在嘗試安裝新的系統字體。</string>
+                       </dict>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>

-                       <false/>
+                       <true/>

                        <key>timeout</key>
                        <integer>300</integer>
                </dict>
                        <key>timeout</key>
                        <integer>300</integer>
                </dict>

-               <key>system.device.dvd.setregion.initial</key>
+               <key>com.apple.XType.fontmover.remove</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <true/>

                        <key>class</key>
                        <string>user</string>
                        <key>class</key>
                        <string>user</string>

-                       <key>comment</key>
-                       <string>Used by the DVD player to set the region code the first time.  Note that changing the region code after it has been set requires a different right (system.device.dvd.setregion.change).</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>إزالة</string>
+                               <key>cs</key>
+                               <string>Odstranit</string>
+                               <key>de</key>
+                               <string>Fjern</string>
+                               <key>en</key>
+                               <string>Remove</string>
+                               <key>es</key>
+                               <string>Eliminar</string>
+                               <key>fi</key>
+                               <string>Poista</string>
+                               <key>fr</key>
+                               <string>Remove</string>
+                               <key>hu</key>
+                               <string>Eltávolítás</string>
+                               <key>it</key>
+                               <string>Rimuovi</string>
+                               <key>ja</key>
+                               <string>取り除く</string>
+                               <key>ko</key>
+                               <string>제거</string>
+                               <key>nb</key>
+                               <string>Fjern</string>
+                               <key>nl</key>
+                               <string>Verwijder</string>
+                               <key>pl</key>
+                               <string>Usuń</string>
+                               <key>pt</key>
+                               <string>Remover</string>
+                               <key>pt_PT</key>
+                               <string>Remover</string>
+                               <key>ru</key>
+                               <string>Удалить</string>
+                               <key>sv</key>
+                               <string>Ta bort</string>
+                               <key>tr</key>
+                               <string>Sil</string>
+                               <key>zh_CN</key>
+                               <string>移除</string>
+                               <key>zh_TW</key>
+                               <string>移除</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ إزالة خطوط النظام الموجودة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší odstranit existující systémová písma.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht vorhandene Systemschriften zu entfernen.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to remove existing system fonts.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando eliminar tipos de letra del sistema.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää poistaa nykyistä järjestelmäfonttia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie de supprimer des polices système par défaut.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál eltávolítani egy meglévő rendszer-betűtípust.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta tentando di rimuovere i font di un sistema esistente.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、既存のシステムフォントを取り除こうとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__에서 기존의 시스템 서체를 제거하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å fjerne eksisterende systemfonter.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert bestaande systeemlettertypen te verwijderen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje usunąć istniejące czcionki systemowe.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando remover fontes existentes do sistema.</string>
+                               <key>pt_PT</key>
+                               <string>__APPNAME__ está a tentar remover tipos de letra do sistema.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается удалить имеющиеся системные шрифты.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ta bort befintliga systemtypsnitt.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, var olan sistem fontlarını silmeye çalışıyor.</string>
+                               <key>zh_CN</key>
+                               <string>“__APPNAME__”正试图移除现有的系统字体。</string>
+                               <key>zh_TW</key>
+                               <string>“__APPNAME__”正在嘗試移除現有的系統字體。</string>
+                       </dict>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <true/>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <true/>

+                       <key>timeout</key>
+                       <integer>300</integer>

                </dict>
                </dict>

-               <key>system.login.console</key>
+               <key>com.apple.XType.fontmover.restore</key>

                <dict>
                        <key>class</key>
                <dict>
                        <key>class</key>

-                       <string>evaluate-mechanisms</string>
+                       <string>rule</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>استعادة</string>
+                               <key>cs</key>
+                               <string>Obnovit</string>
+                               <key>de</key>
+                               <string>Wiederherstellen</string>
+                               <key>en</key>
+                               <string>Restore</string>
+                               <key>es</key>
+                               <string>Restaurar</string>
+                               <key>fi</key>
+                               <string>Palauta</string>
+                               <key>fr</key>
+                               <string>Restore</string>
+                               <key>hu</key>
+                               <string>Visszaállítás</string>
+                               <key>it</key>
+                               <string>Ripristina</string>
+                               <key>ja</key>
+                               <string>復元</string>
+                               <key>ko</key>
+                               <string>복원</string>
+                               <key>nb</key>
+                               <string>Gjenopprett</string>
+                               <key>nl</key>
+                               <string>Zet terug</string>
+                               <key>pl</key>
+                               <string>Przywróć</string>
+                               <key>pt</key>
+                               <string>Restaurar</string>
+                               <key>pt_PT</key>
+                               <string>Restaurar</string>
+                               <key>ru</key>
+                               <string>Восстановить</string>
+                               <key>sv</key>
+                               <string>Återskapa</string>
+                               <key>tr</key>
+                               <string>Geri Yükle</string>
+                               <key>zh_CN</key>
+                               <string>恢复</string>
+                               <key>zh_TW</key>
+                               <string>回復</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ استعادة خطوط النظام الافتراضية.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší obnovit výchozí systémová písma.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht die Standard-Systemschriften wiederherzustellen.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to restore the default system fonts.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando restaurar los tipos de letra por omisión del sistema.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää palauttaa järjestelmän oletusfontteja.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie de restaurer les polices système par défaut.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja visszaállítani az alapértelmezett rendszer-betűtípust.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta tentando di ripristinare i font di default del sistema.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、デフォルトのシステムフォントを復元しようとしてします。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__에서 기본 시스템 서체를 복원하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å gjenopprette standard systemfonter.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de standaardsysteemlettertypen terug te zetten.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje przywrócić domyślne czcionki systemowe.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando restaurar as fontes padrão do sistema.</string>
+                               <key>pt_PT</key>
+                               <string>__APPNAME__ está a tentar restaurar os tipos de letra predefinidos do sistema.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается восстановить стандартные системные шрифты.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker återskapa de förvalda systemtypsnitten.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, saptanmış sistem fontlarını geri yüklemeye çalışıyor.</string>
+                               <key>zh_CN</key>
+                               <string>“__APPNAME__”正试图恢复默认的系统字体。</string>
+                               <key>zh_TW</key>
+                               <string>“__APPNAME__”正在嘗試回復預設的系統字體。</string>
+                       </dict>
+                       <key>rule</key>
+                       <string>root-or-entitled-admin-or-authenticate-admin</string>
+               </dict>
+               <key>com.apple.ZFSManager.</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>Login mechanism based rule.  Not for general use, yet.</string>
-                       <key>mechanisms</key>
+                       <string>Used by zfsmanager to allow access to destructive zfs functions</string>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>

                        <array>
                        <array>

-                               <string>builtin:smartcard-sniffer,privileged</string>
-                               <string>loginwindow:login</string>
-                               <string>builtin:reset-password,privileged</string>
-                               <string>builtin:auto-login,privileged</string>
-                               <string>builtin:authenticate,privileged</string>
-                               <string>loginwindow:success</string>
-                               <string>HomeDirMechanism:login,privileged</string>
-                               <string>HomeDirMechanism:status</string>
-                               <string>MCXMechanism:login</string>
-                               <string>loginwindow:done</string>
+                               <string>is-root</string>
+                               <string>is-admin</string>
+                               <string>default</string>

                        </array>
                        </array>

+                       <key>shared</key>
+                       <true/>

                </dict>
                </dict>

-               <key>system.login.done</key>
+               <key>com.apple.activitymonitor.kill</key>

                <dict>
                        <key>class</key>
                <dict>
                        <key>class</key>

-                       <string>evaluate-mechanisms</string>
-                       <key>mechanisms</key>
-                       <array>
-                       </array>
+                       <string>rule</string>
+                       <key>comment</key>
+                       <string>Used by Activity Monitor to authorize killing processes not owned by the user.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>إنهاء العملية</string>
+                               <key>cs</key>
+                               <string>Ukončit proces</string>
+                               <key>da</key>
+                               <string>Slut proces</string>
+                               <key>de</key>
+                               <string>Vorgang beenden</string>
+                               <key>en</key>
+                               <string>Quit Process</string>
+                               <key>es</key>
+                               <string>Salir del proceso</string>
+                               <key>fi</key>
+                               <string>Lopeta prosessi</string>
+                               <key>fr</key>
+                               <string>Quitter l’opération</string>
+                               <key>hu</key>
+                               <string>Folyamat bezárása</string>
+                               <key>it</key>
+                               <string>Esci dal processo</string>
+                               <key>ja</key>
+                               <string>プロセスを終了</string>
+                               <key>ko</key>
+                               <string>프로세스 종료</string>
+                               <key>nb</key>
+                               <string>Avslutt prosess</string>
+                               <key>nl</key>
+                               <string>Stop proces</string>
+                               <key>pl</key>
+                               <string>Zakończ proces</string>
+                               <key>pt</key>
+                               <string>Encerrar Processo</string>
+                               <key>pt-PT</key>
+                               <string>Sair do processo</string>
+                               <key>ru</key>
+                               <string>Завершить процесс</string>
+                               <key>sv</key>
+                               <string>Avsluta process</string>
+                               <key>tr</key>
+                               <string>İşlemden Çık</string>
+                               <key>zh-Hans</key>
+                               <string>退出进程</string>
+                               <key>zh-Hant</key>
+                               <string>結束程序</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ إنهاء العملية المحددة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší ukončit vybraný proces.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at afslutte den valgte proces.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, den ausgewählten Vorgang zu beenden.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to quit the selected process.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando salir del proceso seleccionado.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää lopettaa valittua prosessia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de quitter le processus sélectionné.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál kilépni a kijelölt folyamatból.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di uscire dal processo selezionato.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、選択中のプロセスを終了しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 선택한 프로세스를 종료하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å avslutte den markerte prosessen.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het geselecteerde proces te stoppen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zakończyć zaznaczony proces.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando encerrar o processo selecionado.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar sair do processo seleccionado.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается завершить выбранный процесс.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker avsluta den markerade processen.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, seçilen işlemden çıkmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图退出所选进程。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試結束所選程序。</string>
+                       </dict>
+                       <key>rule</key>
+                       <string>entitled-admin-or-authenticate-admin</string>
+                       <key>shared</key>
+                       <false/>
+                       <key>timeout</key>
+                       <integer>0</integer>

                </dict>
                </dict>

-               <key>system.login.screensaver</key>
+               <key>com.apple.appserver.privilege.admin</key>

                <dict>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>
                <dict>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>

-                       <string>The owner or any administrator can unlock the screensaver.</string>
+                       <string>For administrative access to the Application Server management tool.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل الإعدادات</string>
+                               <key>cs</key>
+                               <string>Změnit nastavení</string>
+                               <key>da</key>
+                               <string>Juster indstillinger</string>
+                               <key>de</key>
+                               <string>Einstellungen ändern</string>
+                               <key>en</key>
+                               <string>Modify Settings</string>
+                               <key>es</key>
+                               <string>Modificar ajustes</string>
+                               <key>fi</key>
+                               <string>Muokkaa asetuksia</string>
+                               <key>fr</key>
+                               <string>Modifer les réglages</string>
+                               <key>hu</key>
+                               <string>Beállítások módosítása</string>
+                               <key>it</key>
+                               <string>Modifica impostazioni</string>
+                               <key>ja</key>
+                               <string>設定を変更</string>
+                               <key>ko</key>
+                               <string>설정 수정</string>
+                               <key>nb</key>
+                               <string>Endre innstillinger</string>
+                               <key>nl</key>
+                               <string>Wijzig instellingen</string>
+                               <key>pl</key>
+                               <string>Zmień ustawienia</string>
+                               <key>pt</key>
+                               <string>Modificar Ajustes</string>
+                               <key>pt-PT</key>
+                               <string>Modificar definições</string>
+                               <key>ru</key>
+                               <string>Модифицировать настройки</string>
+                               <key>sv</key>
+                               <string>Ändra inställningar</string>
+                               <key>tr</key>
+                               <string>Ayarları Değiştir</string>
+                               <key>zh-Hans</key>
+                               <string>修改设置</string>
+                               <key>zh-Hant</key>
+                               <string>修改設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تعديل إعدادات خادم التطبيق.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší změnit nastavení serveru aplikací.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at ændre indstillingerne til programserveren.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Einstellungen für den Anwendungsserver zu ändern.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to modify the Application Server settings.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando modificar los ajustes del servidor de aplicaciones.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää muokata ohjelmistopalvelimen asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de modifier les réglages de serveur d’applications.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja módosítani az Alkalmazáskiszolgáló beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di modificare le impostazioni di applicazioni per il server.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、アプリケーションサーバの設定を変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 응용 프로그램 서버 설정을 수정하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å endre programtjenerinnstillingene.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de instellingen van de programmaserver te wijzigen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ zmienić ustawienia serwera programów.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando modificar os ajustes do Servidor de Aplicativos.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar modificar as definições do servidor de aplicações.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается модифицировать настройки сервера программ.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ändra inställningarna för programservern.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Uygulama Sunucusu ayarlarını değiştirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图修改“应用程序服务器”设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試修改“應用程式伺服器”設定。</string>
+                       </dict>

                        <key>rule</key>
                        <key>rule</key>

-                       <string>authenticate-session-owner-or-admin</string>
+                       <string>appserver-admin</string>

                </dict>
                </dict>

-               <key>system.login.tty</key>
+               <key>com.apple.appserver.privilege.user</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>comment</key>
+                       <string>For user access to the Application Server management tool.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل الإعدادات</string>
+                               <key>cs</key>
+                               <string>Změnit nastavení</string>
+                               <key>da</key>
+                               <string>Juster indstillinger</string>
+                               <key>de</key>
+                               <string>Einstellungen ändern</string>
+                               <key>en</key>
+                               <string>Modify Settings</string>
+                               <key>es</key>
+                               <string>Modificar ajustes</string>
+                               <key>fi</key>
+                               <string>Muokkaa asetuksia</string>
+                               <key>fr</key>
+                               <string>Modifer les réglages</string>
+                               <key>hu</key>
+                               <string>Beállítások módosítása</string>
+                               <key>it</key>
+                               <string>Modifica impostazioni</string>
+                               <key>ja</key>
+                               <string>設定を変更</string>
+                               <key>ko</key>
+                               <string>설정 수정</string>
+                               <key>nb</key>
+                               <string>Endre innstillinger</string>
+                               <key>nl</key>
+                               <string>Wijzig instellingen</string>
+                               <key>pl</key>
+                               <string>Zmień ustawienia</string>
+                               <key>pt</key>
+                               <string>Modificar Ajustes</string>
+                               <key>pt-PT</key>
+                               <string>Modificar definições</string>
+                               <key>ru</key>
+                               <string>Модифицировать настройки</string>
+                               <key>sv</key>
+                               <string>Ändra inställningar</string>
+                               <key>tr</key>
+                               <string>Ayarları Değiştir</string>
+                               <key>zh-Hans</key>
+                               <string>修改设置</string>
+                               <key>zh-Hant</key>
+                               <string>修改設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تعديل إعدادات خادم التطبيق الخاصة بك.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší změnit nastavení vašeho serveru aplikací.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at ændre dine indstillinger til programserveren.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Einstellungen für Ihren Anwendungsserver zu ändern.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to modify your Application Server settings.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentado modificar los ajustes del servidor de aplicaciones.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää muokata ohjelmistopalvelimen asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de modifier les réglages de votre serveur d’applications.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja módosítani az Alkalmazáskiszolgáló beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di modificare le impostazioni di applicazioni per il server.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、アプリケーションサーバの設定を変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 사용자의 응용 프로그램 서버 설정을 수정하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å endre programtjenerinnstillingene.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert uw instellingen voor de programmaserver te wijzigen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ zmienić ustawienia serwera programów.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando modificar os ajustes do seu Servidor de Aplicativos.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar modificar as definições do seu servidor de aplicações.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается модифицировать Ваши настройки сервера программ.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ändra inställningarna för din programserver.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Uygulama Sunucusu ayarlarınızı değiştirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图修改您的“应用程序服务器”设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試修改您的“應用程式伺服器”設定。</string>
+                       </dict>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>appserver-admin</string>
+                               <string>appserver-user</string>
+                       </array>
+               </dict>
+               <key>com.apple.builtin.confirm-access</key>

                <dict>
                        <key>class</key>
                        <string>evaluate-mechanisms</string>
                <dict>
                        <key>class</key>
                        <string>evaluate-mechanisms</string>

+                       <key>mechanisms</key>
+                       <array>
+                               <string>builtin:confirm-access</string>
+                       </array>

                        <key>tries</key>
                        <integer>1</integer>
                        <key>tries</key>
                        <integer>1</integer>

+               </dict>
+               <key>com.apple.builtin.confirm-access-password</key>
+               <dict>
+                       <key>class</key>
+                       <string>evaluate-mechanisms</string>

                        <key>mechanisms</key>
                        <array>
                        <key>mechanisms</key>
                        <array>

-                               <string>push_hints_to_context</string>
-                               <string>authinternal</string>
+                               <string>builtin:confirm-access-password</string>

                        </array>
                </dict>
                        </array>
                </dict>

-               <key>system.keychain.create.loginkc</key>
+               <key>com.apple.builtin.generic-new-passphrase</key>

                <dict>
                <dict>

-                       <key>allow-root</key>
-                       <false/>

                        <key>class</key>
                        <string>evaluate-mechanisms</string>
                        <key>class</key>
                        <string>evaluate-mechanisms</string>

-                       <key>comment</key>
-                       <string>Used by the Security framework when you add an item to an unconfigured default keychain.</string>

                        <key>mechanisms</key>
                        <array>
                        <key>mechanisms</key>
                        <array>

-                               <string>loginKC:queryCreate</string>
-                               <string>loginKC:showPasswordUI</string>
-                               <string>authinternal</string>
+                               <string>builtin:generic-new-passphrase</string>

                        </array>
                        </array>

-                       <key>session-owner</key>
-                       <true/>
-                       <key>shared</key>
-                       <false/>

                </dict>
                </dict>

-               <key>system.keychain.modify</key>
+               <key>com.apple.builtin.generic-unlock</key>
+               <dict>
+                       <key>class</key>
+                       <string>evaluate-mechanisms</string>
+                       <key>mechanisms</key>
+                       <array>
+                               <string>builtin:generic-unlock</string>
+                       </array>
+               </dict>
+               <key>com.apple.dashboard.advisory.allow</key>

                <dict>
                        <key>class</key>
                        <string>user</string>
                <dict>
                        <key>class</key>
                        <string>user</string>

-                       <key>comment</key>
-                       <string>Used by Keychain Access when editing a system keychain.</string>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>

-                       <true/>
+                       <false/>

                        <key>timeout</key>
                        <key>timeout</key>

-                       <integer>30</integer>
+                       <integer>300</integer>

                </dict>
                </dict>

-               <key>system.preferences</key>
+               <key>com.apple.desktopservices</key>

                <dict>
                <dict>

-                       <key>allow-root</key>
-                       <true/>

                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>

-                       <string>Checked by the Admin framework when making changes to certain System Preferences.</string>
+                       <string>For privileged file operations from within the Finder.</string>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>

-                       <true/>
+                       <false/>
+                       <key>timeout</key>
+                       <integer>0</integer>

                </dict>
                </dict>

-               <key>system.preferences.accounts</key>
+               <key>com.apple.desktopservices.scripted</key>

                <dict>
                <dict>

-                       <key>allow-root</key>
-                       <true/>

                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>

-                       <string>Checked by the Admin framework when making changes to the Accounts preference pane.</string>
+                       <string>For scripting-initiated privileged file operations from within the Finder.</string>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <false/>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <false/>

+                       <key>timeout</key>
+                       <integer>0</integer>

                </dict>
                </dict>

-               <key>system.preferences.parental-controls</key>
+               <key>com.apple.docset.install</key>

                <dict>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                <dict>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>

-                       <string>Checked when making changes to the Parental Controls preference pane.</string>
+                       <string>Used by Xcode to restrict access to a daemon it uses to install and update documentation sets.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تحديث الوثائق</string>
+                               <key>cs</key>
+                               <string>Aktualizovat dokumentaci</string>
+                               <key>da</key>
+                               <string>Opdater dokumentation</string>
+                               <key>de</key>
+                               <string>Dokumentation aktualisieren</string>
+                               <key>en</key>
+                               <string>Update Documentation</string>
+                               <key>es</key>
+                               <string>Actualizar documentación</string>
+                               <key>fi</key>
+                               <string>Päivitä dokumentaatio</string>
+                               <key>fr</key>
+                               <string>Mettre à jour la documentation</string>
+                               <key>hu</key>
+                               <string>Dokumentáció frissítése</string>
+                               <key>it</key>
+                               <string>Aggiona documentazione</string>
+                               <key>ja</key>
+                               <string>ドキュメントをアップデート</string>
+                               <key>ko</key>
+                               <string>설명서 업데이트</string>
+                               <key>nb</key>
+                               <string>Oppdater dokumentasjon</string>
+                               <key>nl</key>
+                               <string>Werk documentatie bij</string>
+                               <key>pl</key>
+                               <string>Uaktualnij dokumentację</string>
+                               <key>pt</key>
+                               <string>Atualizar Documentação</string>
+                               <key>pt-PT</key>
+                               <string>Actualizar documentação</string>
+                               <key>ru</key>
+                               <string>Обновить документацию</string>
+                               <key>sv</key>
+                               <string>Uppdatera dokumentation</string>
+                               <key>tr</key>
+                               <string>Belgeleri Güncelle</string>
+                               <key>zh-Hans</key>
+                               <string>更新文稿</string>
+                               <key>zh-Hant</key>
+                               <string>更新說明文件</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تحديث مطور الوثائق.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší aktualizovat vývojářskou dokumentaci.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at opdatere dokumentationen til udvikling.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Entwicklerdokumentation zu aktualisieren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to update the developer documentation.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando actualizar la documentación para desarrolladores.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää päivittää kehittäjän dokumentaatiota.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de mettre à jour la documentation de développement.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja frissíteni a fejlesztői dokumentációt.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di aggiornare la documentazione sviluppatori.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ はデベロッパドキュメントをアップデートしようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 개발자 설명서를 업데이트하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å oppdatere utviklerdokumentasjonen.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de documentatie voor ontwikkelaars bij te werken.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje uaktualnić dokumentację dla programistów.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando atualizar a documentação do desenvolvedor.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar actualizar a documentação de programação.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается обновить документацию для разработчиков.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker uppdatera dokumentationen för utvecklare.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, geliştirici belgelerini güncellemeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图更新开发者文稿。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試更新開發人員說明文件。</string>
+                       </dict>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <false/>
                </dict>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <false/>
                </dict>

-               <key>system.preferences.accessibility</key>
+               <key>com.apple.pcastagentconfigd.</key>

                <dict>
                        <key>allow-root</key>
                        <true/>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                <dict>
                        <key>allow-root</key>
                        <true/>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>

-                       <string>Checked by the Admin framework when enabling or disabling the Accessibility APIs.</string>
+                       <string>Wildcard for rights checked by Podcast Producer when making changes to your camera binding.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل الإعدادات</string>
+                               <key>cs</key>
+                               <string>Změnit nastavení</string>
+                               <key>da</key>
+                               <string>Juster indstillinger</string>
+                               <key>de</key>
+                               <string>Einstellungen ändern</string>
+                               <key>en</key>
+                               <string>Modify Settings</string>
+                               <key>es</key>
+                               <string>Modificar ajustes</string>
+                               <key>fi</key>
+                               <string>Muokkaa asetuksia</string>
+                               <key>fr</key>
+                               <string>Modifer les réglages</string>
+                               <key>hu</key>
+                               <string>Beállítások módosítása</string>
+                               <key>it</key>
+                               <string>Modifica impostazioni</string>
+                               <key>ja</key>
+                               <string>設定を変更</string>
+                               <key>ko</key>
+                               <string>설정 수정</string>
+                               <key>nb</key>
+                               <string>Endre innstillinger</string>
+                               <key>nl</key>
+                               <string>Wijzig instellingen</string>
+                               <key>pl</key>
+                               <string>Zmień ustawienia</string>
+                               <key>pt</key>
+                               <string>Modificar Ajustes</string>
+                               <key>pt-PT</key>
+                               <string>Modificar definições</string>
+                               <key>ru</key>
+                               <string>Модифицировать настройки</string>
+                               <key>sv</key>
+                               <string>Ändra inställningar</string>
+                               <key>tr</key>
+                               <string>Ayarları Değiştir</string>
+                               <key>zh-Hans</key>
+                               <string>修改设置</string>
+                               <key>zh-Hant</key>
+                               <string>修改設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تعديل إعدادات منتج البودكاست.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší změnit nastavení aplikace Podcast Producer.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at ændre indstillingerne til Podcast Producer.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Einstellungen für Podcast-Produzent zu ändern.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to modify the Podcast Producer settings.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando modificar los ajustes de Podcast Producer.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää muokata Podcast Producer -asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de modifier les réglages de Podcast Producer.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja módosítani a Podcast Producer beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di modificare le impostazioni Podcast Producer.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、Podcast Producer の設定を変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) Podcast Producer 설정을 수정하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å endre Podcast Producer-innstillingene.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de Podcast Producer-instellingen te wijzigen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zmienić ustawienia programu Podcast Producer.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando modificar os ajustes do Podcast Producer.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar modificar as definições do Podcast Producer.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается модифицировать настройки Podcast Producer.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ändra inställningarna i Podcast Producer.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Podcast Üretici ayarlarını değiştirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图修改 Podcast Producer 的设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試修改 Podcast Producer 設定。</string>
+                       </dict>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <false/>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <false/>

+               </dict>
+               <key>com.apple.server.admin.streaming</key>
+               <dict>
+                       <key>allow-root</key>
+                       <true/>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>comment</key>
+                       <string>For making administrative requests to the QuickTime Streaming Server.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل الإعدادات</string>
+                               <key>cs</key>
+                               <string>Změnit nastavení</string>
+                               <key>da</key>
+                               <string>Juster indstillinger</string>
+                               <key>de</key>
+                               <string>Einstellungen ändern</string>
+                               <key>en</key>
+                               <string>Modify Settings</string>
+                               <key>es</key>
+                               <string>Modificar ajustes</string>
+                               <key>fi</key>
+                               <string>Muokkaa asetuksia</string>
+                               <key>fr</key>
+                               <string>Modifer les réglages</string>
+                               <key>hu</key>
+                               <string>Beállítások módosítása</string>
+                               <key>it</key>
+                               <string>Modifica impostazioni</string>
+                               <key>ja</key>
+                               <string>設定を変更</string>
+                               <key>ko</key>
+                               <string>설정 수정</string>
+                               <key>nb</key>
+                               <string>Endre innstillinger</string>
+                               <key>nl</key>
+                               <string>Wijzig instellingen</string>
+                               <key>pl</key>
+                               <string>Zmień ustawienia</string>
+                               <key>pt</key>
+                               <string>Modificar Ajustes</string>
+                               <key>pt-PT</key>
+                               <string>Modificar definições</string>
+                               <key>ru</key>
+                               <string>Модифицировать настройки</string>
+                               <key>sv</key>
+                               <string>Ändra inställningar</string>
+                               <key>tr</key>
+                               <string>Ayarları Değiştir</string>
+                               <key>zh-Hans</key>
+                               <string>修改设置</string>
+                               <key>zh-Hant</key>
+                               <string>修改設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تعديل إعدادات خادم تدفق QuickTime.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší změnit nastavení serveru QuickTime Streaming.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at ændre indstillingerne til QuickTime Streaming.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die QuickTime-Streaming-Servereinstellungen zu ändern.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to modify the QuickTime Streaming Server settings.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando modificar los ajustes de QuickTime Streaming Server.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää muokata QuickTime Streaming Server -asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de modifier le réglages de QuickTime Streaming Server.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja módosítani a QuickTime Streaming kiszolgáló beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di modificare le impostazioni QuickTime Streaming Server.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、QuickTime Streaming Server の設定を変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) QuickTime Streaming Server 설정을 수정하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å endre QuickTime Streaming Server-innstillingene.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de instellingen van de QuickTime-streamingserver te wijzigen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zmienić ustawienia serwera strumieniowania QuickTime.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando modificar os ajustes do QuickTime Streaming Server.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar modificar as definições do servidor de streaming do QuickTime.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается модифицировать настройки сервера QuickTime Streaming.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ändra inställningarna för QuickTime Streaming Server.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, QuickTime Streaming Server ayarlarını değiştirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图修改 QuickTime 流服务器的设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試修改 QuickTime Streaming Server 設定。</string>
+                       </dict>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>is-admin</string>
+                               <string>authenticate-admin</string>
+                       </array>
+                       <key>shared</key>
+                       <false/>

                        <key>timeout</key>
                        <integer>0</integer>
                </dict>
                        <key>timeout</key>
                        <integer>0</integer>
                </dict>

-               <key>system.preferences.security</key>
+               <key>com.apple.trust-settings.admin</key>

                <dict>
                        <key>allow-root</key>
                        <true/>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                <dict>
                        <key>allow-root</key>
                        <true/>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>

-                       <string>Checked by the Admin framework when making changes to the Security preference pane.</string>
+                       <string>For modifying Trust Settings in the Local Admin domain.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تحديث الإعدادات</string>
+                               <key>cs</key>
+                               <string>Aktualizovat nastavení</string>
+                               <key>da</key>
+                               <string>Opdater indstillinger</string>
+                               <key>de</key>
+                               <string>Einstellungen aktualisieren</string>
+                               <key>en</key>
+                               <string>Update Settings</string>
+                               <key>es</key>
+                               <string>Actualizar ajustes</string>
+                               <key>fi</key>
+                               <string>Päivitä asetukset</string>
+                               <key>fr</key>
+                               <string>Mettre à jour les réglages</string>
+                               <key>hu</key>
+                               <string>Beállítások frissítése</string>
+                               <key>it</key>
+                               <string>Aggiorna impostazioni</string>
+                               <key>ja</key>
+                               <string>設定をアップデート</string>
+                               <key>ko</key>
+                               <string>설정 업데이트</string>
+                               <key>nb</key>
+                               <string>Oppdater innstillinger</string>
+                               <key>nl</key>
+                               <string>Werk instellingen bij</string>
+                               <key>pl</key>
+                               <string>Uaktualnij ustawienia</string>
+                               <key>pt</key>
+                               <string>Atualizar Ajustes</string>
+                               <key>pt-PT</key>
+                               <string>Actualizar definições</string>
+                               <key>ru</key>
+                               <string>Обновить настройки</string>
+                               <key>sv</key>
+                               <string>Uppdatera inställningar</string>
+                               <key>tr</key>
+                               <string>Ayarları Güncelle</string>
+                               <key>zh-Hans</key>
+                               <string>更新设置</string>
+                               <key>zh-Hant</key>
+                               <string>更新設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>أنت تقوم بإجراء تغييرات على إعدادات الثقة في شهادة النظام.</string>
+                               <key>cs</key>
+                               <string>Provádíte změny v systémových nastaveních důvěryhodnosti certifikátů.</string>
+                               <key>da</key>
+                               <string>Du foretager ændringer i systemcertifikatets godkendelsesindstillinger.</string>
+                               <key>de</key>
+                               <string>Sie nehmen Änderungen an Ihren Systemeinstellungen für Zertifizierungen vor.</string>
+                               <key>en</key>
+                               <string>You are making changes to the System Certificate Trust Settings.</string>
+                               <key>es</key>
+                               <string>Está modificando los ajustes de confianza en certificados del sistema.</string>
+                               <key>fi</key>
+                               <string>Olet muuttamassa järjestelmävarmenteiden luottoasetuksia.</string>
+                               <key>fr</key>
+                               <string>Vous effectuez des modifications des réglages de confiance du certificat du système.</string>
+                               <key>hu</key>
+                               <string>Módosítja a Rendszertanúsítványok megbízhatósági beállításait.</string>
+                               <key>it</key>
+                               <string>Stai apportando modifiche alle impostazioni System Certificate Trust.</string>
+                               <key>ja</key>
+                               <string>“システム証明書の信頼性”環境設定を変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>시스템 인증서 신뢰 설정을 변경하고 있습니다.</string>
+                               <key>nb</key>
+                               <string>Du endrer tillitsinnstillingene for systemsertifikater.</string>
+                               <key>nl</key>
+                               <string>U wijzigt de systeeminstellingen voor het vertrouwen van certificaten.</string>
+                               <key>pl</key>
+                               <string>Wprowadzasz zmiany w ustawieniach zaufania certyfikatu systemowego.</string>
+                               <key>pt</key>
+                               <string>Você está fazendo alterações nos Ajustes de Confiança dos Certificados do Sistema.</string>
+                               <key>pt-PT</key>
+                               <string>Está a alterar as definições de segurança do certificado do sistema.</string>
+                               <key>ru</key>
+                               <string>Вы вносите изменения в настройки доверия системы.</string>
+                               <key>sv</key>
+                               <string>Du gör ändringar i systemets tillförlitlighetsinställningar för certifikat.</string>
+                               <key>tr</key>
+                               <string>Sistem Sertifikası Güven Ayarları’nda değişiklikler yapıyorsunuz.</string>
+                               <key>zh-Hans</key>
+                               <string>您正在更改“系统证书信任设置”。</string>
+                               <key>zh-Hant</key>
+                               <string>您正在更改“系統憑證信任設定”。</string>
+                       </dict>

                        <key>group</key>
                        <string>admin</string>
                        <key>group</key>
                        <string>admin</string>

-                       <key>shared</key>
-                       <false/>

                </dict>
                </dict>

-               <key>system.printingmanager</key>
+               <key>com.apple.trust-settings.user</key>

                <dict>
                <dict>

-                       <key>class</key>
+                       <key>comment</key>
+                       <string>For modifying per-user Trust Settings.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تحديث الإعدادات</string>
+                               <key>cs</key>
+                               <string>Aktualizovat nastavení</string>
+                               <key>da</key>
+                               <string>Opdater indstillinger</string>
+                               <key>de</key>
+                               <string>Einstellungen aktualisieren</string>
+                               <key>en</key>
+                               <string>Update Settings</string>
+                               <key>es</key>
+                               <string>Actualizar ajustes</string>
+                               <key>fi</key>
+                               <string>Päivitä asetukset</string>
+                               <key>fr</key>
+                               <string>Mettre à jour les réglages</string>
+                               <key>hu</key>
+                               <string>Beállítások frissítése</string>
+                               <key>it</key>
+                               <string>Aggiorna impostazioni</string>
+                               <key>ja</key>
+                               <string>設定をアップデート</string>
+                               <key>ko</key>
+                               <string>설정 업데이트</string>
+                               <key>nb</key>
+                               <string>Oppdater innstillinger</string>
+                               <key>nl</key>
+                               <string>Werk instellingen bij</string>
+                               <key>pl</key>
+                               <string>Uaktualnij ustawienia</string>
+                               <key>pt</key>
+                               <string>Atualizar Ajustes</string>
+                               <key>pt-PT</key>
+                               <string>Actualizar definições</string>
+                               <key>ru</key>
+                               <string>Обновить настройки</string>
+                               <key>sv</key>
+                               <string>Uppdatera inställningar</string>
+                               <key>tr</key>
+                               <string>Ayarları Güncelle</string>
+                               <key>zh-Hans</key>
+                               <string>更新设置</string>
+                               <key>zh-Hant</key>
+                               <string>更新設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>أنت تقوم بإجراء تغييرات على إعدادات الثقة في شهادة النظام.</string>
+                               <key>cs</key>
+                               <string>Provádíte změny v nastaveních důvěryhodnosti certifikátů.</string>
+                               <key>da</key>
+                               <string>Du foretager ændringer i systemcertifikatets godkendelsesindstillinger.</string>
+                               <key>de</key>
+                               <string>Sie nehmen Änderungen an Ihren Systemeinstellungen für Zertifizierungen vor.</string>
+                               <key>en</key>
+                               <string>You are making changes to your Certificate Trust Settings.</string>
+                               <key>es</key>
+                               <string>Está modificando los ajustes de confianza en certificados.</string>
+                               <key>fi</key>
+                               <string>Olet muuttamassa varmenteiden luottoasetuksia.</string>
+                               <key>fr</key>
+                               <string>Vous effectuez des modifications de vos réglages de confiance du certificat.</string>
+                               <key>hu</key>
+                               <string>Módosítja a saját tanúsítványainak megbízhatósági beállításait.</string>
+                               <key>it</key>
+                               <string>Stai apportando modifiche alle impostazioni Certificate Trust.</string>
+                               <key>ja</key>
+                               <string>“システム証明書の信頼性”環境設定を変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>사용자의 인증서 신뢰 설정을 변경하고 있습니다.</string>
+                               <key>nb</key>
+                               <string>Du endrer tillitsinnstillingene for sertifikater.</string>
+                               <key>nl</key>
+                               <string>U wijzigt uw instellingen voor het vertrouwen van certificaten.</string>
+                               <key>pl</key>
+                               <string>Wprowadzasz zmiany w ustawieniach zaufania swojego certyfikatu.</string>
+                               <key>pt</key>
+                               <string>Você está fazendo alterações nos seus Ajustes de Confiança dos Certificados.</string>
+                               <key>pt-PT</key>
+                               <string>Está a alterar as suas definições de segurança do certificado do sistema.</string>
+                               <key>ru</key>
+                               <string>Вы вносите изменения в свои настройки доверия.</string>
+                               <key>sv</key>
+                               <string>Du gör ändringar i dina tillförlitlighetsinställningar för certifikat.</string>
+                               <key>tr</key>
+                               <string>Sertifika Güven Ayarları’nızda değişiklikler yapıyorsunuz.</string>
+                               <key>zh-Hans</key>
+                               <string>您正在更改您的“证书信任设置”。</string>
+                               <key>zh-Hant</key>
+                               <string>您正在更改您的“憑證信任設定”。</string>
+                       </dict>
+                       <key>rule</key>
+                       <string>entitled-session-owner-or-authenticate-session-owner</string>
+               </dict>
+               <key>com.apple.uninstalld.uninstall</key>
+               <dict>
+                       <key>class</key>

                        <string>rule</string>
                        <string>rule</string>

+                       <key>default-button</key>
+                       <dict>
+                               <key>cs</key>
+                               <string>Smazat</string>
+                               <key>en</key>
+                               <string>Delete</string>
+                               <key>hu</key>
+                               <string>Törlés</string>
+                               <key>tr</key>
+                               <string>Sil</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší smazat aplikaci.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to delete an application.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál egy alkalmazást törölni.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, bir uygulamayı silmeye çalışıyor.</string>
+                       </dict>
+                       <key>rule</key>
+                       <string>entitled-admin-or-authenticate-admin</string>
+               </dict>
+               <key>config.add.</key>
+               <dict>
+                       <key>class</key>
+                       <string>allow</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>For printing to locked printers.</string>
+                       <string>Wildcard right for adding rights.  Anyone is allowed to add any (non-wildcard) rights.</string>
+               </dict>
+               <key>config.config.</key>
+               <dict>
+                       <key>class</key>
+                       <string>deny</string>
+                       <key>comment</key>
+                       <string>Wildcard right for any change to meta-rights for db modification.  Not allowed programmatically (just edit this file).</string>
+               </dict>
+               <key>config.modify.</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>comment</key>
+                       <string>Wildcard right for modifying rights.  Admins are allowed to modify any (non-wildcard) rights.  Root does not require authentication.</string>
+                       <key>k-of-n</key>
+                       <integer>1</integer>

                        <key>rule</key>
                        <key>rule</key>

-                       <string>authenticate-admin</string>
+                       <array>
+                               <string>is-root</string>
+                               <string>authenticate-admin</string>
+                       </array>

                </dict>
                </dict>

-               <key>system.print.admin</key>
+               <key>config.remove.</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>comment</key>
+                       <string>Wildcard right for deleting rights.  Admins are allowed to delete any (non-wildcard) rights.  Root does not require authentication.</string>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>is-root</string>
+                               <string>authenticate-admin</string>
+                       </array>
+               </dict>
+               <key>config.remove.system.</key>
+               <dict>
+                       <key>class</key>
+                       <string>deny</string>
+                       <key>comment</key>
+                       <string>Wildcard right for deleting system rights.</string>
+               </dict>
+               <key>sys.openfile.</key>

                <dict>
                <dict>

-                       <key>allow-root</key>
-                       <true/>

                        <key>class</key>
                        <string>user</string>
                        <key>class</key>
                        <string>user</string>

+                       <key>comment</key>
+                       <string>See authopen(1) for information on the use of this right.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>فتح</string>
+                               <key>cs</key>
+                               <string>Otevřít</string>
+                               <key>da</key>
+                               <string>Åben</string>
+                               <key>de</key>
+                               <string>Öffnen</string>
+                               <key>en</key>
+                               <string>Open</string>
+                               <key>es</key>
+                               <string>Abrir</string>
+                               <key>fi</key>
+                               <string>Avaa</string>
+                               <key>fr</key>
+                               <string>Ouvrir</string>
+                               <key>hu</key>
+                               <string>Megnyitás</string>
+                               <key>it</key>
+                               <string>Apri</string>
+                               <key>ja</key>
+                               <string>開く</string>
+                               <key>ko</key>
+                               <string>열기</string>
+                               <key>nb</key>
+                               <string>Åpne</string>
+                               <key>nl</key>
+                               <string>Open</string>
+                               <key>pl</key>
+                               <string>Otwórz</string>
+                               <key>pt</key>
+                               <string>Abrir</string>
+                               <key>pt-PT</key>
+                               <string>Abrir</string>
+                               <key>ru</key>
+                               <string>Открыть</string>
+                               <key>sv</key>
+                               <string>Öppna</string>
+                               <key>tr</key>
+                               <string>Aç</string>
+                               <key>zh-Hans</key>
+                               <string>打开</string>
+                               <key>zh-Hant</key>
+                               <string>打開</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ فتح الملف الذي تم اختياره.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší otevřít vybraný soubor.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at åbne det valgte arkiv.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die gewählte Datei zu öffnen.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to open the chosen file.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando abrir el archivo seleccionado.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää avata valittua tiedostoa.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye d'ouvrir le fichier sélectionné.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja megnyitni a kiválasztott fájlt.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di aprire il documento prescelto.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、選択中のファイルを開こうとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 선택된 파일을 열려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å åpne den valgte filen.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het gekozen bestand te openen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje otworzyć wybrany plik.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando abrir o arquivo escolhido.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar abrir o ficheiro escolhido.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается открыть новый файл.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker öppna den valda filen.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, seçilen dosyayı açmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图打开所选文件。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試打開所選檔案。</string>
+                       </dict>

                        <key>group</key>
                        <key>group</key>

-                       <string>lpadmin</string>
+                       <string>admin</string>

                        <key>shared</key>
                        <key>shared</key>

-                       <true/>
+                       <false/>
+                       <key>timeout</key>
+                       <integer>300</integer>

                </dict>
                </dict>

-               <key>system.print.operator</key>
+               <key>system.</key>

                <dict>
                <dict>

-                       <key>allow-root</key>
+                       <key>rule</key>
+                       <string>default</string>
+               </dict>
+               <key>system.burn</key>
+               <dict>
+                       <key>class</key>
+                       <string>allow</string>
+                       <key>comment</key>
+                       <string>For burning media.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>نسخ قرص</string>
+                               <key>cs</key>
+                               <string>Vypálit</string>
+                               <key>da</key>
+                               <string>Brænd</string>
+                               <key>de</key>
+                               <string>Brennen</string>
+                               <key>en</key>
+                               <string>Burn</string>
+                               <key>es</key>
+                               <string>Grabar</string>
+                               <key>fi</key>
+                               <string>Polta</string>
+                               <key>fr</key>
+                               <string>Graver</string>
+                               <key>hu</key>
+                               <string>Írás</string>
+                               <key>it</key>
+                               <string>Masterizza</string>
+                               <key>ja</key>
+                               <string>ディスクを作成</string>
+                               <key>ko</key>
+                               <string>굽기</string>
+                               <key>nb</key>
+                               <string>Brenn</string>
+                               <key>nl</key>
+                               <string>Brand</string>
+                               <key>pl</key>
+                               <string>Nagraj</string>
+                               <key>pt</key>
+                               <string>Gravar</string>
+                               <key>pt-PT</key>
+                               <string>Gravar</string>
+                               <key>ru</key>
+                               <string>Записать</string>
+                               <key>sv</key>
+                               <string>Bränn</string>
+                               <key>tr</key>
+                               <string>Diske Bas</string>
+                               <key>zh-Hans</key>
+                               <string>刻录</string>
+                               <key>zh-Hant</key>
+                               <string>燒錄</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ إنشاء قرص.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší vypálit disk.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at brænde en disk.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, eine CD/DVD zu brennen.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to burn a disc.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando grabar un disco.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää polttaa levyn.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de graver un disque.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál egy lemezt írni.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di masterizzare un disco.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ はディスクを作成しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 디스크를 구우려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å brenne en plate.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert een schijf te branden.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje nagrać na płycie.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando gravar um disco.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar gravar um disco.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается записать диск.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker bränna en skiva.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, diske basmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图刻录光盘。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試燒錄光碟。</string>
+                       </dict>
+               </dict>
+               <key>system.csfde.requestpassword</key>
+               <dict>
+                       <key>class</key>
+                       <string>user</string>
+                       <key>comment</key>
+                       <string>Used by CoreStorage Full Disk Encryption to request the user's password.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>فتح القفل</string>
+                               <key>cs</key>
+                               <string>Odemknout</string>
+                               <key>da</key>
+                               <string>Lås op</string>
+                               <key>de</key>
+                               <string>Entsperren</string>
+                               <key>en</key>
+                               <string>Unlock</string>
+                               <key>es</key>
+                               <string>Desbloquear</string>
+                               <key>fi</key>
+                               <string>Avaa</string>
+                               <key>fr</key>
+                               <string>Déverrouiller</string>
+                               <key>hu</key>
+                               <string>Feloldás</string>
+                               <key>it</key>
+                               <string>Sblocca</string>
+                               <key>ja</key>
+                               <string>ロックを解除</string>
+                               <key>ko</key>
+                               <string>잠금 해제</string>
+                               <key>nb</key>
+                               <string>Lås opp</string>
+                               <key>nl</key>
+                               <string>Ontgrendel</string>
+                               <key>pl</key>
+                               <string>Odblokuj</string>
+                               <key>pt</key>
+                               <string>Desbloquear</string>
+                               <key>pt-PT</key>
+                               <string>Desproteger</string>
+                               <key>ru</key>
+                               <string>Снять защиту</string>
+                               <key>sv</key>
+                               <string>Lås upp</string>
+                               <key>tr</key>
+                               <string>Kilidi Aç</string>
+                               <key>zh-Hans</key>
+                               <string>解锁</string>
+                               <key>zh-Hant</key>
+                               <string>解鎖</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>‏يلزم __APPNAME__ فك قفل القرص الخاص بك.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ potřebuje odemknout předvolby disku.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ skal låse disken op.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ muss Ihr Volume entsperren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ needs to unlock your disk.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ debe desbloquear el disco.</string>
+                               <key>fi</key>
+                               <string>Ohjelman __APPNAME__ pitää avata levy.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ à besoin de déverrouiller votre disque.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ alkalmazásnak fel kell oldania a lemezt.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ deve sbloccare il disco.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__はディスクのロックを解除する必要があります。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 사용자 디스크를 잠금 해제해야 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ må låse opp disken.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ moet de beveiliging van uw schijf opheffen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ musi odblokować dysk.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ precisa desbloquear seu disco.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ precisa de desproteger o disco.</string>
+                               <key>ru</key>
+                               <string>Программе «__APPNAME__» необходимо снять защиту с Вашего диска.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ måste låsa upp skivan.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__ uygulamasının diskinizin kilidini açması gerekiyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”需要解锁您的磁盘。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”需要解鎖您的磁碟。</string>
+                       </dict>
+                       <key>extract-password</key>

                        <true/>
                        <true/>

+                       <key>group</key>
+                       <string>staff</string>
+                       <key>shared</key>
+                       <false/>
+                       <key>timeout</key>
+                       <integer>0</integer>
+               </dict>
+               <key>system.device.dvd.setregion.initial</key>
+               <dict>

                        <key>class</key>
                        <string>user</string>
                        <key>class</key>
                        <string>user</string>

+                       <key>comment</key>
+                       <string>Used by the DVD player to set the region code the first time.  Note that changing the region code after it has been set requires a different right (system.device.dvd.setregion.change).</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعيين</string>
+                               <key>cs</key>
+                               <string>Nastavit</string>
+                               <key>da</key>
+                               <string>Indstil</string>
+                               <key>de</key>
+                               <string>Festlegen</string>
+                               <key>en</key>
+                               <string>Set</string>
+                               <key>es</key>
+                               <string>Definir</string>
+                               <key>fi</key>
+                               <string>Aseta</string>
+                               <key>fr</key>
+                               <string>Définir</string>
+                               <key>hu</key>
+                               <string>Beállítás</string>
+                               <key>it</key>
+                               <string>Imposta</string>
+                               <key>ja</key>
+                               <string>設定</string>
+                               <key>ko</key>
+                               <string>설정</string>
+                               <key>nb</key>
+                               <string>Angi</string>
+                               <key>nl</key>
+                               <string>Stel in</string>
+                               <key>pl</key>
+                               <string>Ustal</string>
+                               <key>pt</key>
+                               <string>Definir</string>
+                               <key>pt-PT</key>
+                               <string>Definir</string>
+                               <key>ru</key>
+                               <string>Установить</string>
+                               <key>sv</key>
+                               <string>Ställ in</string>
+                               <key>tr</key>
+                               <string>Ayarla</string>
+                               <key>zh-Hans</key>
+                               <string>Set</string>
+                               <key>zh-Hant</key>
+                               <string>設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تعيين رمز منطقة الـ DVD لأول مرة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší poprvé nastavit kód DVD regionu.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at indstille dvd-områdekoden for første gang.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, den Ländercode zum ersten Mal einzustellen.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to set the DVD region code for the first time.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando definir el código de región del DVD por primera vez.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää asettaa DVD-aluekoodia ensimmäistä kertaa.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de régler le code de région du lecteur pour la première fois.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja először beállítani a DVD régiókódját.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di impostare il codice regionale del DVD per la prima volta.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、DVD のリージョンコードをはじめて設定しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 처음으로 DVD 지역 코드를 설정하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å angi DVD-regionkoden for første gang.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de dvd-regiocode voor het eerst in te stellen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje ustawić kod regionu DVD po raz pierwszy.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando definir o código de região do DVD pela primeira vez.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar definir o código regional de DVD pela primeira vez.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается впервые установить код региона DVD.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ställa in DVD-spelarens regionkod för första gången.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, DVD bölge kodunu ilk kez ayarlamaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”首次试图设置 DVD 注册号。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試初次設定 DVD 的區域碼。</string>
+                       </dict>

                        <key>group</key>
                        <key>group</key>

-                       <string>_lpoperator</string>
+                       <string>admin</string>

                        <key>shared</key>
                        <true/>
                </dict>
                        <key>shared</key>
                        <true/>
                </dict>

+               <key>system.disk.unlock</key>
+               <dict>
+                       <key>class</key>
+                       <string>evaluate-mechanisms</string>
+                       <key>comment</key>
+                       <string>Do not modify.</string>
+                       <key>mechanisms</key>
+                       <array>
+                               <string>DiskUnlock:prompt</string>
+                               <string>DiskUnlock:unlock,privileged</string>
+                       </array>
+               </dict>
+               <key>system.global-login-items.</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>إضافة</string>
+                               <key>cs</key>
+                               <string>Přidat</string>
+                               <key>da</key>
+                               <string>Tilføj</string>
+                               <key>de</key>
+                               <string>Hinzufügen</string>
+                               <key>en</key>
+                               <string>Add</string>
+                               <key>es</key>
+                               <string>Añadir</string>
+                               <key>fi</key>
+                               <string>Lisää</string>
+                               <key>fr</key>
+                               <string>Ajouter</string>
+                               <key>hu</key>
+                               <string>Hozzáadás</string>
+                               <key>it</key>
+                               <string>Aggiungi</string>
+                               <key>ja</key>
+                               <string>追加</string>
+                               <key>ko</key>
+                               <string>추가</string>
+                               <key>nb</key>
+                               <string>Legg til</string>
+                               <key>nl</key>
+                               <string>Voeg toe</string>
+                               <key>pl</key>
+                               <string>Dodaj</string>
+                               <key>pt</key>
+                               <string>Adicionar</string>
+                               <key>pt-PT</key>
+                               <string>Adicionar</string>
+                               <key>ru</key>
+                               <string>Добавить</string>
+                               <key>sv</key>
+                               <string>Lägg till</string>
+                               <key>tr</key>
+                               <string>Ekle</string>
+                               <key>zh-Hans</key>
+                               <string>添加</string>
+                               <key>zh-Hant</key>
+                               <string>加入</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ إضافة عنصر الدخول.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší přidat přihlašovací položku.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at tilføje et log ind-emne.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, ein neues Startobjekt hinzufügen.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to add a login item.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando añadir un ítem de arranque.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää lisätä sisäänkirjautumiskohteen.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye d’ajouter un élément d’ouverture de session.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál hozzáadni egy bejelentkezési elemet.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di aggiungere un elemento di login.</string>
+                               <key>ja</key>
+                               <string> __APPNAME__ はログイン項目を追加しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 로그인 항목을 추가하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å legge til et påloggingsobjekt.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert een inlogonderdeel toe te voegen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje dodać rzecz otwieraną podczas logowania.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando adicionar um item de início de sessão.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar adicionar um elemento de início de sessão.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается добавить объект входа.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker lägga till ett startobjekt.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, bir oturum açma öğesi eklemeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图添加登录项。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試加入登入項目。</string>
+                       </dict>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>is-admin</string>
+                               <string>default</string>
+                       </array>
+               </dict>
+               <key>system.hdd.smart</key>
+               <dict>
+                       <key>class</key>
+                       <string>allow</string>
+                       <key>comment</key>
+                       <string>For modifying SMART settings.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل الإعدادات</string>
+                               <key>cs</key>
+                               <string>Změnit nastavení</string>
+                               <key>da</key>
+                               <string>Juster indstillinger</string>
+                               <key>de</key>
+                               <string>Einstellungen ändern</string>
+                               <key>en</key>
+                               <string>Modify Settings</string>
+                               <key>es</key>
+                               <string>Modificar ajustes</string>
+                               <key>fi</key>
+                               <string>Muokkaa asetuksia</string>
+                               <key>fr</key>
+                               <string>Modifer les réglages</string>
+                               <key>hu</key>
+                               <string>Beállítások módosítása</string>
+                               <key>it</key>
+                               <string>Modifica impostazioni</string>
+                               <key>ja</key>
+                               <string>設定を変更</string>
+                               <key>ko</key>
+                               <string>설정 수정</string>
+                               <key>nb</key>
+                               <string>Endre innstillinger</string>
+                               <key>nl</key>
+                               <string>Wijzig instellingen</string>
+                               <key>pl</key>
+                               <string>Zmień ustawienia</string>
+                               <key>pt</key>
+                               <string>Modificar Ajustes</string>
+                               <key>pt-PT</key>
+                               <string>Modificar definições</string>
+                               <key>ru</key>
+                               <string>Модифицировать настройки</string>
+                               <key>sv</key>
+                               <string>Ändra inställningar</string>
+                               <key>tr</key>
+                               <string>Ayarları Değiştir</string>
+                               <key>zh-Hans</key>
+                               <string>修改设置</string>
+                               <key>zh-Hant</key>
+                               <string>修改設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تعديل إعدادات التشخيص لمحرك الأقراص الثابتة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší změnit nastavení diagnostiky pevného disku.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at ændre diagnosticeringsindstillingerne til harddisken.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Diagnoseeinstellungen für Ihre Festplatte zu ändern.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to modify the diagnostic settings for your hard drive.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando modificar los ajustes del diagnóstico del disco duro.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää muokata kovalevyn diagnostiikka-asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de modifier les réglages de diagnostic de votre disque dur.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja módosítani a merevlemez diagnosztikai beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di modificare le impostazioni di diagnostica del disco rigido.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、ハード・ドライブの診断設定を変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 사용자의 하드 드라이브에 대한 진단 설정을 변경하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å endre diagnostikkinnstillingene for harddisken.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de diagnostische instellingen voor uw harde schijf te wijzigen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zmienić ustawienia diagnostyki dysku twardego.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando modificar os ajustes de diagnóstico para seu disco rígido.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar modificar as definições de diagnóstico do disco rígido.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается модифицировать настройки диагностики для Вашего жесткого диска.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ändra de diagnostiska inställningarna för din hårddisk.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, sabit sürücünüzün tanı ayarlarını değiştirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图修改硬盘的诊断设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試修改硬碟的診斷設定。</string>
+                       </dict>
+               </dict>

                <key>system.identity.write.</key>
                <dict>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>
                        <string>For creating, changing or deleting local user accounts and groups.</string>
                <key>system.identity.write.</key>
                <dict>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>
                        <string>For creating, changing or deleting local user accounts and groups.</string>

+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تحديث المستخدمين</string>
+                               <key>cs</key>
+                               <string>Aktualizovat uživatele</string>
+                               <key>da</key>
+                               <string>Opdater brugere</string>
+                               <key>de</key>
+                               <string>Benutzer aktualisieren</string>
+                               <key>en</key>
+                               <string>Update Users</string>
+                               <key>es</key>
+                               <string>Actualizar usuarios</string>
+                               <key>fi</key>
+                               <string>Päivitä käyttäjät</string>
+                               <key>fr</key>
+                               <string>Mettre à jour les utilisateurs</string>
+                               <key>hu</key>
+                               <string>Felhasználók frissítése</string>
+                               <key>it</key>
+                               <string>Aggiorna gli utenti</string>
+                               <key>ja</key>
+                               <string>ユーザをアップデート</string>
+                               <key>ko</key>
+                               <string>사용자 업데이트</string>
+                               <key>nb</key>
+                               <string>Oppdater brukere</string>
+                               <key>nl</key>
+                               <string>Werk gebruikers bij</string>
+                               <key>pl</key>
+                               <string>Uaktualnij użytkowników</string>
+                               <key>pt</key>
+                               <string>Atualizar Usuários</string>
+                               <key>pt-PT</key>
+                               <string>Actualizar utilizadores</string>
+                               <key>ru</key>
+                               <string>Обновить пользователей</string>
+                               <key>sv</key>
+                               <string>Uppdatera användare</string>
+                               <key>tr</key>
+                               <string>Kullanıcıları Güncelle</string>
+                               <key>zh-Hans</key>
+                               <string>更新用户</string>
+                               <key>zh-Hant</key>
+                               <string>更新使用者</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول__APPNAME__ تحديث مجموعة المستخدمين المحليين.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší aktualizovat sadu místních uživatelů.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at opdatere gruppen af lokale brugere.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Gruppe der lokalen Benutzer zu aktualisieren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to update the set of local users.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando actualizar el conjunto de usuarios locales.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää päivittää paikallisia käyttäjiä.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de mettre à jour le groupe d’utilisateurs locaux.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja frissíteni a helyi felhasználók csoportját.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di aggiornare una serie di utenti locali.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、ローカルユーザのセットをアップデートしようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 로컬 사용자 모음을 업데이트하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å oppdatere settet med lokale brukere.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de set met lokale gebruikers bij te werken.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje uaktualnić zastaw użytkowników lokalnych.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando atualizar o grupo de usuários locais.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar actualizar o conjunto de utilizadores locais.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается обновить набор локальных пользователей.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker uppdatera uppsättningen lokala användare.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, yerel kullanıcılar kümesini güncellemeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图更新本地用户组。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試更新本機使用者群組。</string>
+                       </dict>

                        <key>k-of-n</key>
                        <integer>1</integer>
                        <key>rule</key>
                        <key>k-of-n</key>
                        <integer>1</integer>
                        <key>rule</key>


@@ -314,309 +2806,2636 @@ See remaining rules for examples.
                        <string>rule</string>
                        <key>comment</key>
                        <string>Checked when changing authentication credentials (password or certificate) for a local user account.</string>
                        <string>rule</string>
                        <key>comment</key>
                        <string>Checked when changing authentication credentials (password or certificate) for a local user account.</string>

+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تحديث الاعتمادات</string>
+                               <key>cs</key>
+                               <string>Aktualizovat pověření</string>
+                               <key>da</key>
+                               <string>Opdater beviser</string>
+                               <key>de</key>
+                               <string>Accountdaten aktualisieren</string>
+                               <key>en</key>
+                               <string>Update Credentials</string>
+                               <key>es</key>
+                               <string>Actualizar credenciales</string>
+                               <key>fi</key>
+                               <string>Päivitä valtakirjat</string>
+                               <key>fr</key>
+                               <string>Mettre à jour les références</string>
+                               <key>hu</key>
+                               <string>Hitelesítés frissítése</string>
+                               <key>it</key>
+                               <string>Aggiorna credenziali</string>
+                               <key>ja</key>
+                               <string>資格情報をアップデート</string>
+                               <key>ko</key>
+                               <string>자격 증명 업데이트</string>
+                               <key>nb</key>
+                               <string>Oppdater akkreditiver</string>
+                               <key>nl</key>
+                               <string>Werk toegangsgegevens bij</string>
+                               <key>pl</key>
+                               <string>Uaktualnij dane uwierzytelniania</string>
+                               <key>pt</key>
+                               <string>Atualizar Credenciais</string>
+                               <key>pt-PT</key>
+                               <string>Actualizar credenciais</string>
+                               <key>ru</key>
+                               <string>Обновить учетные данные</string>
+                               <key>sv</key>
+                               <string>Uppdatera ID-handlingar</string>
+                               <key>tr</key>
+                               <string>Kimlik Bilgilerini Güncelle</string>
+                               <key>zh-Hans</key>
+                               <string>更新凭证</string>
+                               <key>zh-Hant</key>
+                               <string>更新憑證</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تحديث بيانات المصادقة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší aktualizovat pověření pro ověření totožnosti.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at opdatere godkendelsesoplysningerne.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Accountdaten zur Authentifizierung zu aktualisieren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to update the authentication credentials.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando actualizar las credenciales de autenticación.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää päivittää todentamisen valtakirjoja.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de mettre à jour les informations d’authentification.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja frissíteni a hitelesítési adatokat.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di aggiornare le credenziali di autenticazione.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は認証資格情報をアップデートしようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 인증 증명서를 업데이트하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å oppdatere godkjenningsakkreditivene.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de gegevens voor identiteitscontrole bij te werken.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje uaktualnić dane uwierzytelniania.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando atualizar as credenciais de autenticação.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar actualizar as credenciais de autenticação.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается обновить учетные данные для аутентификации.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker uppdatera autentiseringsuppgifterna.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, kimlik doğrulama bilgilerini güncellemeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图更新鉴定凭证。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試更新認證憑證。</string>
+                       </dict>

                        <key>rule</key>
                        <string>default</string>
                </dict>
                <key>system.identity.write.self</key>
                <dict>
                        <key>rule</key>
                        <string>default</string>
                </dict>
                <key>system.identity.write.self</key>
                <dict>

+                       <key>authenticate-user</key>
+                       <false/>

                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                        <string>Checked when changing authentication credentials (password or certificate) for the current user's account.</string>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                        <string>Checked when changing authentication credentials (password or certificate) for the current user's account.</string>

-                       <key>authenticate-user</key>
-                       <false/>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تحديث الاعتمادات</string>
+                               <key>cs</key>
+                               <string>Aktualizovat pověření</string>
+                               <key>da</key>
+                               <string>Opdater beviser</string>
+                               <key>de</key>
+                               <string>Accountdaten aktualisieren</string>
+                               <key>en</key>
+                               <string>Update Credentials</string>
+                               <key>es</key>
+                               <string>Actualizar credenciales</string>
+                               <key>fi</key>
+                               <string>Päivitä valtakirjat</string>
+                               <key>fr</key>
+                               <string>Mettre à jour les références</string>
+                               <key>hu</key>
+                               <string>Hitelesítés frissítése</string>
+                               <key>it</key>
+                               <string>Aggiorna credenziali</string>
+                               <key>ja</key>
+                               <string>資格情報をアップデート</string>
+                               <key>ko</key>
+                               <string>자격 증명 업데이트</string>
+                               <key>nb</key>
+                               <string>Oppdater akkreditiver</string>
+                               <key>nl</key>
+                               <string>Werk toegangsgegevens bij</string>
+                               <key>pl</key>
+                               <string>Uaktualnij dane uwierzytelniania</string>
+                               <key>pt</key>
+                               <string>Atualizar Credenciais</string>
+                               <key>pt-PT</key>
+                               <string>Actualizar credenciais</string>
+                               <key>ru</key>
+                               <string>Обновить учетные данные</string>
+                               <key>sv</key>
+                               <string>Uppdatera ID-handlingar</string>
+                               <key>tr</key>
+                               <string>Kimlik Bilgilerini Güncelle</string>
+                               <key>zh-Hans</key>
+                               <string>更新凭证</string>
+                               <key>zh-Hant</key>
+                               <string>更新憑證</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تحديث بيانات المصادقة الخاصة بك.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší aktualizovat vaše pověření pro ověření totožnosti.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at opdatere dine godkendelsesoplysninger.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, Ihre Accountdaten zur Authentifizierung zu aktualisieren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to update your authentication credentials.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando actualizar sus credenciales de autenticación.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää päivittää todentamisen valtakirjoja.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de mettre à jour vos informations d’authentification.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja frissíteni az Ön hitelesítési adatait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di aggiornare le tue credenziali di autenticazione.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、認証資格情報をアップデートしようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 사용자의 인증 증명서를 업데이트하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å oppdatere godkjenningsakkreditivene.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert uw gegevens voor identiteitscontrole bij te werken.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje uaktualnić dane uwierzytelniania.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando atualizar suas credenciais de autenticação.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar actualizar as suas credenciais de autenticação.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается обновить Ваши учетные данные для аутентификации.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker uppdatera dina autentiseringsuppgifter.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, kimlik doğrulama bilgilerinizi güncellemeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图更新您的鉴定凭证。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試更新您的認證憑證。</string>
+                       </dict>

                        <key>session-owner</key>
                        <true/>
                </dict>
                        <key>session-owner</key>
                        <true/>
                </dict>

-               <key>system.global-login-items.</key>
+               <key>system.install.app-store-software</key>

                <dict>
                        <key>class</key>
                        <string>rule</string>
                <dict>
                        <key>class</key>
                        <string>rule</string>

-                       <key>k-of-n</key>
-                       <integer>1</integer>
+                       <key>comment</key>
+                       <string>Checked when user is installing software from the App Store.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تثبيت البرنامج</string>
+                               <key>cs</key>
+                               <string>Nainstalovat software</string>
+                               <key>da</key>
+                               <string>Installer software</string>
+                               <key>de</key>
+                               <string>Software installieren</string>
+                               <key>en</key>
+                               <string>Install Software</string>
+                               <key>es</key>
+                               <string>Instalar software</string>
+                               <key>fi</key>
+                               <string>Asenna ohjelmisto</string>
+                               <key>fr</key>
+                               <string>Installer le logiciel</string>
+                               <key>hu</key>
+                               <string>Szoftver telepítése</string>
+                               <key>it</key>
+                               <string>Installa software</string>
+                               <key>ja</key>
+                               <string>ソフトウェアをインストール</string>
+                               <key>ko</key>
+                               <string>소프트웨어 설치</string>
+                               <key>nb</key>
+                               <string>Installer programvare</string>
+                               <key>nl</key>
+                               <string>Installeer software</string>
+                               <key>pl</key>
+                               <string>Zainstaluj oprogramowanie</string>
+                               <key>pt</key>
+                               <string>Instalar Software</string>
+                               <key>pt-PT</key>
+                               <string>Instalar software</string>
+                               <key>ru</key>
+                               <string>Установить ПО</string>
+                               <key>sv</key>
+                               <string>Installera programvara</string>
+                               <key>tr</key>
+                               <string>Yazılımı Yükle</string>
+                               <key>zh-Hans</key>
+                               <string>安装软件</string>
+                               <key>zh-Hant</key>
+                               <string>安裝軟體</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تثبيت البرنامج.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší nainstalovat software.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at installere software.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, Software zu installieren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to install software.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando instalar software.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää asentaa ohjelmistoa.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie d’installer un logiciel.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál szoftvert telepíteni.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta tentando di installare il software.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、ソフトウェアをインストールしようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 소프트웨어를 설치하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å installere programvare.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert software te installeren.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zainstalować oprogramowanie.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__está tentando instalar um software.</string>
+                               <key>pt-PT</key>
+                               <string>__APPNAME__ está a tentar instalar software.</string>
+                               <key>ru</key>
+                               <string>__APPNAME__ пытается установить ПО.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker installera programvara.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, yazılım yüklemeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>__APPNAME__ 正在尝试安装软件。</string>
+                               <key>zh-Hant</key>
+                               <string>__APPNAME__ 正在嘗試安裝軟體。</string>
+                       </dict>

                        <key>rule</key>
                        <key>rule</key>

-                       <array>
-                               <string>is-admin</string>
-                               <string>default</string>
-                       </array>
+                       <string>entitled-appstore-or-entitled-authenticate-appstore</string>

                </dict>
                </dict>

-               <key>system.sharepoints.</key>
+               <key>system.install.apple-software</key>

                <dict>
                <dict>

-                       <key>allow-root</key>
-                       <true/>

                        <key>class</key>
                        <key>class</key>

-                       <string>user</string>
+                       <string>rule</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>Checked when making changes to the Sharepoints.</string>
-                       <key>group</key>
-                       <string>admin</string>
-                       <key>shared</key>
-                       <true/>
+                       <string>Checked when user is installing Apple-provided software.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تثبيت البرنامج</string>
+                               <key>cs</key>
+                               <string>Nainstalovat software</string>
+                               <key>da</key>
+                               <string>Installer software</string>
+                               <key>de</key>
+                               <string>Software installieren</string>
+                               <key>en</key>
+                               <string>Install Software</string>
+                               <key>es</key>
+                               <string>Instalar software</string>
+                               <key>fi</key>
+                               <string>Asenna ohjelmisto</string>
+                               <key>fr</key>
+                               <string>Installer le logiciel</string>
+                               <key>hu</key>
+                               <string>Szoftver telepítése</string>
+                               <key>it</key>
+                               <string>Installa software</string>
+                               <key>ja</key>
+                               <string>ソフトウェアをインストール</string>
+                               <key>ko</key>
+                               <string>소프트웨어 설치</string>
+                               <key>nb</key>
+                               <string>Installer programvare</string>
+                               <key>nl</key>
+                               <string>Installeer software</string>
+                               <key>pl</key>
+                               <string>Zainstaluj oprogramowanie</string>
+                               <key>pt</key>
+                               <string>Instalar Software</string>
+                               <key>pt-PT</key>
+                               <string>Instalar software</string>
+                               <key>ru</key>
+                               <string>Установить ПО</string>
+                               <key>sv</key>
+                               <string>Installera programvara</string>
+                               <key>tr</key>
+                               <string>Yazılımı Yükle</string>
+                               <key>zh-Hans</key>
+                               <string>安装软件</string>
+                               <key>zh-Hant</key>
+                               <string>安裝軟體</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تثبيت البرنامج الموّفَر من Apple.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší nainstalovat software poskytovaný společností Apple.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at installere software leveret af Apple.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, von Apple bereitgestellte Software zu installieren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to install Apple-provided software.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando instalar software proporcionado por Apple.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää asentaa Applen ohjelmistoa.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie d’installer un logiciel fourni par Apple.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál egy Apple által szolgáltatott szoftvert telepíteni.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta tentando di installare il software fornito da Apple.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、アップル提供のソフトウェアをインストールしようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) Apple에서 제공한 소프트웨어를 설치하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å installere programvare som er levert av Apple.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert van Apple afkomstige software te installeren.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zainstalować oprogramowanie udostępnione przez Apple.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando instalar um software fornecido pela Apple.</string>
+                               <key>pt-PT</key>
+                               <string>__APPNAME__ está a tentar instalar software da Apple.</string>
+                               <key>ru</key>
+                               <string>__APPNAME__ пытается установить ПО, предоставленное компанией Apple.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker installera programvara från Apple.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Apple tarafından sağlanan yazılımı yüklemeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>__APPNAME__ 正在尝试安装 Apple 提供的软件。</string>
+                               <key>zh-Hant</key>
+                               <string>__APPNAME__ 正在嘗試安裝 Apple 提供的軟體。</string>
+                       </dict>
+                       <key>rule</key>
+                       <string>root-or-entitled-admin-or-authenticate-admin</string>

                </dict>
                </dict>

-               <key>com.apple.activitymonitor.kill</key>
+               <key>system.install.software</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <true/>

                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>

-                       <string>Used by Activity Monitor to authorize killing processes not owned by the user.</string>
+                       <string>Checked when user is installing new software.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تثبيت البرنامج</string>
+                               <key>cs</key>
+                               <string>Nainstalovat software</string>
+                               <key>da</key>
+                               <string>Installer software</string>
+                               <key>de</key>
+                               <string>Software installieren</string>
+                               <key>en</key>
+                               <string>Install Software</string>
+                               <key>es</key>
+                               <string>Instalar software</string>
+                               <key>fi</key>
+                               <string>Asenna ohjelmisto</string>
+                               <key>fr</key>
+                               <string>Installer le logiciel</string>
+                               <key>hu</key>
+                               <string>Szoftver telepítése</string>
+                               <key>it</key>
+                               <string>Installa software</string>
+                               <key>ja</key>
+                               <string>ソフトウェアをインストール</string>
+                               <key>ko</key>
+                               <string>소프트웨어 설치</string>
+                               <key>nb</key>
+                               <string>Installer programvare</string>
+                               <key>nl</key>
+                               <string>Installeer software</string>
+                               <key>pl</key>
+                               <string>Zainstaluj oprogramowanie</string>
+                               <key>pt</key>
+                               <string>Instalar Software</string>
+                               <key>pt-PT</key>
+                               <string>Instalar software</string>
+                               <key>ru</key>
+                               <string>Установить ПО</string>
+                               <key>sv</key>
+                               <string>Installera programvara</string>
+                               <key>tr</key>
+                               <string>Yazılımı Yükle</string>
+                               <key>zh-Hans</key>
+                               <string>安装软件</string>
+                               <key>zh-Hant</key>
+                               <string>安裝軟體</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تثبيت برنامج جديد.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší nainstalovat nový software.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at installere ny software.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, neue Software zu installieren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to install new software.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando instalar software nuevo.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää asentaa uutta ohjelmistoa.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye d’installer un nouveau logiciel.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál egy új szoftvert telepíteni.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di installare nuovo software.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、新しいソフトウェアをインストールしようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 새로운 소프트웨어를 설치하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å installere ny programvare.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert nieuwe software te installeren.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zainstalować nowe oprogramowanie.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando instalar um novo software.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar instalar software novo.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается установить новое ПО.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker installera ny programvara.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, yeni yazılım yüklemeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图安装新软件。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試安裝新的軟體。</string>
+                       </dict>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <false/>
                        <key>timeout</key>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <false/>
                        <key>timeout</key>

-                       <integer>0</integer>
+                       <integer>300</integer>

                </dict>
                </dict>

-               <key>com.apple.Safari.parental-controls</key>
+               <key>system.keychain.create.loginkc</key>

                <dict>
                        <key>allow-root</key>
                <dict>
                        <key>allow-root</key>

-                       <true/>
+                       <false/>

                        <key>class</key>
                        <key>class</key>

-                       <string>user</string>
+                       <string>evaluate-mechanisms</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>Checked when changing parental controls for Safari.</string>
-                       <key>group</key>
-                       <string>admin</string>
+                       <string>Used by the Security framework when you add an item to an unconfigured default keychain.</string>
+                       <key>mechanisms</key>
+                       <array>
+                               <string>loginKC:queryCreate</string>
+                               <string>loginKC:showPasswordUI</string>
+                               <string>authinternal</string>
+                       </array>
+                       <key>session-owner</key>
+                       <true/>

                        <key>shared</key>
                        <false/>
                        <key>shared</key>
                        <false/>

-                       <key>timeout</key>
-                       <integer>60</integer>

                </dict>
                </dict>

-               <key>com.apple.docset.install</key>
+               <key>system.keychain.modify</key>

                <dict>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                <dict>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>

-                       <string>Used by Xcode to restrict access to a daemon it uses to install and update documentation sets.</string>
+                       <string>Used by Keychain Access when editing a system keychain.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل Keychain</string>
+                               <key>cs</key>
+                               <string>Změnit svazek klíčů</string>
+                               <key>da</key>
+                               <string>Juster nøglering</string>
+                               <key>de</key>
+                               <string>Schlüsselbund ändern</string>
+                               <key>en</key>
+                               <string>Modify Keychain</string>
+                               <key>es</key>
+                               <string>Modificar llavero</string>
+                               <key>fi</key>
+                               <string>Muokkaa avainnippua</string>
+                               <key>fr</key>
+                               <string>Modifer le trousseau</string>
+                               <key>hu</key>
+                               <string>Kulcskarika módosítása</string>
+                               <key>it</key>
+                               <string>Modifica portachiavi</string>
+                               <key>ja</key>
+                               <string>キーチェーンを変更</string>
+                               <key>ko</key>
+                               <string>키체인 수정</string>
+                               <key>nb</key>
+                               <string>Endre nøkkelring</string>
+                               <key>nl</key>
+                               <string>Wijzig sleutelhanger</string>
+                               <key>pl</key>
+                               <string>Zmień pęk kluczy</string>
+                               <key>pt</key>
+                               <string>Modificar Chaves</string>
+                               <key>pt-PT</key>
+                               <string>Modificar porta‑chaves</string>
+                               <key>ru</key>
+                               <string>Модифицировать связку ключей</string>
+                               <key>sv</key>
+                               <string>Ändra nyckelringen</string>
+                               <key>tr</key>
+                               <string>Anahtar Zincirini Değiştir</string>
+                               <key>zh-Hans</key>
+                               <string>修改钥匙链</string>
+                               <key>zh-Hant</key>
+                               <string>修改鑰匙圈</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تعديل سلسلة مفاتيح النظام.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší změnit systémový svazek klíčů.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at ændre systemnøgleringen.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, den System-Schlüsselbund zu ändern.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to modify the system keychain.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando modificar el llavero del sistema.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää muokata järjestelmän avainnippua.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de modifier le trousseau du système.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja módosítani a rendszer-kulcskarikát.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di modificare il portachiavi di sistema.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、システムキーチェーンを変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 시스템 키체인을 변경하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å endre systemnøkkelringen.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de systeemsleutelhanger te wijzigen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zmodyfikować systemowy pęk kluczy.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando modificar as chaves do sistema.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar modificar o porta‑chaves do sistema.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается модифицировать связку ключей системы.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ändra systemets nyckelring.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, sistem anahtar zincirini değiştirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图修改系统钥匙串。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試修改系統鑰匙圈。</string>
+                       </dict>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>

-                       <false/>
+                       <true/>
+                       <key>timeout</key>
+                       <integer>30</integer>

                </dict>
                </dict>

-               <key>com.apple.DiskManagement.</key>
+               <key>system.login.console</key>
+               <dict>
+                       <key>class</key>
+                       <string>evaluate-mechanisms</string>
+                       <key>comment</key>
+                       <string>Login mechanism based rule.  Not for general use, yet.</string>
+                       <key>mechanisms</key>
+                       <array>
+                               <string>builtin:policy-banner</string>
+                               <string>loginwindow:login</string>
+                               <string>builtin:reset-password,privileged</string>
+                               <string>builtin:forward-login,privileged</string>
+                               <string>builtin:auto-login,privileged</string>
+                               <string>builtin:authenticate,privileged</string>
+                               <string>PKINITMechanism:auth,privileged</string>
+                               <string>loginwindow:success</string>
+                               <string>HomeDirMechanism:login,privileged</string>
+                               <string>HomeDirMechanism:status</string>
+                               <string>MCXMechanism:login</string>
+                               <string>loginwindow:done</string>
+                       </array>
+               </dict>
+               <key>system.login.done</key>
+               <dict>
+                       <key>class</key>
+                       <string>evaluate-mechanisms</string>
+                       <key>mechanisms</key>
+                       <array>
+                       </array>
+               </dict>
+               <key>system.login.screensaver</key>

                <dict>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>
                <dict>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>

-                       <string>Used by diskmanagementd to allow access to its privileged functions</string>
-                       <key>k-of-n</key>
-                       <integer>1</integer>
+                       <string>The owner or any administrator can unlock the screensaver.</string>

                        <key>rule</key>
                        <key>rule</key>

+                       <string>authenticate-session-owner-or-admin</string>
+               </dict>
+               <key>system.login.tty</key>
+               <dict>
+                       <key>class</key>
+                       <string>evaluate-mechanisms</string>
+                       <key>mechanisms</key>

                        <array>
                        <array>

-                               <string>is-root</string>
-                               <string>is-admin</string>
-                               <string>default</string>
+                               <string>push_hints_to_context</string>
+                               <string>authinternal</string>

                        </array>
                        </array>

+                       <key>tries</key>
+                       <integer>1</integer>
+               </dict>
+               <key>system.preferences</key>
+               <dict>
+                       <key>allow-root</key>
+                       <true/>
+                       <key>class</key>
+                       <string>user</string>
+                       <key>comment</key>
+                       <string>Checked by the Admin framework when making changes to certain System Preferences.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل الإعدادات</string>
+                               <key>cs</key>
+                               <string>Změnit nastavení</string>
+                               <key>da</key>
+                               <string>Juster indstillinger</string>
+                               <key>de</key>
+                               <string>Einstellungen ändern</string>
+                               <key>en</key>
+                               <string>Modify Settings</string>
+                               <key>es</key>
+                               <string>Modificar ajustes</string>
+                               <key>fi</key>
+                               <string>Muokkaa asetuksia</string>
+                               <key>fr</key>
+                               <string>Modifer les réglages</string>
+                               <key>hu</key>
+                               <string>Beállítások módosítása</string>
+                               <key>it</key>
+                               <string>Modifica impostazioni</string>
+                               <key>ja</key>
+                               <string>設定を変更</string>
+                               <key>ko</key>
+                               <string>설정 수정</string>
+                               <key>nb</key>
+                               <string>Endre innstillinger</string>
+                               <key>nl</key>
+                               <string>Wijzig instellingen</string>
+                               <key>pl</key>
+                               <string>Zmień ustawienia</string>
+                               <key>pt</key>
+                               <string>Modificar Ajustes</string>
+                               <key>pt-PT</key>
+                               <string>Modificar definições</string>
+                               <key>ru</key>
+                               <string>Модифицировать настройки</string>
+                               <key>sv</key>
+                               <string>Ändra inställningar</string>
+                               <key>tr</key>
+                               <string>Ayarları Değiştir</string>
+                               <key>zh-Hans</key>
+                               <string>修改设置</string>
+                               <key>zh-Hant</key>
+                               <string>修改設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تعديل إعدادات النظام الخاص بك.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší změnit systémová nastavení.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at ændre systemindstillingerne.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, Ihre Systemeinstellungen zu ändern.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to modify your system settings.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando modificar los ajustes del sistema.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää muokata järjestelmän asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de modifier vos réglages de système.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja módosítani a rendszerbeállításokat.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di modificare le impostazioni del sistema.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、システムの設定を変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 사용자의 시스템 설정을 변경하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å endre systeminnstillingene.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert uw systeeminstellingen te wijzigen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zmienić ustawienia systemowe.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando modificar seus ajustes do sistema.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar modificar as definições do sistema.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается модифицировать Ваши системные настройки.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ändra systemets inställningar.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, sistem ayarlarınızı değiştirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图修改您的系统设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試修改您的系統設定。</string>
+                       </dict>
+                       <key>group</key>
+                       <string>admin</string>

                        <key>shared</key>
                        <true/>
                </dict>
                        <key>shared</key>
                        <true/>
                </dict>

-               <key>system.privilege.admin</key>
+               <key>system.preferences.accessibility</key>

                <dict>
                        <key>allow-root</key>
                        <true/>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                <dict>
                        <key>allow-root</key>
                        <true/>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>

-                       <string>Used by AuthorizationExecuteWithPrivileges(...).  
-               AuthorizationExecuteWithPrivileges() is used by programs requesting
-               to run a tool as root (e.g., some installers).</string>
+                       <string>Checked by the Admin framework when enabling or disabling the Accessibility APIs.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>فتح القفل</string>
+                               <key>cs</key>
+                               <string>Odemknout</string>
+                               <key>da</key>
+                               <string>Lås op</string>
+                               <key>de</key>
+                               <string>Entsperren</string>
+                               <key>en</key>
+                               <string>Unlock</string>
+                               <key>es</key>
+                               <string>Desbloquear</string>
+                               <key>fi</key>
+                               <string>Avaa</string>
+                               <key>fr</key>
+                               <string>Déverrouiller</string>
+                               <key>hu</key>
+                               <string>Feloldás</string>
+                               <key>it</key>
+                               <string>Sblocca</string>
+                               <key>ja</key>
+                               <string>ロックを解除</string>
+                               <key>ko</key>
+                               <string>잠금 해제</string>
+                               <key>nb</key>
+                               <string>Lås opp</string>
+                               <key>nl</key>
+                               <string>Ontgrendel</string>
+                               <key>pl</key>
+                               <string>Odblokuj</string>
+                               <key>pt</key>
+                               <string>Desbloquear</string>
+                               <key>pt-PT</key>
+                               <string>Desproteger</string>
+                               <key>ru</key>
+                               <string>Снять защиту</string>
+                               <key>sv</key>
+                               <string>Lås upp</string>
+                               <key>tr</key>
+                               <string>Kilidi Aç</string>
+                               <key>zh-Hans</key>
+                               <string>解锁</string>
+                               <key>zh-Hant</key>
+                               <string>解鎖</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ فتح قفل تفضيلات الاحتياجات الخاصة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší odemknout předvolby Univerzální přístup.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at låse Universel adgang op.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Systemeinstellung „Bedienungshilfen“ zu entsperren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to unlock Universal Access preferences.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando desbloquear el panel de preferencias Acceso Universal.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää avata Käyttöapu-asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de déverrouiller les préférences Accès universel.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja feloldani az Univerzális hozzáférés beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di sbloccare le preferenze Accesso Universale.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、“ユニバーサルアクセス”環境設定のロックを解除しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 손쉬운 사용 환경설정을 잠금 해제하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å låse opp Særlige behov-valgpanelet.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het voorkeurenpaneel 'Universele toegang' te ontgrendelen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje odblokować preferencje Uniwersalny dostęp.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando desbloquear as preferências de Acesso Universal.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar desproteger as preferências do Acesso Universal.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается снять защиту с настроек Универсального доступа.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker låsa upp Hjälpmedelsinställningarna.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Evrensel Erişim tercihlerinin kilidini açmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图解锁“万能辅助”的偏好设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試解鎖“輔助使用”偏好設定。</string>
+                       </dict>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <false/>
                        <key>timeout</key>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <false/>
                        <key>timeout</key>

-                       <integer>300</integer>
+                       <integer>0</integer>

                </dict>
                </dict>

-               <key>system.privilege.taskport</key>
+               <key>system.preferences.accounts</key>

                <dict>
                        <key>allow-root</key>
                <dict>
                        <key>allow-root</key>

-                       <false/>
+                       <true/>

                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>

-                       <string>Used by task_for_pid(...).
-               Task_for_pid is called by programs requesting full control over another program
-               for things like debugging or performance analysis. This authorization only applies
-               if the requesting and target programs are run by the same user; it will never
-               authorize access to the program of another user.  WARNING: administrators are advised not to modify this right.</string>
+                       <string>Checked by the Admin framework when making changes to the Users &amp; Groups preference pane.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>فتح القفل</string>
+                               <key>cs</key>
+                               <string>Odemknout</string>
+                               <key>da</key>
+                               <string>Lås op</string>
+                               <key>de</key>
+                               <string>Entsperren</string>
+                               <key>en</key>
+                               <string>Unlock</string>
+                               <key>es</key>
+                               <string>Desbloquear</string>
+                               <key>fi</key>
+                               <string>Avaa</string>
+                               <key>fr</key>
+                               <string>Déverrouiller</string>
+                               <key>hu</key>
+                               <string>Feloldás</string>
+                               <key>it</key>
+                               <string>Sblocca</string>
+                               <key>ja</key>
+                               <string>ロックを解除</string>
+                               <key>ko</key>
+                               <string>잠금 해제</string>
+                               <key>nb</key>
+                               <string>Lås opp</string>
+                               <key>nl</key>
+                               <string>Ontgrendel</string>
+                               <key>pl</key>
+                               <string>Odblokuj</string>
+                               <key>pt</key>
+                               <string>Desbloquear</string>
+                               <key>pt-PT</key>
+                               <string>Desproteger</string>
+                               <key>ru</key>
+                               <string>Снять защиту</string>
+                               <key>sv</key>
+                               <string>Lås upp</string>
+                               <key>tr</key>
+                               <string>Kilidi Aç</string>
+                               <key>zh-Hans</key>
+                               <string>解锁</string>
+                               <key>zh-Hant</key>
+                               <string>解鎖</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ فك قفل تفضيلات المستخدمين والمجموعات.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší odemknout předvolby Uživatelé a skupiny.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at låse Brugere &amp; grupper op.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Systemeinstellung „Benutzer &amp; Gruppen“ zu entsperren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to unlock Users &amp; Groups preferences.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando desbloquear el panel de preferencias Usuarios y Grupos.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää avata Käyttäjät ja ryhmät -asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de déverrouiller les préférences Utilisateurs et groupes.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja feloldani a Csoportok és felhasználók beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di sbloccare le preferenze di gruppi &amp; utenti.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、“ユーザとグループ”環境設定のロックを解除しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 사용자 및 그룹 환경설정을 잠금 해제하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å låse opp Brukere og grupper-valgpanelet.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het voorkeurenpaneel 'Gebruikers en groepen' te ontgrendelen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ odblokować preferencje Użytkownicy i grupy.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando desbloquear as preferências Usuários e Grupos.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar desproteger as preferências de Utilizadores e Grupos.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается снять защиту с настроек «Пользователи и группы».</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker låsa upp inställningarna för Användare och grupper.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Kullanıcılar ve Gruplar tercihlerinin kilidini açmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图解锁“用户与群组”偏好设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試解鎖“使用者與群組”偏好設定。</string>
+                       </dict>

                        <key>group</key>
                        <key>group</key>

-                       <string>_developer</string>
+                       <string>admin</string>

                        <key>shared</key>
                        <key>shared</key>

-                       <true/>
-                       <key>timeout</key>
-                       <integer>36000</integer>
+                       <false/>

                </dict>
                </dict>

-               <key>system.privilege.taskport.safe</key>
+               <key>system.preferences.datetime</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <true/>

                        <key>class</key>
                        <key>class</key>

-                       <string>allow</string>
+                       <string>user</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>For use by Apple.</string>
+                       <string>Checked by the Admin framework when making changes to the Date &amp; Time preference pane.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>فتح القفل</string>
+                               <key>cs</key>
+                               <string>Odemknout</string>
+                               <key>da</key>
+                               <string>Lås op</string>
+                               <key>de</key>
+                               <string>Entsperren</string>
+                               <key>en</key>
+                               <string>Unlock</string>
+                               <key>es</key>
+                               <string>Desbloquear</string>
+                               <key>fi</key>
+                               <string>Avaa</string>
+                               <key>fr</key>
+                               <string>Déverrouiller</string>
+                               <key>hu</key>
+                               <string>Feloldás</string>
+                               <key>it</key>
+                               <string>Sblocca</string>
+                               <key>ja</key>
+                               <string>ロック解除</string>
+                               <key>ko</key>
+                               <string>잠금 해제</string>
+                               <key>nb</key>
+                               <string>Lås opp</string>
+                               <key>nl</key>
+                               <string>Ontgrendel</string>
+                               <key>pl</key>
+                               <string>Odblokuj</string>
+                               <key>pt</key>
+                               <string>Desbloquear</string>
+                               <key>pt-PT</key>
+                               <string>Desproteger</string>
+                               <key>ru</key>
+                               <string>Снять защиту</string>
+                               <key>sv</key>
+                               <string>Lås upp</string>
+                               <key>tr</key>
+                               <string>Kilidi Aç</string>
+                               <key>zh-Hans</key>
+                               <string>解锁</string>
+                               <key>zh-Hant</key>
+                               <string>解鎖</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>حاول __APPNAME__ فتح قفل تفضيلات التاريخ والوقت.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší odemknout předvolby Datum a čas.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at låse vinduet Dato &amp; tid op.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Systemeinstellung „Datum &amp; Uhrzeit“ zu entsperren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to unlock the Date &amp; Time preferences.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando desbloquear el panel de preferencias Fecha y Hora.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää avata Päivämäärä ja aika -asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie de déverrouiller les préférences Date et heure</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja feloldani a Dátum és idő beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta tentando di sbloccare le preferenze di Data e ora.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ が“日付と時刻”環境設定のロックを解除しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 날짜와 시간 환경설정을 잠금 해제하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å låse opp Dato og tid-valgpanelet.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het voorkeurenpaneel 'Datum en tijd' te ontgrendelen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje odblokować preferencje daty i czasu.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando desbloquear as preferências Data e Hora.</string>
+                               <key>pt-PT</key>
+                               <string>__APPNAME__ está a tentar desproteger as preferências de Data e Hora.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается снять защиту с настроек панели «Дата и время».</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker låsa upp inställningarna för Datum och tid.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Tarih ve Saat tercihlerinin kilidini açmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图解锁“日期与事件”偏好设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試解鎖“日期與時間”偏好設定。</string>
+                       </dict>
+                       <key>group</key>
+                       <string>admin</string>
+                       <key>shared</key>
+                       <true/>

                </dict>
                </dict>

-               <key>system.privilege.taskport.debug</key>
+               <key>system.preferences.energysaver</key>

                <dict>
                        <key>allow-root</key>
                <dict>
                        <key>allow-root</key>

-                       <false/>
+                       <true/>

                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>

-                       <string>For use by Apple.  WARNING: administrators are advised
-            not to modify this right.</string>
+                       <string>Checked by the Admin framework when making changes to the Energy Saver preference pane.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>فتح القفل</string>
+                               <key>cs</key>
+                               <string>Odemknout</string>
+                               <key>da</key>
+                               <string>Lås op</string>
+                               <key>de</key>
+                               <string>Entsperren</string>
+                               <key>en</key>
+                               <string>Unlock</string>
+                               <key>es</key>
+                               <string>Desbloquear</string>
+                               <key>fi</key>
+                               <string>Avaa</string>
+                               <key>fr</key>
+                               <string>Déverrouiller</string>
+                               <key>hu</key>
+                               <string>Feloldás</string>
+                               <key>it</key>
+                               <string>Sblocca</string>
+                               <key>ja</key>
+                               <string>ロック解除</string>
+                               <key>ko</key>
+                               <string>잠금 해제</string>
+                               <key>nb</key>
+                               <string>Lås opp</string>
+                               <key>nl</key>
+                               <string>Ontgrendel</string>
+                               <key>pl</key>
+                               <string>Odblokuj</string>
+                               <key>pt</key>
+                               <string>Desbloquear</string>
+                               <key>pt-PT</key>
+                               <string>Desproteger</string>
+                               <key>ru</key>
+                               <string>Снять защиту</string>
+                               <key>sv</key>
+                               <string>Lås upp</string>
+                               <key>tr</key>
+                               <string>Kilidi Aç</string>
+                               <key>zh-Hans</key>
+                               <string>解锁</string>
+                               <key>zh-Hant</key>
+                               <string>解鎖</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>_يحاول __APPNAME__ فتح قفل تفضيلات موفر الطاقة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší odemknout předvolby Úspora energie.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at låse vinduet Energibesparelse op.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Systemeinstellung „Energie sparen“ zu entsperren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to unlock the Energy Saver preferences.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando desbloquear el panel de preferencias Economizador.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää avata Energiansäästäjä-asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie de déverrouiller les préférences Économiseur d’énergie.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja feloldani az Energiatakarékos mód beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta tentando di sbloccare le preferenze di Risparmio di energia.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ が“省エネルギー”環境設定のロックを解除しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 에너지 절약 환경설정을 잠금 해제하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å låse opp Strømsparing-valgpanelet.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het voorkeurenpaneel 'Energiestand' te ontgrendelen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje odblokować preferencje oszczędzania energii.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando desbloquear as preferências Economizador de Energia.</string>
+                               <key>pt-PT</key>
+                               <string>__APPNAME__ está a tentar desproteger as preferências de Poupança de Energia.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается снять защиту с настроек панели «Экономия энергии».</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker låsa upp inställningarna för Strömsparare.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Enerji Tasarrufu tercihlerinin kilidini açmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图解锁“节能器”偏好设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試解鎖“能源節約器”偏好設定。</string>
+                       </dict>

                        <key>group</key>
                        <key>group</key>

-                       <string>_developer</string>
+                       <string>admin</string>

                        <key>shared</key>
                        <true/>
                        <key>shared</key>
                        <true/>

-                       <key>timeout</key>
-                       <integer>36000</integer>

                </dict>
                </dict>

-               <key>system.restart</key>
+               <key>system.preferences.location</key>

                <dict>
                        <key>class</key>
                <dict>
                        <key>class</key>

-                       <string>evaluate-mechanisms</string>
+                       <string>rule</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>Checked if the foreground console user tries to restart the system while other users are logged in via fast-user switching.</string>
-                       <key>mechanisms</key>
+                       <string>For changing the network location from the Apple menu.</string>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>

                        <array>
                        <array>

-                               <string>builtin:smartcard-sniffer,privileged</string>
-                               <string>RestartAuthorization:restart</string>
-                               <string>builtin:authenticate,privileged</string>
-                               <string>RestartAuthorization:success</string>
+                               <string>on-console</string>
+                               <string>is-admin</string>
+                               <string>is-root</string>

                        </array>
                </dict>
                        </array>
                </dict>

-               <key>system.shutdown</key>
+               <key>system.preferences.network</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <true/>

                        <key>class</key>
                        <key>class</key>

-                       <string>evaluate-mechanisms</string>
+                       <string>user</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>Checked if the foreground console user tries to shut down the system while other users are logged in via fast-user switching.</string>
-                       <key>mechanisms</key>
-                       <array>
-                                       <string>builtin:smartcard-sniffer,privileged</string>
-                                       <string>RestartAuthorization:shutdown</string>
-                                       <string>builtin:authenticate,privileged</string>
-                                       <string>RestartAuthorization:success</string>
-                       </array>
+                       <string>Checked by the Admin framework when making changes to the Network preference pane.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>فتح القفل</string>
+                               <key>cs</key>
+                               <string>Odemknout</string>
+                               <key>da</key>
+                               <string>Lås op</string>
+                               <key>de</key>
+                               <string>Entsperren</string>
+                               <key>en</key>
+                               <string>Unlock</string>
+                               <key>es</key>
+                               <string>Desbloquear</string>
+                               <key>fi</key>
+                               <string>Avaa</string>
+                               <key>fr</key>
+                               <string>Déverrouiller</string>
+                               <key>hu</key>
+                               <string>Feloldás</string>
+                               <key>it</key>
+                               <string>Sblocca</string>
+                               <key>ja</key>
+                               <string>ロックを解除</string>
+                               <key>ko</key>
+                               <string>잠금 해제</string>
+                               <key>nb</key>
+                               <string>Lås opp</string>
+                               <key>nl</key>
+                               <string>Ontgrendel</string>
+                               <key>pl</key>
+                               <string>Odblokuj</string>
+                               <key>pt</key>
+                               <string>Desbloquear</string>
+                               <key>pt-PT</key>
+                               <string>Desproteger</string>
+                               <key>ru</key>
+                               <string>Снять защиту</string>
+                               <key>sv</key>
+                               <string>Lås upp</string>
+                               <key>tr</key>
+                               <string>Kilidi Aç</string>
+                               <key>zh-Hans</key>
+                               <string>解锁</string>
+                               <key>zh-Hant</key>
+                               <string>解鎖</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ فك قفل تفضيلات الشبكة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší odemknout předvolby Síť.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at låse Netværk op.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Systemeinstellung „Netzwerk“ zu entsperren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to unlock the Network preferences.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando desbloquear el panel de preferencias Red.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää avata Verkko-asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de déverrouiller les préférences Réseau.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja feloldani a Hálózat beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di sbloccare le preferenze Network.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、“ネットワーク”環境設定のロックを解除しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 네트워크 환경설정을 잠금 해제하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å låse opp Nettverk-valgpanelet.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het voorkeurenpaneel 'Netwerk' te ontgrendelen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje odblokować preferencje Sieć.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando desbloquear as preferências Rede.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar desproteger as preferências de Rede.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается установить новый инструмент справки</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker låsa upp nätverksinställningarna.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Ağ tercihlerinin kilidini açmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图解锁“网络”偏好设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試解鎖“網路”偏好設定。</string>
+                       </dict>
+                       <key>group</key>
+                       <string>admin</string>
+                       <key>shared</key>
+                       <true/>

                </dict>
                </dict>

-               <key>system.burn</key>
+               <key>system.preferences.parental-controls</key>

                <dict>
                        <key>class</key>
                <dict>
                        <key>class</key>

-                       <string>allow</string>
+                       <string>user</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>For burning media.</string>
+                       <string>Checked when making changes to the Parental Controls preference pane.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>فتح القفل</string>
+                               <key>cs</key>
+                               <string>Odemknout</string>
+                               <key>da</key>
+                               <string>Lås op</string>
+                               <key>de</key>
+                               <string>Entsperren</string>
+                               <key>en</key>
+                               <string>Unlock</string>
+                               <key>es</key>
+                               <string>Desbloquear</string>
+                               <key>fi</key>
+                               <string>Avaa</string>
+                               <key>fr</key>
+                               <string>Déverrouiller</string>
+                               <key>hu</key>
+                               <string>Feloldás</string>
+                               <key>it</key>
+                               <string>Sblocca</string>
+                               <key>ja</key>
+                               <string>ロックを解除</string>
+                               <key>ko</key>
+                               <string>잠금 해제</string>
+                               <key>nb</key>
+                               <string>Lås opp</string>
+                               <key>nl</key>
+                               <string>Ontgrendel</string>
+                               <key>pl</key>
+                               <string>Odblokuj</string>
+                               <key>pt</key>
+                               <string>Desbloquear</string>
+                               <key>pt-PT</key>
+                               <string>Desproteger</string>
+                               <key>ru</key>
+                               <string>Снять защиту</string>
+                               <key>sv</key>
+                               <string>Lås upp</string>
+                               <key>tr</key>
+                               <string>Kilidi Aç</string>
+                               <key>zh-Hans</key>
+                               <string>解锁</string>
+                               <key>zh-Hant</key>
+                               <string>解鎖</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ فتح قفل تفضيلات الإشراف العائلي.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší odemknout předvolby Rodičovský dohled.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at låse Børnesikring op.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Systemeinstellung „Kindersicherung“ zu entsperren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to unlock Parental Controls preferences.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando desbloquear el panel de preferencias Controles Parentales.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää avata Käyttörajoitukset-asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de déverrouiller les préférences Contrôle parental.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja feloldani a Szülői felügyelet beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di sbloccare le preferenze dei controlli censura.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、“ペアレンタルコントロール”環境設定のロックを解除しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 유해 콘텐츠 차단 환경설정을 잠금 해제하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å låse opp Foreldrekontroll-valgpanelet.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het voorkeurenpaneel 'Ouderlijk toezicht' te ontgrendelen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje odblokować preferencje Nadzór rodzicielski.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando desbloquear as preferências de Controles Parentais.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar desproteger as preferências do Controlo Parental.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается снять защиту с настроек Родительского контроля.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker låsa upp Föräldrakontrollsinställningarna.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Ebeveyn Denetimleri tercihlerinin kilidini açmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图解锁“家长控制”偏好设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試解鎖“分級保護控制”偏好設定。</string>
+                       </dict>
+                       <key>group</key>
+                       <string>admin</string>
+                       <key>shared</key>
+                       <false/>

                </dict>
                </dict>

-               <key>system.services.directory.configure</key>
+               <key>system.preferences.printing</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <true/>

                        <key>class</key>
                        <string>user</string>
                        <key>class</key>
                        <string>user</string>

+                       <key>comment</key>
+                       <string>Checked by the Admin framework when making changes to the Printing preference pane.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>فتح القفل</string>
+                               <key>cs</key>
+                               <string>Odemknout</string>
+                               <key>da</key>
+                               <string>Lås op</string>
+                               <key>de</key>
+                               <string>Entsperren</string>
+                               <key>en</key>
+                               <string>Unlock</string>
+                               <key>es</key>
+                               <string>Desbloquear</string>
+                               <key>fi</key>
+                               <string>Avaa</string>
+                               <key>fr</key>
+                               <string>Déverrouiller</string>
+                               <key>hu</key>
+                               <string>Feloldás</string>
+                               <key>it</key>
+                               <string>Sblocca</string>
+                               <key>ja</key>
+                               <string>ロック解除</string>
+                               <key>ko</key>
+                               <string>잠금 해제</string>
+                               <key>nb</key>
+                               <string>Lås opp</string>
+                               <key>nl</key>
+                               <string>Ontgrendel</string>
+                               <key>pl</key>
+                               <string>Odblokuj</string>
+                               <key>pt</key>
+                               <string>Desbloquear</string>
+                               <key>pt-PT</key>
+                               <string>Desproteger</string>
+                               <key>ru</key>
+                               <string>Снять защиту</string>
+                               <key>sv</key>
+                               <string>Lås upp</string>
+                               <key>tr</key>
+                               <string>Kilidi Aç</string>
+                               <key>zh-Hans</key>
+                               <string>解锁</string>
+                               <key>zh-Hant</key>
+                               <string>解鎖</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ فتح قفل تفضيلات الطباعة والمسح الضوئي.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší odemknout předvolby Tisk a fax.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at låse vinduet Udskriv &amp; scan op.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Systemeinstellung „Drucken &amp; Scannen“ zu entsperren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to unlock the Print &amp; Scan preferences.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando desbloquear el panel de preferencias Impresión y Escaneado.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää avata Tulostus ja skannaus -asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie de déverrouiller les préférences Imprimantes et scanners.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja feloldani a Nyomtatás és szkennelés beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta tentando di sbloccare le preferenze di Stampa e scansione.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ が“プリントとファクス”環境設定のロックを解除しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 프린트 및 스캔 환경설정을 잠금 해제하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å låse opp Utskrift- og skanning-valgpanelet.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het voorkeurenpaneel 'Afdrukken en scannen' te ontgrendelen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje odblokować preferencje drukarki i skanera.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando desbloquear as preferências Impressão e Escaneamento.</string>
+                               <key>pt-PT</key>
+                               <string>__APPNAME__ está a tentar desproteger as preferências de Impressão e Digitalização.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается снять защиту с настроек панели «Печать и факс».</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker låsa upp inställningarna för Skrivare och skanner.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Kağıda Dökme ve Tarama tercihlerinin kilidini açmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图解锁“打印与扫描”偏好设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”在嘗試解鎖“列印與掃描”偏好設定。</string>
+                       </dict>

                        <key>group</key>
                        <string>admin</string>
                        <key>group</key>
                        <string>admin</string>

-                       <key>allow-root</key>
-                       <true/>

                        <key>shared</key>
                        <true/>
                        <key>shared</key>
                        <true/>

-                       <key>timeout</key>
-                       <integer>300</integer>
-                       <key>comment</key>
-                       <string>For making Directory Services changes.</string>

                </dict>
                </dict>

-               <key>com.apple.server.admin.streaming</key>
+               <key>system.preferences.security</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <true/>

                        <key>class</key>
                        <key>class</key>

-                       <string>user</string>   
+                       <string>user</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>For making administrative requests to the QuickTime Streaming Server.</string>
+                       <string>Checked by the Admin framework when making changes to the Security preference pane.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>فتح القفل</string>
+                               <key>cs</key>
+                               <string>Odemknout</string>
+                               <key>da</key>
+                               <string>Lås op</string>
+                               <key>de</key>
+                               <string>Entsperren</string>
+                               <key>en</key>
+                               <string>Unlock</string>
+                               <key>es</key>
+                               <string>Desbloquear</string>
+                               <key>fi</key>
+                               <string>Avaa</string>
+                               <key>fr</key>
+                               <string>Déverrouiller</string>
+                               <key>hu</key>
+                               <string>Feloldás</string>
+                               <key>it</key>
+                               <string>Sblocca</string>
+                               <key>ja</key>
+                               <string>ロックを解除</string>
+                               <key>ko</key>
+                               <string>잠금 해제</string>
+                               <key>nb</key>
+                               <string>Lås opp</string>
+                               <key>nl</key>
+                               <string>Ontgrendel</string>
+                               <key>pl</key>
+                               <string>Odblokuj</string>
+                               <key>pt</key>
+                               <string>Desbloquear</string>
+                               <key>pt-PT</key>
+                               <string>Desproteger</string>
+                               <key>ru</key>
+                               <string>Снять защиту</string>
+                               <key>sv</key>
+                               <string>Lås upp</string>
+                               <key>tr</key>
+                               <string>Kilidi Aç</string>
+                               <key>zh-Hans</key>
+                               <string>解锁</string>
+                               <key>zh-Hant</key>
+                               <string>解鎖</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ إلغاء تأمين تفضيلات الأمن والخصوصية.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší odemknout předvolby Zabezpečení a soukromí.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at låse Sikkerhed og personlige indstillinger op.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Systemeinstellung „Sicherheit &amp; Privatsphäre“ zu entsperren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to unlock Security &amp; Privacy preferences.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando desbloquear el panel de preferencias Seguridad y Privacidad.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää avata Suojaus ja yksityisyys -asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de déverrouiller les préférences Sécurité et confidentialité.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja feloldani a Biztonság ás adatvédelem beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta tentando di sbloccare le preferenze Sicurezza e Privacy.</string>
+                               <key>ja</key>
+                               <string>“__APPNAME__”により“セキュリティとプライバシー”環境設定のロックが解除されます。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__ 이(가) 보안 및 개인 정보 환경설정을 잠금 해제하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å låse opp Sikkerhet og personvern-valgpanelet.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het voorkeurenpaneel 'Beveiliging en privacy' te ontgrendelen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje odblokować preferencje Ochrona i prywatność.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando desbloquear as preferências Segurança e Privacidade.</string>
+                               <key>pt-PT</key>
+                               <string>__APPNAME__ está a tentar desproteger as preferências de Segurança e Privacidade.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается снять защиту с панели «Защита и безопасность».</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker låsa upp inställningarna för Säkerhet och integritet.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Güvenlik ve Gizlilik tercihlerinin kilidini açmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图解锁“安全性与隐私”偏好设置。</string>
+                               <key>zh-Hant</key>
+                               <string>__APPNAME__ 正在嘗試解鎖“安全性與隱私”偏好設定。</string>
+                       </dict>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <false/>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <false/>

-                       <key>allow-root</key>
-                       <true/>
-                       <key>timeout</key>
-                       <integer>0</integer>

                </dict>
                </dict>

-               <key>com.apple.trust-settings.admin</key>
+               <key>system.preferences.security.remotepair</key>

                <dict>
                <dict>

+                       <key>class</key>
+                       <string>rule</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>For modifying Trust Settings in the Local Admin domain.</string>
+                       <string>Used by Bezel Services to gate IR remote pairing.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>اقتران</string>
+                               <key>cs</key>
+                               <string>Párovat</string>
+                               <key>da</key>
+                               <string>Dan par</string>
+                               <key>de</key>
+                               <string>Koppeln</string>
+                               <key>en</key>
+                               <string>Pair</string>
+                               <key>es</key>
+                               <string>Enlazar</string>
+                               <key>fi</key>
+                               <string>Muodosta pari</string>
+                               <key>fr</key>
+                               <string>Jumeler</string>
+                               <key>hu</key>
+                               <string>Párosítás</string>
+                               <key>it</key>
+                               <string>Abbina</string>
+                               <key>ja</key>
+                               <string>登録</string>
+                               <key>ko</key>
+                               <string>연결</string>
+                               <key>nb</key>
+                               <string>Sammenkoble</string>
+                               <key>nl</key>
+                               <string>Koppel</string>
+                               <key>pl</key>
+                               <string>Łącz w parę</string>
+                               <key>pt</key>
+                               <string>Emparelhar</string>
+                               <key>pt-PT</key>
+                               <string>Emparelhar</string>
+                               <key>ru</key>
+                               <string>Создать пару</string>
+                               <key>sv</key>
+                               <string>Parkoppla</string>
+                               <key>tr</key>
+                               <string>Eşle</string>
+                               <key>zh-Hans</key>
+                               <string>配对</string>
+                               <key>zh-Hant</key>
+                               <string>配對</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ الاقتران بوحدة التحكم عن بعد.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší párovat ovladač.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at danne par med fjernbetjeningen.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Fernbedienung zu koppeln.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to pair the remote.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando enlazar un mando a distancia.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää muodostaa paria kaukosäätimen kanssa.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de jumeler la télécommande.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja párosítani a távvezérlőt.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di abbinare il telecomando.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は Remote を登録しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 리모컨을 연결하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å sammenkoble fjernkontrollen.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de afstandsbediening te koppelen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje połączyć pilota w parę.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando emparelhar o controle remoto.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar emparelhar o comando.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается создать пару с пультом ДУ.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker parkoppla fjärrkontrollen.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, uzaktan kumandayı eşlemeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图与遥控器配对。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試配對遙控器。</string>
+                       </dict>
+                       <key>rule</key>
+                       <string>entitled-admin-or-authenticate-admin</string>
+               </dict>
+               <key>system.preferences.sharing</key>
+               <dict>

                        <key>allow-root</key>
                        <true/>
                        <key>class</key>
                        <string>user</string>
                        <key>allow-root</key>
                        <true/>
                        <key>class</key>
                        <string>user</string>

+                       <key>comment</key>
+                       <string>Checked by the Admin framework when making changes to the Sharing preference pane.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>فتح القفل</string>
+                               <key>cs</key>
+                               <string>Odemknout</string>
+                               <key>da</key>
+                               <string>Lås op</string>
+                               <key>de</key>
+                               <string>Entsperren</string>
+                               <key>en</key>
+                               <string>Unlock</string>
+                               <key>es</key>
+                               <string>Desbloquear</string>
+                               <key>fi</key>
+                               <string>Avaa</string>
+                               <key>fr</key>
+                               <string>Déverrouiller</string>
+                               <key>hu</key>
+                               <string>Feloldás</string>
+                               <key>it</key>
+                               <string>Sblocca</string>
+                               <key>ja</key>
+                               <string>ロック解除</string>
+                               <key>ko</key>
+                               <string>잠금 해제</string>
+                               <key>nb</key>
+                               <string>Lås opp</string>
+                               <key>nl</key>
+                               <string>Ontgrendel</string>
+                               <key>pl</key>
+                               <string>Odblokuj</string>
+                               <key>pt</key>
+                               <string>Desbloquear</string>
+                               <key>pt-PT</key>
+                               <string>Desproteger</string>
+                               <key>ru</key>
+                               <string>Снять защиту</string>
+                               <key>sv</key>
+                               <string>Lås upp</string>
+                               <key>tr</key>
+                               <string>Kilidi Aç</string>
+                               <key>zh-Hans</key>
+                               <string>解锁</string>
+                               <key>zh-Hant</key>
+                               <string>解鎖</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ فتح قفل تفضيلات المشاركة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší odemknout předvolby Sdílení.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at låse vinduet Deling op.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Systemeinstellung „Freigaben“ zu entsperren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to unlock the Sharing preferences.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando desbloquear el panel de preferencias Compartir.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää avata Jako-asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie de déverrouiller les préférences Partage.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja feloldani a Megosztás beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta tentando di sbloccare le preferenze di Condivisione.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ が“共有”環境設定のロックを解除しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 공유 환경설정을 잠금 해제하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å låse opp Deling-valgpanelet.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het voorkeurenpaneel 'Delen' te ontgrendelen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje odblokować preferencje udostępniania.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando desbloquear as preferências Compartilhamento.</string>
+                               <key>pt-PT</key>
+                               <string>__APPNAME__ está a tentar desproteger as preferências de Partilha.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается снять защиту с настроек панели «Общий доступ».</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker låsa upp inställningarna för Delning.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Paylaşma tercihlerinin kilidini açmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图解锁“共享”偏好设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試解鎖“共享”偏好設定。</string>
+                       </dict>

                        <key>group</key>
                        <string>admin</string>
                        <key>group</key>
                        <string>admin</string>

+                       <key>shared</key>
+                       <true/>

                </dict>
                </dict>

-               <key>com.apple.trust-settings.user</key>
-               <dict>
-                       <key>rule</key>
-                       <string>authenticate-session-owner</string>
-                       <key>comment</key>
-                       <string>For modifying per-user Trust Settings.</string>
-               </dict>
-               <key>system.install.admin.user</key>
+               <key>system.preferences.softwareupdate</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <true/>

                        <key>class</key>
                        <key>class</key>

-                       <string>user</string>   
+                       <string>user</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>Checked when user is installing in admin domain (/Applications).</string>       
+                       <string>Checked by the Admin framework when making changes to the Software Update preference pane.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>فتح القفل</string>
+                               <key>cs</key>
+                               <string>Odemknout</string>
+                               <key>da</key>
+                               <string>Lås op</string>
+                               <key>de</key>
+                               <string>Entsperren</string>
+                               <key>en</key>
+                               <string>Unlock</string>
+                               <key>es</key>
+                               <string>Desbloquear</string>
+                               <key>fi</key>
+                               <string>Avaa</string>
+                               <key>fr</key>
+                               <string>Déverrouiller</string>
+                               <key>hu</key>
+                               <string>Feloldás</string>
+                               <key>it</key>
+                               <string>Sblocca</string>
+                               <key>ja</key>
+                               <string>ロック解除</string>
+                               <key>ko</key>
+                               <string>잠금 해제</string>
+                               <key>nb</key>
+                               <string>Lås opp</string>
+                               <key>nl</key>
+                               <string>Ontgrendel</string>
+                               <key>pl</key>
+                               <string>Odblokuj</string>
+                               <key>pt</key>
+                               <string>Desbloquear</string>
+                               <key>pt-PT</key>
+                               <string>Desproteger</string>
+                               <key>ru</key>
+                               <string>Снять защиту</string>
+                               <key>sv</key>
+                               <string>Lås upp</string>
+                               <key>tr</key>
+                               <string>Kilidi Aç</string>
+                               <key>zh-Hans</key>
+                               <string>解锁</string>
+                               <key>zh-Hant</key>
+                               <string>解鎖</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ فتح قفل تفضيلات محدث البرامج.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší odemknout předvolby Aktualizace softwaru.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at låse vinduet Softwareopdatering op.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Systemeinstellung „Softwareaktualisierung“ zu entsperren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to unlock the Software Update preferences.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando desbloquear el panel de preferencias Actualización de Software.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää avata Ohjelmiston päivitys -asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie de déverrouiller les préférences Mise à jour de logiciels.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja feloldani a szoftverfrissítés beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta tentando di sbloccare le preferenze di Aggiornamento Software.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ が“ソフトウェア・アップデート”環境設定のロックを解除しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 소프트웨어 업데이트 환경설정을 잠금 해제하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å låse opp Programvareoppdatering-valgpanelet.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het voorkeurenpaneel 'Software-update' te ontgrendelen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje odblokować preferencje uaktualnień programów.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando desbloquear as preferências Atualização de Software.</string>
+                               <key>pt-PT</key>
+                               <string>__APPNAME__ está a tentar desproteger as preferências de Actualização de Software.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается снять защиту с настроек панели «Обновление программ».</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker låsa upp inställningarna för Programuppdatering.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Yazılım Güncelleme tercihlerinin kilidini açmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图解锁“软件更新”偏好设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試解鎖“軟體更新”偏好設定。</string>
+                       </dict>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>

-                       <false/>
-                       <key>timeout</key>
-                       <integer>300</integer>
+                       <true/>

                </dict>
                </dict>

-               <key>system.install.root.user</key>
+               <key>system.preferences.startupdisk</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <true/>

                        <key>class</key>
                        <key>class</key>

-                       <string>user</string>   
+                       <string>user</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>Checked when user is installing in root domain (/System).</string>      
+                       <string>Checked by the Admin framework when making changes to the Startup Disk preference pane.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>فتح القفل</string>
+                               <key>cs</key>
+                               <string>Odemknout</string>
+                               <key>da</key>
+                               <string>Lås op</string>
+                               <key>de</key>
+                               <string>Entsperren</string>
+                               <key>en</key>
+                               <string>Unlock</string>
+                               <key>es</key>
+                               <string>Desbloquear</string>
+                               <key>fi</key>
+                               <string>Avaa</string>
+                               <key>fr</key>
+                               <string>Déverrouiller</string>
+                               <key>hu</key>
+                               <string>Feloldás</string>
+                               <key>it</key>
+                               <string>Sblocca</string>
+                               <key>ja</key>
+                               <string>ロック解除</string>
+                               <key>ko</key>
+                               <string>잠금 해제</string>
+                               <key>nb</key>
+                               <string>Lås opp</string>
+                               <key>nl</key>
+                               <string>Ontgrendel</string>
+                               <key>pl</key>
+                               <string>Odblokuj</string>
+                               <key>pt</key>
+                               <string>Desbloquear</string>
+                               <key>pt-PT</key>
+                               <string>Desproteger</string>
+                               <key>ru</key>
+                               <string>Снять защиту</string>
+                               <key>sv</key>
+                               <string>Lås upp</string>
+                               <key>tr</key>
+                               <string>Kilidi Aç</string>
+                               <key>zh-Hans</key>
+                               <string>解锁</string>
+                               <key>zh-Hant</key>
+                               <string>解鎖</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ فتح قفل تفضيلات قرص بدء التشغيل.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší odemknout předvolby Startovací disk.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at låse vinduet Startdisk op.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Systemeinstellung „Startvolume“ zu entsperren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to unlock the Startup Disk preferences.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando desbloquear el panel de preferencias Disco de Arranque.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää avata Käynnistyslevy-asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie de déverrouiller les préférences Démarrage.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja feloldani a Rendszerindító lemez beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta tentando di sbloccare le preferenze del Disco di avvio.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ が“起動ディスク”環境設定のロックを解除しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 시동 디스크 환경설정을 잠금 해제하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å låse opp Startdisk-valgpanelet.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het voorkeurenpaneel 'Opstartschijf' te ontgrendelen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje odblokować preferencje dysku startowego.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando desbloquear as preferências Disco de Inicialização.</string>
+                               <key>pt-PT</key>
+                               <string>__APPNAME__ está a tentar desproteger as preferências de Disco de Arranque.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается снять защиту с настроек панели «Загрузочный том».</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker låsa upp inställningarna för Startskiva.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Başlangıç Diski tercihlerinin kilidini açmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图解锁“启动磁盘”偏好设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試解鎖“啟動磁碟”偏好設定。</string>
+                       </dict>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>

-                       <false/>
-                       <key>timeout</key>
-                       <integer>300</integer>
+                       <true/>

                </dict>
                </dict>

-               <key>system.install.root.admin</key>
+               <key>system.preferences.timemachine</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <true/>

                        <key>class</key>
                        <key>class</key>

-                       <string>user</string>   
+                       <string>user</string>

                        <key>comment</key>
                        <key>comment</key>

-                       <string>Checked when admin is installing in root domain (/System).</string>     
+                       <string>Checked by the Admin framework when making changes to the Time Machine preference pane.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>فتح القفل</string>
+                               <key>cs</key>
+                               <string>Odemknout</string>
+                               <key>da</key>
+                               <string>Lås op</string>
+                               <key>de</key>
+                               <string>Entsperren</string>
+                               <key>en</key>
+                               <string>Unlock</string>
+                               <key>es</key>
+                               <string>Desbloquear</string>
+                               <key>fi</key>
+                               <string>Avaa</string>
+                               <key>fr</key>
+                               <string>Déverrouiller</string>
+                               <key>hu</key>
+                               <string>Feloldás</string>
+                               <key>it</key>
+                               <string>Sblocca</string>
+                               <key>ja</key>
+                               <string>ロック解除</string>
+                               <key>ko</key>
+                               <string>잠금 해제</string>
+                               <key>nb</key>
+                               <string>Lås opp</string>
+                               <key>nl</key>
+                               <string>Ontgrendel</string>
+                               <key>pl</key>
+                               <string>Odblokuj</string>
+                               <key>pt</key>
+                               <string>Desbloquear</string>
+                               <key>pt-PT</key>
+                               <string>Desproteger</string>
+                               <key>ru</key>
+                               <string>Снять защиту</string>
+                               <key>sv</key>
+                               <string>Lås upp</string>
+                               <key>tr</key>
+                               <string>Kilidi Aç</string>
+                               <key>zh-Hans</key>
+                               <string>解锁</string>
+                               <key>zh-Hant</key>
+                               <string>解鎖</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ فتح قفل تفضيلات Time Machine.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší odemknout předvolby Time Machine.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at låse vinduet Time Machine op.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Systemeinstellung „Time Machine“ zu entsperren.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to unlock the Time Machine preferences.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando desbloquear el panel de preferencias Time Machine.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää avata Time Machine -asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie de déverrouiller les préférences Time Machine.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja feloldani a Time Machine beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta tentando di sbloccare le preferenze di Time Machine.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ が“Time Machine”環境設定のロックを解除しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) Time Machine 환경설정을 잠금 해제하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å låse opp Time Machine-valgpanelet.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het voorkeurenpaneel 'Time Machine' te ontgrendelen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje odblokować preferencje Time Machine.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando desbloquear as preferências Time Machine.</string>
+                               <key>pt-PT</key>
+                               <string>__APPNAME__ está a tentar desproteger as preferências de Time Machine.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается снять защиту с настроек панели Time Machine.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker låsa upp inställningarna för Time Machine.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Time Machine tercihlerinin kilidini açmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图解锁 Time Machine 偏好设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試解鎖 Time Machine 偏好設定。</string>
+                       </dict>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>

-                       <false/>
-                       <key>timeout</key>
-                       <integer>300</integer>
+                       <true/>

                </dict>
                </dict>

-               <key>com.apple.appserver.privilege.admin</key>
+               <key>system.preferences.version-cue</key>

                <dict>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>
                <dict>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>

-                       <string>For administrative access to the Application Server management tool.</string>
+                       <string>For gating modifications to Adobe Version Cue preferences.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل التفضيلات</string>
+                               <key>cs</key>
+                               <string>Změnit předvolby</string>
+                               <key>da</key>
+                               <string>Juster indstillinger</string>
+                               <key>de</key>
+                               <string>Einstellungen ändern</string>
+                               <key>en</key>
+                               <string>Modify Preferences</string>
+                               <key>es</key>
+                               <string>Modificar preferencias</string>
+                               <key>fi</key>
+                               <string>Muokkaa asetuksia</string>
+                               <key>fr</key>
+                               <string>Modifier les préférences</string>
+                               <key>hu</key>
+                               <string>Beállítások módosítása</string>
+                               <key>it</key>
+                               <string>Modifica preferenze</string>
+                               <key>ja</key>
+                               <string>環境設定を変更</string>
+                               <key>ko</key>
+                               <string>환경설정 수정</string>
+                               <key>nb</key>
+                               <string>Endre valg</string>
+                               <key>nl</key>
+                               <string>Wijzig voorkeuren</string>
+                               <key>pl</key>
+                               <string>Zmień preferencje</string>
+                               <key>pt</key>
+                               <string>Modificar Preferências</string>
+                               <key>pt-PT</key>
+                               <string>Modificar as preferências</string>
+                               <key>ru</key>
+                               <string>Модифицировать настройки</string>
+                               <key>sv</key>
+                               <string>Ändra inställningar</string>
+                               <key>tr</key>
+                               <string>Tercihleri Değiştir</string>
+                               <key>zh-Hans</key>
+                               <string>修改偏好设置</string>
+                               <key>zh-Hant</key>
+                               <string>修改偏好設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تعديل تفضيلات رمز الإصدار.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší změnit předvolby Version Cue.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at ændre indstillingerne til versionindikatoren.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Systemeinstellung „Version Cue“ zu ändern.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to modify the Version Cue preferences.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando modificar las preferencias de la indicación de versión.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää muokata Version Cue -asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de modifier les préférences de Version Cue.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja feloldani a Version Cue beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di modificare le preferenze Version Cue.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、“Version Cue”環境設定を変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) Version Cue 환경설정을 수정하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å endre Version Cue-valgpanelet.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de Version Cue-voorkeuren te wijzigen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zmienić preferencje Version Cue.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando modificar os ajustes do aplicativo Version Cue.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar modificar as preferências de Version Cue.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается модифицировать настройки Version Cue.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ändra inställningarna för Version Cue.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Version Cue tercihlerini değiştirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图修改 Version Cue 的偏好设置</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試修改 Version Cue 偏好設定。</string>
+                       </dict>

                        <key>rule</key>
                        <key>rule</key>

-                       <string>appserver-admin</string>
+                       <string>authenticate-admin</string>

                </dict>
                </dict>

-               <key>com.apple.appserver.privilege.user</key>
+               <key>system.print.admin</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل الإعدادات</string>
+                               <key>cs</key>
+                               <string>Změnit nastavení</string>
+                               <key>da</key>
+                               <string>Juster indstillinger</string>
+                               <key>de</key>
+                               <string>Einstellungen ändern</string>
+                               <key>en</key>
+                               <string>Modify Settings</string>
+                               <key>es</key>
+                               <string>Modificar ajustes</string>
+                               <key>fi</key>
+                               <string>Muokkaa asetuksia</string>
+                               <key>fr</key>
+                               <string>Modifer les réglages</string>
+                               <key>hu</key>
+                               <string>Beállítások módosítása</string>
+                               <key>it</key>
+                               <string>Modifica impostazioni</string>
+                               <key>ja</key>
+                               <string>設定を変更</string>
+                               <key>ko</key>
+                               <string>설정 수정</string>
+                               <key>nb</key>
+                               <string>Endre innstillinger</string>
+                               <key>nl</key>
+                               <string>Wijzig instellingen</string>
+                               <key>pl</key>
+                               <string>Zmień ustawienia</string>
+                               <key>pt</key>
+                               <string>Modificar Ajustes</string>
+                               <key>pt-PT</key>
+                               <string>Modificar definições</string>
+                               <key>ru</key>
+                               <string>Модифицировать настройки</string>
+                               <key>sv</key>
+                               <string>Ändra inställningar</string>
+                               <key>tr</key>
+                               <string>Ayarları Değiştir</string>
+                               <key>zh-Hans</key>
+                               <string>修改设置</string>
+                               <key>zh-Hant</key>
+                               <string>修改設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تعديل إعدادات الطابعة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší změnit nastavení tiskárny.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at ændre printerindstillingerne.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Druckereinstellungen zu ändern.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to modify the printer settings.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando modificar los ajustes de la impresora.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää muokata tulostimen asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de modifier les réglages d’imprimante.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja módosítani a nyomtató beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di modificare le impostazioni della stampante.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ はプリンタの設定を変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 프린터 설정을 변경하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å endre skriverinnstillingene.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de printerinstellingen te wijzigen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zmienić ustawienia drukarki.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando modificar os ajustes da impressora.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar modificar as definições de impressão.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается модифицировать настройки принтера.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ändra skrivarinställningarna.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, yazıcı ayarlarını değiştirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图修改打印机设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試修改印表機設定。</string>
+                       </dict>
+                       <key>rule</key>
+                       <string>root-or-lpadmin</string>
+               </dict>
+               <key>system.print.operator</key>
+               <dict>
+                       <key>allow-root</key>
+                       <true/>
+                       <key>class</key>
+                       <string>user</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>السماح بالطباعة</string>
+                               <key>cs</key>
+                               <string>Povolit tisk</string>
+                               <key>da</key>
+                               <string>Tillad udskrivning</string>
+                               <key>de</key>
+                               <string>Drucken erlauben</string>
+                               <key>en</key>
+                               <string>Allow Printing</string>
+                               <key>es</key>
+                               <string>Permitir impresión</string>
+                               <key>fi</key>
+                               <string>Salli tulostus</string>
+                               <key>fr</key>
+                               <string>Autoriser l’impression</string>
+                               <key>hu</key>
+                               <string>Nyomtatás engedélyezése</string>
+                               <key>it</key>
+                               <string>Consenti stampa</string>
+                               <key>ja</key>
+                               <string>プリントを許可</string>
+                               <key>ko</key>
+                               <string>프린트 허용</string>
+                               <key>nb</key>
+                               <string>Tillat utskrift</string>
+                               <key>nl</key>
+                               <string>Sta afdrukken toe</string>
+                               <key>pl</key>
+                               <string>Pozwól na drukowanie</string>
+                               <key>pt</key>
+                               <string>Permitir Impressão</string>
+                               <key>pt-PT</key>
+                               <string>Permitir imprimir</string>
+                               <key>ru</key>
+                               <string>Разрешить печать</string>
+                               <key>sv</key>
+                               <string>Tillåt utskrifter</string>
+                               <key>tr</key>
+                               <string>Kağıda Dökmeye İzin Ver</string>
+                               <key>zh-Hans</key>
+                               <string>允许打印</string>
+                               <key>zh-Hant</key>
+                               <string>允許列印</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ استخدام الطابعة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší použít tiskárnu.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at bruge printeren.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, den Drucker zu benutzen.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to use the printer.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando usar la impresora.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää käyttää tulostinta.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye d’utiliser l’imprimante.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja használni a nyomtatót.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di usare la stampante.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ はプリンタを使用しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 프린터를 사용하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å bruke skriveren.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de printer te gebruiken.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje użyć drukarki.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando usar a impressora.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar usar a impressora.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается использовать принтер.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker använda skrivaren.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, yazıcıyı kullanmaya çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图使用打印机。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試使用印表機。</string>
+                       </dict>
+                       <key>group</key>
+                       <string>_lpoperator</string>
+                       <key>shared</key>
+                       <true/>
+               </dict>
+               <key>system.printingmanager</key>

                <dict>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>
                <dict>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>

-                       <string>For user access to the Application Server management tool.</string>
+                       <string>For printing to locked printers.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>طباعة</string>
+                               <key>cs</key>
+                               <string>Tisknout</string>
+                               <key>da</key>
+                               <string>Udskriv</string>
+                               <key>de</key>
+                               <string>Drucken</string>
+                               <key>en</key>
+                               <string>Print</string>
+                               <key>es</key>
+                               <string>Imprimir</string>
+                               <key>fi</key>
+                               <string>Tulosta</string>
+                               <key>fr</key>
+                               <string>Imprimer</string>
+                               <key>hu</key>
+                               <string>Nyomtatás</string>
+                               <key>it</key>
+                               <string>Stampa</string>
+                               <key>ja</key>
+                               <string>プリント</string>
+                               <key>ko</key>
+                               <string>프린트</string>
+                               <key>nb</key>
+                               <string>Skriv ut</string>
+                               <key>nl</key>
+                               <string>Druk af</string>
+                               <key>pl</key>
+                               <string>Drukuj</string>
+                               <key>pt</key>
+                               <string>Imprimir</string>
+                               <key>pt-PT</key>
+                               <string>Imprimir</string>
+                               <key>ru</key>
+                               <string>Напечатать</string>
+                               <key>sv</key>
+                               <string>Skriv ut</string>
+                               <key>tr</key>
+                               <string>Kağıda Dök</string>
+                               <key>zh-Hans</key>
+                               <string>打印</string>
+                               <key>zh-Hant</key>
+                               <string>列印</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ الطباعة على طابعة مقفلة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší tisknout na uzamčené tiskárně.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at udskrive til en låst printer.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, auf einem gesperrten Drucker zu drucken.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to print to a locked printer.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando imprimir en una impresora bloqueada.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää tulostaa lukitulle tulostimelle.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye d’imprimer vers une imprimante verrouillée.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál nyomtatni egy zárolt nyomtatóra</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di stampare su una stampante bloccata.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、ロック中のプリンタを使ってプリントしようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 잠겨있는 프린터에서 프린트하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å skrive ut på en låst skriver.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert een vergrendelde printer te gebruiken.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje drukować na zablokowanej drukarce.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando imprimir em uma impressora bloqueada.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar imprimir através de uma impressora que se encontra bloqueada.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается выполнить печать на защищенном принтере.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker skriva ut på en låst skrivare.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, kilitli bir yazıcıda kağıda dökmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图打印到已锁定的打印机。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試列印至鎖定的印表機。</string>
+                       </dict>

                        <key>k-of-n</key>
                        <integer>1</integer>
                        <key>rule</key>
                        <array>
                        <key>k-of-n</key>
                        <integer>1</integer>
                        <key>rule</key>
                        <array>

-                               <string>appserver-admin</string>
-                               <string>appserver-user</string>
+                               <string>is-admin</string>
+                               <string>authenticate-admin</string>

                        </array>
                </dict>
                        </array>
                </dict>

-               <key>com.apple.dashboard.advisory.allow</key>
+               <key>system.privilege.admin</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <true/>

                        <key>class</key>
                        <string>user</string>
                        <key>class</key>
                        <string>user</string>

+                       <key>comment</key>
+                       <string>Used by AuthorizationExecuteWithPrivileges(...).  
+               AuthorizationExecuteWithPrivileges() is used by programs requesting
+               to run a tool as root (e.g., some installers).</string>

                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>
                        <key>group</key>
                        <string>admin</string>
                        <key>shared</key>


@@ -624,118 +5443,578 @@ See remaining rules for examples.
                        <key>timeout</key>
                        <integer>300</integer>
                </dict>
                        <key>timeout</key>
                        <integer>300</integer>
                </dict>

-               <key>com.apple.desktopservices</key>
+               <key>system.privilege.taskport</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <false/>

                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>

-                       <string>For privileged file operations from within the Finder.</string>
+                       <string>Used by task_for_pid(...).
+               Task_for_pid is called by programs requesting full control over another program
+               for things like debugging or performance analysis. This authorization only applies
+               if the requesting and target programs are run by the same user; it will never
+               authorize access to the program of another user.  WARNING: administrators are advised not to modify this right.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>التحكم</string>
+                               <key>cs</key>
+                               <string>Převzít kontrolu</string>
+                               <key>da</key>
+                               <string>Overtag kontrol</string>
+                               <key>de</key>
+                               <string>Steuerung übernehmen</string>
+                               <key>en</key>
+                               <string>Take Control</string>
+                               <key>es</key>
+                               <string>Controlar</string>
+                               <key>fi</key>
+                               <string>Ota hallintaan</string>
+                               <key>fr</key>
+                               <string>Prendre le contrôle</string>
+                               <key>hu</key>
+                               <string>Vezérlés átvétele</string>
+                               <key>it</key>
+                               <string>Prendi il controllo</string>
+                               <key>ja</key>
+                               <string>制御</string>
+                               <key>ko</key>
+                               <string>제어하기</string>
+                               <key>nb</key>
+                               <string>Ta kontroll</string>
+                               <key>nl</key>
+                               <string>Beheer</string>
+                               <key>pl</key>
+                               <string>Przejmij kontrolę</string>
+                               <key>pt</key>
+                               <string>Recuperar Controle</string>
+                               <key>pt-PT</key>
+                               <string>Recuperar controlo</string>
+                               <key>ru</key>
+                               <string>Управлять</string>
+                               <key>sv</key>
+                               <string>Ta kontroll</string>
+                               <key>tr</key>
+                               <string>Yönetimi Ele Geçir</string>
+                               <key>zh-Hans</key>
+                               <string>控制</string>
+                               <key>zh-Hant</key>
+                               <string>控制</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ أن يسيطر على عملية أخرى.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší převzít kontrolu nad jiným procesem.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at overtage kontrollen af en anden proces.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Steuerung eines anderen Vorgangs zu übernehmen.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to take control of another process.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando controlar otro proceso.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää ottaa hallintaan toista prosessia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de prendre le contrôle d’un autre processus.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja átvenni egy másik folyamat vezérlését.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di prendere il controllo di un altro processo.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、ほかのプロセスを制御しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 다른 프로세스를 제어하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å styre en annen prosess.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het beheer van een ander proces over te nemen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje przejąć kontrolę nad innym procesem.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando assumir o controle de outro processo.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar controlar outro processo.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается взять под контроль другой процесс.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ta kontroll över en annan process.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, başka bir işlemin yönetimini ele geçirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图控制另一进程。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試控制另一個程序。</string>
+                       </dict>

                        <key>group</key>
                        <key>group</key>

-                       <string>admin</string>
+                       <string>_developer</string>

                        <key>shared</key>
                        <key>shared</key>

-                       <false/>
+                       <true/>

                        <key>timeout</key>
                        <key>timeout</key>

-                       <integer>0</integer>
-               </dict>
-               <key>com.apple.builtin.generic-new-passphrase</key>
-               <dict>
-                       <key>class</key>
-                       <string>evaluate-mechanisms</string>
-                       <key>mechanisms</key>
-                       <array>
-                               <string>builtin:generic-new-passphrase</string>
-                       </array>
+                       <integer>36000</integer>

                </dict>
                </dict>

-               <key>com.apple.builtin.generic-unlock</key>
+               <key>system.privilege.taskport.debug</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <false/>

                        <key>class</key>
                        <key>class</key>

-                       <string>evaluate-mechanisms</string>
-                       <key>mechanisms</key>
-                       <array>
-                               <string>builtin:generic-unlock</string>
-                       </array>
+                       <string>user</string>
+                       <key>comment</key>
+                       <string>For use by Apple.  WARNING: administrators are advised
+            not to modify this right.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>متابعة</string>
+                               <key>cs</key>
+                               <string>Pokračovat</string>
+                               <key>da</key>
+                               <string>Fortsæt</string>
+                               <key>de</key>
+                               <string>Fortfahren</string>
+                               <key>en</key>
+                               <string>Continue</string>
+                               <key>es</key>
+                               <string>Continuar</string>
+                               <key>fi</key>
+                               <string>Jatka</string>
+                               <key>fr</key>
+                               <string>Continuer</string>
+                               <key>hu</key>
+                               <string>Folytatás</string>
+                               <key>it</key>
+                               <string>Continua</string>
+                               <key>ja</key>
+                               <string>続ける</string>
+                               <key>ko</key>
+                               <string>계속</string>
+                               <key>nb</key>
+                               <string>Fortsett</string>
+                               <key>nl</key>
+                               <string>Ga door</string>
+                               <key>pl</key>
+                               <string>Dalej</string>
+                               <key>pt</key>
+                               <string>Continuar</string>
+                               <key>pt-PT</key>
+                               <string>Continuar</string>
+                               <key>ru</key>
+                               <string>Продолжить</string>
+                               <key>sv</key>
+                               <string>Fortsätt</string>
+                               <key>tr</key>
+                               <string>Sürdür</string>
+                               <key>zh-Hans</key>
+                               <string>继续</string>
+                               <key>zh-Hant</key>
+                               <string>繼續</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ أن يسيطر على عملية أخرى لتصحيح الأخطاء للاستمرار.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ potřebuje pro pokračování ladění převzít kontrolu nad jiným procesem.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ bliver nødt til at overtage kontrollen af en anden process, for at fejlfinding kan fortsætte.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ muss zum Fortsetzen der Fehlerbehebung die Steuerung eines anderen Vorgangs übernehmen.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ needs to take control of another process for debugging to continue.</string>
+                               <key>es</key>
+                               <string>Para continuar con la depuración, __APPNAME__ debe controlar otro proceso.</string>
+                               <key>fi</key>
+                               <string>Ohjelman __APPNAME__ pitää ottaa toinen prosessi hallintaan, jotta virheidenmääritys voi jatkua.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ à besoin de prendre le contrôle d’un autre processus pour continuer le débogage.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ alkalmazásnak át kell vennie egy másik folyamat vezérlését a hibakeresés folytatásához.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ deve prendere il controllo di un altro processo affinché possa continuare il debugging.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、デバッグを続けるためにほかのプロセスを制御する必要があります。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 다른 프로세스를 제어해야 디버깅을 계속할 수 있습니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ må styre en annen prosess for at feilsøkingen skal fortsette.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ moet het beheer van een ander proces overnemen voordat de foutopsporing kan worden voortgezet.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ musi przejąć kontrolę nad innym procesem na potrzeby usuwania błędów, aby kontynuować.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ precisa assumir o controle de outro processo para que a depuração possa continuar.</string>
+                               <key>pt-PT</key>
+                               <string>Para poder continuar a depuração, o __APPNAME__ necessita de controlar outro processo.</string>
+                               <key>ru</key>
+                               <string>Программе «__APPNAME__» необходимо взять под контроль другой процесс, чтобы отладка могла быть продолжена.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ måste ta kontroll över en annan process för att kunna fortsätta felsöka.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, başka bir işlemin yönetimini ele geçirmeden hata ayıklama sürdürülemez.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”需控制另一进程，才能继续调试。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”需要控制另一個程序才能繼續除錯。</string>
+                       </dict>
+                       <key>group</key>
+                       <string>_developer</string>
+                       <key>shared</key>
+                       <true/>
+                       <key>timeout</key>
+                       <integer>36000</integer>

                </dict>
                </dict>

-               <key>com.apple.builtin.confirm-access</key>
+               <key>system.privilege.taskport.safe</key>

                <dict>
                        <key>class</key>
                <dict>
                        <key>class</key>

-                       <string>evaluate-mechanisms</string>
-                       <key>tries</key>
-                       <integer>1</integer>
-                       <key>mechanisms</key>
-                       <array>
-                               <string>builtin:confirm-access</string>
-                       </array>
+                       <string>allow</string>
+                       <key>comment</key>
+                       <string>For use by Apple.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>التحكم</string>
+                               <key>cs</key>
+                               <string>Převzít kontrolu</string>
+                               <key>da</key>
+                               <string>Overtag kontrol</string>
+                               <key>de</key>
+                               <string>Steuerung übernehmen</string>
+                               <key>en</key>
+                               <string>Take Control</string>
+                               <key>es</key>
+                               <string>Controlar</string>
+                               <key>fi</key>
+                               <string>Ota hallintaan</string>
+                               <key>fr</key>
+                               <string>Prendre le contrôle</string>
+                               <key>hu</key>
+                               <string>Vezérlés átvétele</string>
+                               <key>it</key>
+                               <string>Prendi il controllo</string>
+                               <key>ja</key>
+                               <string>制御</string>
+                               <key>ko</key>
+                               <string>제어하기</string>
+                               <key>nb</key>
+                               <string>Ta kontroll</string>
+                               <key>nl</key>
+                               <string>Beheer</string>
+                               <key>pl</key>
+                               <string>Przejmij kontrolę</string>
+                               <key>pt</key>
+                               <string>Recuperar Controle</string>
+                               <key>pt-PT</key>
+                               <string>Recuperar controlo</string>
+                               <key>ru</key>
+                               <string>Управлять</string>
+                               <key>sv</key>
+                               <string>Ta kontroll</string>
+                               <key>tr</key>
+                               <string>Yönetimi Ele Geçir</string>
+                               <key>zh-Hans</key>
+                               <string>控制</string>
+                               <key>zh-Hant</key>
+                               <string>控制</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ أن يسيطر على عملية أخرى.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší převzít kontrolu nad jiným procesem.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at overtage kontrollen af en anden proces.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Steuerung eines anderen Vorgangs zu übernehmen.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to take control of another process.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando controlar otro proceso.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää ottaa hallintaan toista prosessia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de prendre le contrôle d’un autre processus.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja átvenni egy másik folyamat vezérlését.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di prendere il controllo di un altro processo.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、ほかのプロセスを制御しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 다른 프로세스를 제어하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å styre en annen prosess.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het beheer van een ander proces over te nemen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje przejąć kontrolę nad innym procesem.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando assumir o controle de outro processo.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar controlar outro processo.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается взять под контроль другой процесс.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ta kontroll över en annan process.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, başka bir işlemin yönetimini ele geçirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图控制另一进程。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試控制另一個程序。</string>
+                       </dict>

                </dict>
                </dict>

-               <key>com.apple.builtin.confirm-access-password</key>
+               <key>system.restart</key>

                <dict>
                        <key>class</key>
                        <string>evaluate-mechanisms</string>
                <dict>
                        <key>class</key>
                        <string>evaluate-mechanisms</string>

+                       <key>comment</key>
+                       <string>Checked if the foreground console user tries to restart the system while other users are logged in via fast-user switching.</string>

                        <key>mechanisms</key>
                        <array>
                        <key>mechanisms</key>
                        <array>

-                               <string>builtin:confirm-access-password</string>
+                               <string>RestartAuthorization:restart</string>
+                               <string>builtin:authenticate,privileged</string>
+                               <string>RestartAuthorization:success</string>

                        </array>
                </dict>
                        </array>
                </dict>

-               <key>com.apple.ZFSManager.</key>
+               <key>system.services.directory.configure</key>

                <dict>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>
                <dict>
                        <key>class</key>
                        <string>rule</string>
                        <key>comment</key>

-                       <string>Used by zfsmanager to allow access to destructive zfs functions</string>
-                       <key>k-of-n</key>
-                       <integer>1</integer>
+                       <string>For making Directory Services changes.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل التكوين</string>
+                               <key>cs</key>
+                               <string>Změnit konfiguraci</string>
+                               <key>da</key>
+                               <string>Juster konfiguration</string>
+                               <key>de</key>
+                               <string>Konfiguration ändern</string>
+                               <key>en</key>
+                               <string>Modify Configuration</string>
+                               <key>es</key>
+                               <string>Modificar configuración</string>
+                               <key>fi</key>
+                               <string>Muokkaa määrittelyä</string>
+                               <key>fr</key>
+                               <string>Modifier la configuration</string>
+                               <key>hu</key>
+                               <string>Konfiguráció módosítása</string>
+                               <key>it</key>
+                               <string>Modifica configurazione</string>
+                               <key>ja</key>
+                               <string>構成を変更</string>
+                               <key>ko</key>
+                               <string>구성 수정</string>
+                               <key>nb</key>
+                               <string>Endre konfigurasjon</string>
+                               <key>nl</key>
+                               <string>Wijzig configuratie</string>
+                               <key>pl</key>
+                               <string>Zmień konfigurację</string>
+                               <key>pt</key>
+                               <string>Modificar Configuração </string>
+                               <key>pt-PT</key>
+                               <string>Modificar configuração</string>
+                               <key>ru</key>
+                               <string>Модифицировать конфигурацию</string>
+                               <key>sv</key>
+                               <string>Ändra konfiguration</string>
+                               <key>tr</key>
+                               <string>Konfigürasyonu Değiştir</string>
+                               <key>zh-Hans</key>
+                               <string>修改配置</string>
+                               <key>zh-Hant</key>
+                               <string>修改設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تعديل تكوين خدمات الدليل.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší změnit konfiguraci Adresářových služeb.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at ændre konfigurationen Bibliotekstjenester.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Konfiguration der Verzeichnisdienste zu ändern.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to modify the Directory Services configuration.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando modificar la configuración de los servicios de directorio.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää muokata hakemistopalvelujen määrittelyä.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de modifier la configuration des services d’annuaire.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja módosítani a Könyvtárszolgáltatások konfigurációját.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di modificare la configurazione dei Servizi di directory.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、ディレクトリサービスの構成を変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 디렉토리 서비스 구성을 변경하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å endre Katalogtjenester-konfigurasjonen.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert de configuratie van Adreslijstvoorzieningen te wijzigen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zmienić konfigurację programu Usługi katalogowe.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando modificar a configuração dos Serviços de Diretório.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar modificar a configuração dos serviços de directório.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается модифицировать настройку Службы каталогов.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ändra konfigurationen för Katalogtjänster.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Dizin Servisleri konfigürasyonunu değiştirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图修改“目录服务”的配置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試修改“目錄服務”設定。</string>
+                       </dict>

                        <key>rule</key>
                        <key>rule</key>

-                       <array>
-                               <string>is-root</string>
-                               <string>is-admin</string>
-                               <string>default</string>
-                       </array>
-                       <key>shared</key>
-                       <true/>
+                       <string>root-or-admin-or-authenticate-admin</string>

                </dict>
                </dict>

-        <key>com.apple.ServiceManagement.blesshelper</key>
+               <key>system.sharepoints.</key>

                <dict>
                <dict>

-                       <key>comment</key>
-                       <string>Used by the ServiceManagement framework to add a privileged helper tool to the system launchd.</string>
+                       <key>allow-root</key>
+                       <true/>

                        <key>class</key>
                        <key>class</key>

-                       <string>rule</string>
-                       <key>k-of-n</key>
-                       <integer>1</integer>
-                       <key>rule</key>
-                       <array>
-                               <string>is-root</string>
-                               <string>authenticate-admin-30</string>
-                       </array>
+                       <string>user</string>
+                       <key>comment</key>
+                       <string>Checked when making changes to the Sharepoints.</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل التفضيلات</string>
+                               <key>cs</key>
+                               <string>Změnit předvolby</string>
+                               <key>da</key>
+                               <string>Juster indstillinger</string>
+                               <key>de</key>
+                               <string>Einstellungen ändern</string>
+                               <key>en</key>
+                               <string>Modify Preferences</string>
+                               <key>es</key>
+                               <string>Modificar preferencias</string>
+                               <key>fi</key>
+                               <string>Muokkaa asetuksia</string>
+                               <key>fr</key>
+                               <string>Modifier les préférences</string>
+                               <key>hu</key>
+                               <string>Beállítások módosítása</string>
+                               <key>it</key>
+                               <string>Modifica preferenze</string>
+                               <key>ja</key>
+                               <string>環境設定を変更</string>
+                               <key>ko</key>
+                               <string>환경설정 수정</string>
+                               <key>nb</key>
+                               <string>Endre valg</string>
+                               <key>nl</key>
+                               <string>Wijzig voorkeuren</string>
+                               <key>pl</key>
+                               <string>Zmień preferencje</string>
+                               <key>pt</key>
+                               <string>Modificar Preferências</string>
+                               <key>pt-PT</key>
+                               <string>Modificar as preferências</string>
+                               <key>ru</key>
+                               <string>Модифицировать настройки</string>
+                               <key>sv</key>
+                               <string>Ändra inställningar</string>
+                               <key>tr</key>
+                               <string>Tercihleri Değiştir</string>
+                               <key>zh-Hans</key>
+                               <string>修改偏好设置</string>
+                               <key>zh-Hant</key>
+                               <string>修改偏好設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تعديل تفضيلات المشاركة.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší změnit předvolby Sdílení.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ forsøger at ændre Deling.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, die Systemeinstellung „Freigaben“ zu ändern.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to modify Sharing preferences.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando modificar las preferencias de Compartir.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää muokata Jako-asetuksia.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye de modifier les préférences Partage.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja módosítani a Megosztás beállításait.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ sta cercando di modificare le preferenze di condivisione.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、“共有”環境設定を変更しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 공유 환경설정을 변경하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å endre Deling-valgpanelet.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert het voorkeurenpaneel 'Delen' te wijzigen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zmienić preferencje Udostępnianie.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando modificar as preferências de Compartilhamento.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar desproteger as preferências de Partilha.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается модифицировать настройки Общего доступа.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker ändra Delningsinställningarna.</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, Paylaşma tercihlerini değiştirmeye çalışıyor.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正试图修改“共享”偏好设置。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試修改“共享”偏好設定。</string>
+                       </dict>
+                       <key>group</key>
+                       <string>admin</string>
+                       <key>shared</key>
+                       <true/>

                </dict>
                </dict>

-        <key>com.apple.ServiceManagement.daemons.modify</key>
+               <key>system.shutdown</key>

                <dict>
                <dict>

-                       <key>comment</key>
-                       <string>Used by the ServiceManagement framework to make changes to the system launchd's set of daemons.</string>

                        <key>class</key>
                        <key>class</key>

-                       <string>rule</string>
-                       <key>k-of-n</key>
-                       <integer>1</integer>
-                       <key>rule</key>
+                       <string>evaluate-mechanisms</string>
+                       <key>comment</key>
+                       <string>Checked if the foreground console user tries to shut down the system while other users are logged in via fast-user switching.</string>
+                       <key>mechanisms</key>

                        <array>
                        <array>

-                               <string>is-root</string>
-                               <string>authenticate-admin-30</string>
+                               <string>RestartAuthorization:shutdown</string>
+                               <string>builtin:authenticate,privileged</string>
+                               <string>RestartAuthorization:success</string>

                        </array>
                </dict>
                        </array>
                </dict>

-               <key>com.apple.pcastagentconfigd.</key>
+       </dict>
+       <key>rules</key>
+       <dict>
+               <key>admin</key>

                <dict>
                <dict>

-                       <key>comment</key>
-                       <string>Wildcard for rights checked by Podcast Producer when making changes to your camera binding.</string>

                        <key>class</key>
                        <string>user</string>
                        <key>group</key>
                        <string>admin</string>
                        <key>class</key>
                        <string>user</string>
                        <key>group</key>
                        <string>admin</string>

-                       <key>allow-root</key>
-                       <true/>

                        <key>shared</key>
                        <key>shared</key>

-                       <false/>
+                       <true/>

                </dict>
                </dict>

-       </dict>
-       <key>rules</key>
-       <dict>

                <key>allow</key>
                <dict>
                        <key>class</key>
                <key>allow</key>
                <dict>
                        <key>class</key>


@@ -743,6 +6022,32 @@ See remaining rules for examples.
                        <key>comment</key>
                        <string>Allow anyone.</string>
                </dict>
                        <key>comment</key>
                        <string>Allow anyone.</string>
                </dict>

+               <key>appserver-admin</key>
+               <dict>
+                       <key>class</key>
+                       <string>user</string>
+                       <key>group</key>
+                       <string>appserveradm</string>
+               </dict>
+               <key>appserver-user</key>
+               <dict>
+                       <key>class</key>
+                       <string>user</string>
+                       <key>group</key>
+                       <string>appserverusr</string>
+               </dict>
+               <key>authenticate</key>
+               <dict>
+                       <key>class</key>
+                       <string>evaluate-mechanisms</string>
+                       <key>mechanisms</key>
+                       <array>
+                               <string>builtin:authenticate</string>
+                               <string>builtin:reset-password,privileged</string>
+                               <string>builtin:authenticate,privileged</string>
+                               <string>PKINITMechanism:auth,privileged</string>
+                       </array>
+               </dict>

                <key>authenticate-admin</key>
                <dict>
                        <key>class</key>
                <key>authenticate-admin</key>
                <dict>
                        <key>class</key>


@@ -772,6 +6077,17 @@ See remaining rules for examples.
                        <key>timeout</key>
                        <integer>30</integer>
                </dict>
                        <key>timeout</key>
                        <integer>30</integer>
                </dict>

+               <key>authenticate-appstore-30</key>
+               <dict>
+                       <key>class</key>
+                       <string>user</string>
+                       <key>group</key>
+                       <string>_appstore</string>
+                       <key>shared</key>
+                       <true/>
+                       <key>timeout</key>
+                       <integer>30</integer>
+               </dict>

                <key>authenticate-developer</key>
                <dict>
                        <key>class</key>
                <key>authenticate-developer</key>
                <dict>
                        <key>class</key>


@@ -794,6 +6110,21 @@ See remaining rules for examples.
                        <key>session-owner</key>
                        <true/>
                </dict>
                        <key>session-owner</key>
                        <true/>
                </dict>

+               <key>authenticate-session-owner-or-admin</key>
+               <dict>
+                       <key>allow-root</key>
+                       <false/>
+                       <key>class</key>
+                       <string>user</string>
+                       <key>comment</key>
+                       <string>Authenticate either as the owner or as an administrator.</string>
+                       <key>group</key>
+                       <string>admin</string>
+                       <key>session-owner</key>
+                       <true/>
+                       <key>shared</key>
+                       <false/>
+               </dict>

                <key>authenticate-session-user</key>
                <dict>
                        <key>class</key>
                <key>authenticate-session-user</key>
                <dict>
                        <key>class</key>


@@ -803,95 +6134,266 @@ See remaining rules for examples.
                        <key>session-owner</key>
                        <true/>
                </dict>
                        <key>session-owner</key>
                        <true/>
                </dict>

-               <key>authenticate-session-owner-or-admin</key>
+               <key>default</key>

                <dict>
                <dict>

-                       <key>allow-root</key>
-                       <false/>

                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>

-                       <string>Authenticate either as the owner or as an administrator.</string>
+                       <string>Default rule.   
+            Credentials remain valid for 5 minutes after they've been obtained. 
+            An acquired credential is shared by all clients.
+                       </string>

                        <key>group</key>
                        <string>admin</string>
                        <key>group</key>
                        <string>admin</string>

-                       <key>session-owner</key>
-                       <true/>

                        <key>shared</key>
                        <key>shared</key>

-                       <false/>
+                       <true/>
+                       <key>timeout</key>
+                       <integer>300</integer>
+               </dict>
+               <key>entitled</key>
+               <dict>
+                       <key>class</key>
+                       <string>evaluate-mechanisms</string>
+                       <key>mechanisms</key>
+                       <array>
+                               <string>builtin:entitled,privileged</string>
+                       </array>
+                       <key>tries</key>
+                       <integer>1</integer>
+               </dict>
+               <key>entitled-admin</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>k-of-n</key>
+                       <integer>2</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>is-admin</string>
+                               <string>entitled</string>
+                       </array>
+               </dict>
+               <key>entitled-admin-or-authenticate-admin</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>entitled-admin</string>
+                               <string>authenticate-admin-30</string>
+                       </array>
+               </dict>
+               <key>entitled-appstore</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>k-of-n</key>
+                       <integer>2</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>is-appstore</string>
+                               <string>entitled</string>
+                       </array>
+               </dict>
+               <key>entitled-appstore-or-entitled-authenticate-appstore</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>entitled-appstore</string>
+                               <string>entitled-authenticate-appstore</string>
+                       </array>
+               </dict>
+               <key>entitled-authenticate-admin</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>k-of-n</key>
+                       <integer>2</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>entitled</string>
+                               <string>authenticate-admin-30</string>
+                       </array>
+               </dict>
+               <key>entitled-authenticate-appstore</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>k-of-n</key>
+                       <integer>2</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>entitled</string>
+                               <string>authenticate-appstore-30</string>
+                       </array>
+               </dict>
+               <key>entitled-session-owner</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>k-of-n</key>
+                       <integer>2</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>is-session-owner</string>
+                               <string>entitled</string>
+                       </array>
+               </dict>
+               <key>entitled-session-owner-or-authenticate-session-owner</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>entitled-session-owner</string>
+                               <string>authenticate-session-owner</string>
+                       </array>

                </dict>
                <key>is-admin</key>
                <dict>
                </dict>
                <key>is-admin</key>
                <dict>

+                       <key>authenticate-user</key>
+                       <false/>

                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                        <string>Verify that the user asking for authorization is an administrator.</string>
                        <key>group</key>
                        <string>admin</string>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                        <string>Verify that the user asking for authorization is an administrator.</string>
                        <key>group</key>
                        <string>admin</string>

+                       <key>shared</key>
+                       <string>true</string>
+               </dict>
+               <key>is-appstore</key>
+               <dict>

                        <key>authenticate-user</key>
                        <false/>
                        <key>authenticate-user</key>
                        <false/>

+                       <key>class</key>
+                       <string>user</string>
+                       <key>group</key>
+                       <string>_appstore</string>

                        <key>shared</key>
                        <string>true</string>
                </dict>
                <key>is-developer</key>
                <dict>
                        <key>shared</key>
                        <string>true</string>
                </dict>
                <key>is-developer</key>
                <dict>

+                       <key>authenticate-user</key>
+                       <false/>

                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                        <string>Verify that the user asking for authorization is a developer.</string>
                        <key>group</key>
                        <string>_developer</string>
                        <key>class</key>
                        <string>user</string>
                        <key>comment</key>
                        <string>Verify that the user asking for authorization is a developer.</string>
                        <key>group</key>
                        <string>_developer</string>

+               </dict>
+               <key>is-lpadmin</key>
+               <dict>

                        <key>authenticate-user</key>
                        <false/>
                        <key>authenticate-user</key>
                        <false/>

+                       <key>class</key>
+                       <string>user</string>
+                       <key>group</key>
+                       <string>_lpadmin</string>

                </dict>
                <key>is-root</key>
                <dict>
                        <key>allow-root</key>
                        <true/>
                </dict>
                <key>is-root</key>
                <dict>
                        <key>allow-root</key>
                        <true/>

-                       <key>class</key>
-                       <string>user</string>

                        <key>authenticate-user</key>
                        <false/>
                        <key>authenticate-user</key>
                        <false/>

-                       <key>comment</key>
-                       <string>Verify that the process that created this AuthorizationRef is running as root.</string>
-               </dict>
-               <key>appserver-user</key>
-               <dict>

                        <key>class</key>
                        <string>user</string>
                        <key>class</key>
                        <string>user</string>

-                       <key>group</key>
-                       <string>appserverusr</string>
+                       <key>comment</key>
+                       <string>Verify that the process that created this AuthorizationRef is running as root.</string>

                </dict>
                </dict>

-               <key>appserver-admin</key>
+               <key>is-session-owner</key>

                <dict>
                <dict>

+                       <key>allow-root</key>
+                       <false/>
+                       <key>authenticate-user</key>
+                       <false/>

                        <key>class</key>
                        <string>user</string>
                        <key>class</key>
                        <string>user</string>

-                       <key>group</key>
-                       <string>appserveradm</string>
+                       <key>comment</key>
+                       <string>Verify that the requesting process is running as the session owner.</string>
+                       <key>session-owner</key>
+                       <true/>

                </dict>
                </dict>

-               <key>default</key>
+               <key>lpadmin</key>

                <dict>
                        <key>class</key>
                        <string>user</string>
                <dict>
                        <key>class</key>
                        <string>user</string>

-                       <key>comment</key>
-                       <string>Default rule.   
-            Credentials remain valid for 5 minutes after they've been obtained. 
-            An acquired credential is shared by all clients.
-                       </string>

                        <key>group</key>
                        <key>group</key>

-                       <string>admin</string>
+                       <string>_lpadmin</string>

                        <key>shared</key>
                        <true/>
                        <key>shared</key>
                        <true/>

-                       <key>timeout</key>
-                       <integer>300</integer>

                </dict>
                </dict>

-               <key>authenticate</key>
+               <key>on-console</key>

                <dict>
                        <key>class</key>
                        <string>evaluate-mechanisms</string>
                        <key>mechanisms</key>
                        <array>
                <dict>
                        <key>class</key>
                        <string>evaluate-mechanisms</string>
                        <key>mechanisms</key>
                        <array>

-                               <string>builtin:smartcard-sniffer,privileged</string>
-                               <string>builtin:authenticate</string>
-                               <string>builtin:authenticate,privileged</string>
+                               <string>builtin:on-console</string>
+                       </array>
+                       <key>tries</key>
+                       <integer>1</integer>
+               </dict>
+               <key>root-or-admin-or-authenticate-admin</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>is-root</string>
+                               <string>is-admin</string>
+                               <string>authenticate-admin-30</string>
+                       </array>
+               </dict>
+               <key>root-or-entitled-admin-or-admin</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>is-root</string>
+                               <string>entitled-admin</string>
+                               <string>admin</string>
+                       </array>
+               </dict>
+               <key>root-or-entitled-admin-or-authenticate-admin</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>is-root</string>
+                               <string>entitled-admin-or-authenticate-admin</string>
+                       </array>
+               </dict>
+               <key>root-or-lpadmin</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>is-root</string>
+                               <string>is-lpadmin</string>
+                               <string>lpadmin</string>

                        </array>
                </dict>
        </dict>
                        </array>
                </dict>
        </dict>

diff --git a/etc/com.apple.securityd.plist b/etc/com.apple.securityd.plist
index aae1614e111bc8ab2a138341ee8914b8703c750d..0249143a11a9ec20d116d5bbeacea012024d33a4 100644 (file)
--- a/etc/com.apple.securityd.plist
+++ b/etc/com.apple.securityd.plist
@@ -20,7 +20,7 @@
        <key>RunAtLoad</key>
        <true/>
        <key>LaunchOnlyOnce</key>
        <key>RunAtLoad</key>
        <true/>
        <key>LaunchOnlyOnce</key>

-       <true/>
+       <false/>

        <key>HopefullyExitsLast</key>
        <true/>
        <key>EnableTransactions</key>
        <key>HopefullyExitsLast</key>
        <true/>
        <key>EnableTransactions</key>

diff --git a/etc/startup.mk b/etc/startup.mk
index 04c77e04e723fb9286f18ac8af9ae8c184b76870..c2fd4bfa2db1d28eb06b9b57db5c18ebcd3a1836 100644 (file)
--- a/etc/startup.mk
+++ b/etc/startup.mk
@@ -36,6 +36,7 @@ install:
        mkdir -p $(LAUNCH_DIR)
        cp $(SRC)/com.apple.securityd.plist $(LAUNCH_DIR)
        mkdir -p $(AUTHORIZATION_LOCATION)
        mkdir -p $(LAUNCH_DIR)
        cp $(SRC)/com.apple.securityd.plist $(LAUNCH_DIR)
        mkdir -p $(AUTHORIZATION_LOCATION)

+       plutil -lint $(SRC)/authorization.plist

        cp $(SRC)/authorization.plist $(AUTHORIZATION_PLIST)
        chown root:wheel $(AUTHORIZATION_PLIST)
        chmod 644 $(AUTHORIZATION_PLIST)
        cp $(SRC)/authorization.plist $(AUTHORIZATION_PLIST)
        chown root:wheel $(AUTHORIZATION_PLIST)
        chmod 644 $(AUTHORIZATION_PLIST)

diff --git a/mig/self.defs b/mig/self.defs
index 4a7e3bf4f1b64202d88e8f521b47651199ba71e1..99042d2c8b343790ecbff5539352231628b2697d 100644 (file)
--- a/mig/self.defs
+++ b/mig/self.defs
@@ -38,3 +38,6 @@ userprefix self_client_;
 //
 simpleroutine handleSignal(requestport sport: mach_port_make_send_once_t;
     in task_port: mach_port_t; in signal_number: int);
 //
 simpleroutine handleSignal(requestport sport: mach_port_make_send_once_t;
     in task_port: mach_port_t; in signal_number: int);

+
+simpleroutine handleSession(requestport sport: mach_port_make_send_once_t;
+       in task_port: mach_port_t; in events: uint32_t; in ident: uint64_t);

diff --git a/securityd.xcodeproj/project.pbxproj b/securityd.xcodeproj/project.pbxproj
index c27df0a68e049cd0976c092721cb3a9953ed762c..2c1376786a6c3f20b16e89706d3781e296fe2e0f 100644 (file)
--- a/securityd.xcodeproj/project.pbxproj
+++ b/securityd.xcodeproj/project.pbxproj
@@ -129,6 +129,8 @@
                AAC707750E6F4352003CC2B2 /* csproxy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2BD5FDA0AC47E850057FD3D /* csproxy.cpp */; };
                AAC707760E6F4352003CC2B2 /* credential.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 407ACD070AE5B57700A9DA90 /* credential.cpp */; };
                AAC707780E6F4352003CC2B2 /* clientid.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C22C34520B278EB60009368E /* clientid.cpp */; };
                AAC707750E6F4352003CC2B2 /* csproxy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2BD5FDA0AC47E850057FD3D /* csproxy.cpp */; };
                AAC707760E6F4352003CC2B2 /* credential.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 407ACD070AE5B57700A9DA90 /* credential.cpp */; };
                AAC707780E6F4352003CC2B2 /* clientid.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C22C34520B278EB60009368E /* clientid.cpp */; };

+               C274C51E0F9E8E0F001ABDA3 /* auditevents.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C274C51C0F9E8E0F001ABDA3 /* auditevents.cpp */; };
+               C274C51F0F9E8E0F001ABDA3 /* auditevents.h in Headers */ = {isa = PBXBuildFile; fileRef = C274C51D0F9E8E0F001ABDA3 /* auditevents.h */; };

                ED5130690E7F1259002A3749 /* securityd.1 in CopyFiles */ = {isa = PBXBuildFile; fileRef = 4CE1878706FFC5D60079D235 /* securityd.1 */; };
 /* End PBXBuildFile section */
 
                ED5130690E7F1259002A3749 /* securityd.1 in CopyFiles */ = {isa = PBXBuildFile; fileRef = 4CE1878706FFC5D60079D235 /* securityd.1 */; };
 /* End PBXBuildFile section */
 


@@ -249,6 +251,8 @@
                C26EA9510688CF34007CE21D /* tokencache.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokencache.cpp; sourceTree = "<group>"; };
                C26EA9520688CF34007CE21D /* tokencache.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokencache.h; sourceTree = "<group>"; };
                C26FB2650BC2C3A300D8EFC8 /* com.apple.securityd.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; path = com.apple.securityd.plist; sourceTree = "<group>"; };
                C26EA9510688CF34007CE21D /* tokencache.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokencache.cpp; sourceTree = "<group>"; };
                C26EA9520688CF34007CE21D /* tokencache.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokencache.h; sourceTree = "<group>"; };
                C26FB2650BC2C3A300D8EFC8 /* com.apple.securityd.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; path = com.apple.securityd.plist; sourceTree = "<group>"; };

+               C274C51C0F9E8E0F001ABDA3 /* auditevents.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = auditevents.cpp; sourceTree = "<group>"; };
+               C274C51D0F9E8E0F001ABDA3 /* auditevents.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = auditevents.h; sourceTree = "<group>"; };

                C276AAD60663E7A400B57276 /* PCSC.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = PCSC.framework; path = /System/Library/Frameworks/PCSC.framework; sourceTree = "<absolute>"; };
                C2813C7F0730534A00E243E8 /* tokenaccess.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokenaccess.cpp; sourceTree = "<group>"; };
                C2813C800730534A00E243E8 /* tokenaccess.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokenaccess.h; sourceTree = "<group>"; };
                C276AAD60663E7A400B57276 /* PCSC.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = PCSC.framework; path = /System/Library/Frameworks/PCSC.framework; sourceTree = "<absolute>"; };
                C2813C7F0730534A00E243E8 /* tokenaccess.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokenaccess.cpp; sourceTree = "<group>"; };
                C2813C800730534A00E243E8 /* tokenaccess.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokenaccess.h; sourceTree = "<group>"; };


@@ -559,6 +563,8 @@
                        children = (
                                4C92649D0534866F004B0E72 /* agentquery.h */,
                                4C92649C0534866F004B0E72 /* agentquery.cpp */,
                        children = (
                                4C92649D0534866F004B0E72 /* agentquery.h */,
                                4C92649C0534866F004B0E72 /* agentquery.cpp */,

+                               C274C51D0F9E8E0F001ABDA3 /* auditevents.h */,
+                               C274C51C0F9E8E0F001ABDA3 /* auditevents.cpp */,

                                4E0BB2B20F79590300BBFEFA /* ccaudit_extensions.h */,
                                4E0BB2B30F79590300BBFEFA /* ccaudit_extensions.cpp */,
                                4CB5ACBA06680AE000F359A9 /* child.h */,
                                4E0BB2B20F79590300BBFEFA /* ccaudit_extensions.h */,
                                4E0BB2B30F79590300BBFEFA /* ccaudit_extensions.cpp */,
                                4CB5ACBA06680AE000F359A9 /* child.h */,


@@ -631,6 +637,7 @@
                                AAC7074B0E6F4335003CC2B2 /* clientid.h in Headers */,
                                AAC7074C0E6F4335003CC2B2 /* dtrace.h in Headers */,
                                4E0BB2B40F79590300BBFEFA /* ccaudit_extensions.h in Headers */,
                                AAC7074B0E6F4335003CC2B2 /* clientid.h in Headers */,
                                AAC7074C0E6F4335003CC2B2 /* dtrace.h in Headers */,
                                4E0BB2B40F79590300BBFEFA /* ccaudit_extensions.h in Headers */,

+                               C274C51F0F9E8E0F001ABDA3 /* auditevents.h in Headers */,

                        );
                        runOnlyForDeploymentPostprocessing = 0;
                };
                        );
                        runOnlyForDeploymentPostprocessing = 0;
                };


@@ -665,6 +672,7 @@
                        isa = PBXProject;
                        buildConfigurationList = C27AD4AD0987FCF4001272E0 /* Build configuration list for PBXProject "securityd" */;
                        compatibilityVersion = "Xcode 3.1";
                        isa = PBXProject;
                        buildConfigurationList = C27AD4AD0987FCF4001272E0 /* Build configuration list for PBXProject "securityd" */;
                        compatibilityVersion = "Xcode 3.1";

+                       developmentRegion = English;

                        hasScannedForEncodings = 1;
                        knownRegions = (
                                English,
                        hasScannedForEncodings = 1;
                        knownRegions = (
                                English,


@@ -776,6 +784,7 @@
                                AAC707760E6F4352003CC2B2 /* credential.cpp in Sources */,
                                AAC707780E6F4352003CC2B2 /* clientid.cpp in Sources */,
                                4E0BB2B50F79590300BBFEFA /* ccaudit_extensions.cpp in Sources */,
                                AAC707760E6F4352003CC2B2 /* credential.cpp in Sources */,
                                AAC707780E6F4352003CC2B2 /* clientid.cpp in Sources */,
                                4E0BB2B50F79590300BBFEFA /* ccaudit_extensions.cpp in Sources */,

+                               C274C51E0F9E8E0F001ABDA3 /* auditevents.cpp in Sources */,

                        );
                        runOnlyForDeploymentPostprocessing = 0;
                };
                        );
                        runOnlyForDeploymentPostprocessing = 0;
                };


@@ -961,11 +970,11 @@
                        isa = XCBuildConfiguration;
                        buildSettings = {
                                ALWAYS_SEARCH_USER_PATHS = NO;
                        isa = XCBuildConfiguration;
                        buildSettings = {
                                ALWAYS_SEARCH_USER_PATHS = NO;

-                               ARCHS = "$(NATIVE_ARCH)";
+                               ARCHS = x86_64;

                                BUILD_VARIANTS = debug;
                                COPY_PHASE_STRIP = NO;
                                CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
                                BUILD_VARIANTS = debug;
                                COPY_PHASE_STRIP = NO;
                                CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";

-                               CURRENT_PROJECT_VERSION = 1;
+                               CURRENT_PROJECT_VERSION = 55009;

                                FRAMEWORK_SEARCH_PATHS = (
                                        /usr/local/SecurityPieces/Frameworks,
                                        /usr/local/SecurityPieces/Components/securityd,
                                FRAMEWORK_SEARCH_PATHS = (
                                        /usr/local/SecurityPieces/Frameworks,
                                        /usr/local/SecurityPieces/Components/securityd,


@@ -1012,13 +1021,14 @@
                        isa = XCBuildConfiguration;
                        buildSettings = {
                                ALWAYS_SEARCH_USER_PATHS = NO;
                        isa = XCBuildConfiguration;
                        buildSettings = {
                                ALWAYS_SEARCH_USER_PATHS = NO;

+                               ARCHS = x86_64;

                                BUILD_VARIANTS = (
                                        normal,
                                        debug,
                                );
                                COPY_PHASE_STRIP = "(null)";
                                CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
                                BUILD_VARIANTS = (
                                        normal,
                                        debug,
                                );
                                COPY_PHASE_STRIP = "(null)";
                                CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";

-                               CURRENT_PROJECT_VERSION = 1;
+                               CURRENT_PROJECT_VERSION = 55009;

                                DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
                                FRAMEWORK_SEARCH_PATHS = (
                                        /usr/local/SecurityPieces/Frameworks,
                                DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
                                FRAMEWORK_SEARCH_PATHS = (
                                        /usr/local/SecurityPieces/Frameworks,


@@ -1069,7 +1079,7 @@
                                BUILD_VARIANTS = normal;
                                COPY_PHASE_STRIP = NO;
                                CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
                                BUILD_VARIANTS = normal;
                                COPY_PHASE_STRIP = NO;
                                CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";

-                               CURRENT_PROJECT_VERSION = 1;
+                               CURRENT_PROJECT_VERSION = 55009;

                                FRAMEWORK_SEARCH_PATHS = (
                                        /usr/local/SecurityPieces/Frameworks,
                                        /usr/local/SecurityPieces/Components/securityd,
                                FRAMEWORK_SEARCH_PATHS = (
                                        /usr/local/SecurityPieces/Frameworks,
                                        /usr/local/SecurityPieces/Components/securityd,


@@ -1123,7 +1133,7 @@
                                );
                                COPY_PHASE_STRIP = "(null)";
                                CSSM_HEADERS = "";
                                );
                                COPY_PHASE_STRIP = "(null)";
                                CSSM_HEADERS = "";

-                               CURRENT_PROJECT_VERSION = 1;
+                               CURRENT_PROJECT_VERSION = 55009;

                                FRAMEWORK_SEARCH_PATHS = (
                                        /usr/local/SecurityPieces/Frameworks,
                                        /usr/local/SecurityPieces/Components/securityd,
                                FRAMEWORK_SEARCH_PATHS = (
                                        /usr/local/SecurityPieces/Frameworks,
                                        /usr/local/SecurityPieces/Components/securityd,


@@ -1131,7 +1141,7 @@
                                        "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
                                );
                                GCC_DYNAMIC_NO_PIC = "";
                                        "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
                                );
                                GCC_DYNAMIC_NO_PIC = "";

-                               GCC_GENERATE_DEBUGGING_SYMBOLS = "";
+                               GCC_GENERATE_DEBUGGING_SYMBOLS = YES;

                                GCC_MODEL_TUNING = G5;
                                HEADER_SEARCH_PATHS = "$(BUILT_PRODUCTS_DIR)/derived_src";
                                INSTALL_PATH = /usr/sbin;
                                GCC_MODEL_TUNING = G5;
                                HEADER_SEARCH_PATHS = "$(BUILT_PRODUCTS_DIR)/derived_src";
                                INSTALL_PATH = /usr/sbin;


@@ -1207,6 +1217,7 @@
                C27AD4AE0987FCF4001272E0 /* Development */ = {
                        isa = XCBuildConfiguration;
                        buildSettings = {
                C27AD4AE0987FCF4001272E0 /* Development */ = {
                        isa = XCBuildConfiguration;
                        buildSettings = {

+                               ARCHS = x86_64;

                                CODE_SIGN_IDENTITY = "-";
                                CONFIGURATION_BUILD_DIR = "$(BUILD_DIR)";
                                CONFIGURATION_TEMP_DIR = "$(PROJECT_TEMP_DIR)";
                                CODE_SIGN_IDENTITY = "-";
                                CONFIGURATION_BUILD_DIR = "$(BUILD_DIR)";
                                CONFIGURATION_TEMP_DIR = "$(PROJECT_TEMP_DIR)";


@@ -1215,6 +1226,7 @@
                                        "$(BUILT_PRODUCTS_DIR)/SecurityPieces/Headers",
                                        "$(BUILT_PRODUCTS_DIR)/SecurityPieces/PrivateHeaders",
                                );
                                        "$(BUILT_PRODUCTS_DIR)/SecurityPieces/Headers",
                                        "$(BUILT_PRODUCTS_DIR)/SecurityPieces/PrivateHeaders",
                                );

+                               STRIP_STYLE = debugging;

                        };
                        name = Development;
                };
                        };
                        name = Development;
                };


@@ -1224,6 +1236,7 @@
                                CODE_SIGN_IDENTITY = "-";
                                CONFIGURATION_BUILD_DIR = "$(BUILD_DIR)";
                                CONFIGURATION_TEMP_DIR = "$(PROJECT_TEMP_DIR)";
                                CODE_SIGN_IDENTITY = "-";
                                CONFIGURATION_BUILD_DIR = "$(BUILD_DIR)";
                                CONFIGURATION_TEMP_DIR = "$(PROJECT_TEMP_DIR)";

+                               STRIP_STYLE = debugging;

                        };
                        name = Deployment;
                };
                        };
                        name = Deployment;
                };


@@ -1234,6 +1247,7 @@
                                CONFIGURATION_BUILD_DIR = "$(BUILD_DIR)";
                                CONFIGURATION_TEMP_DIR = "$(PROJECT_TEMP_DIR)";
                                GCC_OPTIMIZATION_LEVEL = 0;
                                CONFIGURATION_BUILD_DIR = "$(BUILD_DIR)";
                                CONFIGURATION_TEMP_DIR = "$(PROJECT_TEMP_DIR)";
                                GCC_OPTIMIZATION_LEVEL = 0;

+                               STRIP_STYLE = debugging;

                        };
                        name = "normal with debug";
                };
                        };
                        name = "normal with debug";
                };


@@ -1243,6 +1257,7 @@
                                CODE_SIGN_IDENTITY = "-";
                                CONFIGURATION_BUILD_DIR = "$(BUILD_DIR)";
                                CONFIGURATION_TEMP_DIR = "$(PROJECT_TEMP_DIR)";
                                CODE_SIGN_IDENTITY = "-";
                                CONFIGURATION_BUILD_DIR = "$(BUILD_DIR)";
                                CONFIGURATION_TEMP_DIR = "$(PROJECT_TEMP_DIR)";

+                               STRIP_STYLE = debugging;

                        };
                        name = Default;
                };
                        };
                        name = Default;
                };

diff --git a/src/AuthorizationDBPlist.cpp b/src/AuthorizationDBPlist.cpp
index 2ef298e4be58439892665bba4034e819275df33c..dc2294f4b95734318e52cc0fa7cc1fdc0be07a2b 100644 (file)
--- a/src/AuthorizationDBPlist.cpp
+++ b/src/AuthorizationDBPlist.cpp
@@ -151,6 +151,7 @@ void AuthorizationDBPlist::save()
 void AuthorizationDBPlist::load()
 {
        StLock<Mutex> _(mReadWriteLock);
 void AuthorizationDBPlist::load()
 {
        StLock<Mutex> _(mReadWriteLock);

+       CFDictionaryRef configPlist;

 
     secdebug("authdb", "(re)loading policy db from disk.");    
        int fd = open(mFileName.c_str(), O_RDONLY, 0);
 
     secdebug("authdb", "(re)loading policy db from disk.");    
        int fd = open(mFileName.c_str(), O_RDONLY, 0);


@@ -177,18 +178,16 @@ void AuthorizationDBPlist::load()
                if (bytesRead == -1) {
                        Syslog::error("Problem reading rules file \"%s\": %s", 
                     mFileName.c_str(), strerror(errno));
                if (bytesRead == -1) {
                        Syslog::error("Problem reading rules file \"%s\": %s", 
                     mFileName.c_str(), strerror(errno));

-                       CFRelease(xmlData);
-                       return;
+                       goto cleanup;

                }
                Syslog::error("Problem reading rules file \"%s\": "
                 "only read %ul out of %ul bytes",
                                bytesRead, fileSize, mFileName.c_str());
                }
                Syslog::error("Problem reading rules file \"%s\": "
                 "only read %ul out of %ul bytes",
                                bytesRead, fileSize, mFileName.c_str());

-               CFRelease(xmlData);
-               return;
+               goto cleanup;

        }
 
        CFStringRef errorString;
        }
 
        CFStringRef errorString;

-       CFDictionaryRef configPlist = reinterpret_cast<CFDictionaryRef>(CFPropertyListCreateFromXMLData(NULL, xmlData, kCFPropertyListMutableContainersAndLeaves, &errorString));
+       configPlist = reinterpret_cast<CFDictionaryRef>(CFPropertyListCreateFromXMLData(NULL, xmlData, kCFPropertyListMutableContainersAndLeaves, &errorString));

        
        if (!configPlist) {
                char buffer[512];
        
        if (!configPlist) {
                char buffer[512];


@@ -205,8 +204,7 @@ void AuthorizationDBPlist::load()
                if (errorString)
                        CFRelease(errorString);
                
                if (errorString)
                        CFRelease(errorString);
                

-               CFRelease(xmlData);
-               return;
+               goto cleanup;

        }
 
        if (CFGetTypeID(configPlist) != CFDictionaryGetTypeID()) {
        }
 
        if (CFGetTypeID(configPlist) != CFDictionaryGetTypeID()) {


@@ -214,15 +212,16 @@ void AuthorizationDBPlist::load()
                Syslog::error("Rules file \"%s\": is not a dictionary", 
                 mFileName.c_str());
 
                Syslog::error("Rules file \"%s\": is not a dictionary", 
                 mFileName.c_str());
 

-               CFRelease(xmlData);
-               CFRelease(configPlist);
-               return;
+               goto cleanup;

        }
 
        parseConfig(configPlist);
 
        }
 
        parseConfig(configPlist);
 

-       CFRelease(xmlData);
-       CFRelease(configPlist);
+cleanup:
+       if (xmlData)
+               CFRelease(xmlData);
+       if (configPlist)
+               CFRelease(configPlist);

 
        close(fd);
 
 
        close(fd);
 

diff --git a/src/AuthorizationEngine.cpp b/src/AuthorizationEngine.cpp
index 6b74271e8d7394729e4e61a4a65a8f731cbf66b5..c65ce84809cdb393e9b7df50cba5c0e4d9a8c29f 100644 (file)
--- a/src/AuthorizationEngine.cpp
+++ b/src/AuthorizationEngine.cpp
@@ -42,6 +42,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <float.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <float.h>

+#include <sandbox.h>

 
 #include <bsm/audit_uevents.h>      // AUE_ssauth*
 #include "ccaudit_extensions.h"
 
 #include <bsm/audit_uevents.h>      // AUE_ssauth*
 #include "ccaudit_extensions.h"


@@ -142,14 +143,24 @@ Engine::authorize(const AuthItemSet &inRights, const AuthItemSet &environment,
 
     RightAuthenticationLogger logger(auth.creatorAuditToken(), AUE_ssauthorize);
     
 
     RightAuthenticationLogger logger(auth.creatorAuditToken(), AUE_ssauthorize);
     

-       AuthItemSet::const_iterator end = inRights.end();
-       for (AuthItemSet::const_iterator it = inRights.begin(); it != end; ++it)
+       // create a vector with the first right first
+       std::vector<AuthItemRef>                tempRights;
+       for (AuthItemSet::const_iterator it = inRights.begin(); it != inRights.end(); ++it) {
+               if (inRights.firstItemName != NULL && strcmp((*it)->name(), inRights.firstItemName) == 0)
+                       tempRights.insert(tempRights.begin(), *it);
+               else
+                       tempRights.push_back(*it);
+       }
+
+       bool authExtractPassword = false;
+       std::vector<AuthItemRef>::const_iterator end = tempRights.end();
+       for (std::vector<AuthItemRef>::const_iterator it = tempRights.begin(); it != end; ++it)

        {
                // Get the rule for each right we are trying to obtain.
                const Rule &toplevelRule = mAuthdb.getRule(*it);
        {
                // Get the rule for each right we are trying to obtain.
                const Rule &toplevelRule = mAuthdb.getRule(*it);

-               OSStatus result = toplevelRule->evaluate(*it, toplevelRule, environmentToClient, flags, now, inCredentials, credentials, auth, reason);
-               secdebug("autheval", "evaluate rule %s for right %s returned %d.", toplevelRule->name().c_str(), (*it)->name(), int(result));
-        SECURITYD_AUTH_EVALRIGHT(&auth, (char *)(*it)->name(), result);
+
+               if (false == authExtractPassword)
+                       authExtractPassword = toplevelRule->extractPassword();

 
         string processName = "unknown";
         string authCreatorName = "unknown";
 
         string processName = "unknown";
         string authCreatorName = "unknown";


@@ -163,6 +174,19 @@ Engine::authorize(const AuthItemSet &inRights, const AuthItemSet &environment,
             if (!SecCodeCopyPath(code, kSecCSDefaultFlags, &path.aref()))
                 authCreatorName = cfString(path);
         }
             if (!SecCodeCopyPath(code, kSecCSDefaultFlags, &path.aref()))
                 authCreatorName = cfString(path);
         }

+               
+        if (sandbox_check(Server::process().pid(), "authorization-right-obtain", SANDBOX_FILTER_RIGHT_NAME, (*it)->name())) {
+            Syslog::error("Sandbox denied authorizing right '%s' by client '%s' [%d]", (*it)->name(), processName.c_str(), Server::process().pid());
+            return errAuthorizationDenied;
+        }
+        if (auth.creatorSandboxed() && sandbox_check(auth.creatorPid(), "authorization-right-obtain", SANDBOX_FILTER_RIGHT_NAME, (*it)->name())) {
+            Syslog::error("Sandbox denied authorizing right '%s' for authorization created by '%s' [%d]", (*it)->name(), authCreatorName.c_str(), auth.creatorPid());
+            return errAuthorizationDenied;
+        }
+               
+               OSStatus result = toplevelRule->evaluate(*it, toplevelRule, environmentToClient, flags, now, inCredentials, credentials, auth, reason, authExtractPassword);
+               secdebug("autheval", "evaluate rule %s for right %s returned %d.", toplevelRule->name().c_str(), (*it)->name(), int(result));
+        SECURITYD_AUTH_EVALRIGHT(&auth, (char *)(*it)->name(), result);

         
         logger.setRight((*it)->name());
         logger.logAuthorizationResult(processName.c_str(), authCreatorName.c_str(), result);
         
         logger.setRight((*it)->name());
         logger.logAuthorizationResult(processName.c_str(), authCreatorName.c_str(), result);


@@ -170,13 +194,13 @@ Engine::authorize(const AuthItemSet &inRights, const AuthItemSet &environment,
         if (result == errAuthorizationSuccess)
         {
             outRights.insert(*it);
         if (result == errAuthorizationSuccess)
         {
             outRights.insert(*it);

-            Syslog::info("Succeeded authorizing right '%s' by client '%s' for authorization created by '%s'", (*it)->name(), processName.c_str(), authCreatorName.c_str());
+            Syslog::info("Succeeded authorizing right '%s' by client '%s' [%d] for authorization created by '%s' [%d]", (*it)->name(), processName.c_str(), Server::process().pid(), authCreatorName.c_str(), auth.creatorPid());

         } 
         else if (result == errAuthorizationDenied || result == errAuthorizationInteractionNotAllowed) 
         {
             if (result == errAuthorizationDenied)
             {
         } 
         else if (result == errAuthorizationDenied || result == errAuthorizationInteractionNotAllowed) 
         {
             if (result == errAuthorizationDenied)
             {

-                 Syslog::notice("Failed to authorize right '%s' by client '%s' for authorization created by '%s'", (*it)->name(), processName.c_str(), authCreatorName.c_str());
+                 Syslog::notice("Failed to authorize right '%s' by client '%s' [%d] for authorization created by '%s' [%d]", (*it)->name(), processName.c_str(), Server::process().pid(), authCreatorName.c_str(), auth.creatorPid());

             }
 
             // add creator pid to authorization token
             }
 
             // add creator pid to authorization token

diff --git a/src/AuthorizationRule.cpp b/src/AuthorizationRule.cpp
index 61fb2c5dc014b9d6d2e8b0b239614c159486c0ac..c560076960de1e8eb4cf0714c89f22f93be24dbc 100644 (file)
--- a/src/AuthorizationRule.cpp
+++ b/src/AuthorizationRule.cpp
@@ -39,6 +39,7 @@
 #include "agentquery.h"
 #include "AuthorizationMechEval.h"
 
 #include "agentquery.h"
 #include "AuthorizationMechEval.h"
 

+#include <asl.h>

 #include <pwd.h>
 #include <grp.h>
 #include <unistd.h>
 #include <pwd.h>
 #include <grp.h>
 #include <unistd.h>


@@ -63,7 +64,9 @@ CFStringRef RuleImpl::kMechanismsID = CFSTR(kAuthorizationRuleParameterMechanism
 CFStringRef RuleImpl::kSessionOwnerID = CFSTR(kAuthorizationRuleParameterCredentialSessionOwner);
 CFStringRef RuleImpl::kKofNID = CFSTR(kAuthorizationRuleParameterKofN);
 CFStringRef RuleImpl::kPromptID = CFSTR(kAuthorizationRuleParameterDefaultPrompt);
 CFStringRef RuleImpl::kSessionOwnerID = CFSTR(kAuthorizationRuleParameterCredentialSessionOwner);
 CFStringRef RuleImpl::kKofNID = CFSTR(kAuthorizationRuleParameterKofN);
 CFStringRef RuleImpl::kPromptID = CFSTR(kAuthorizationRuleParameterDefaultPrompt);

+CFStringRef RuleImpl::kButtonID = CFSTR(kAuthorizationRuleParameterDefaultButton);

 CFStringRef RuleImpl::kTriesID = CFSTR("tries"); // XXX/cs move to AuthorizationTagsPriv.h
 CFStringRef RuleImpl::kTriesID = CFSTR("tries"); // XXX/cs move to AuthorizationTagsPriv.h

+CFStringRef RuleImpl::kExtractPasswordID = CFSTR(kAuthorizationRuleParameterExtractPassword);

 
 CFStringRef RuleImpl::kRuleClassID = CFSTR(kAuthorizationRuleClass);
 CFStringRef RuleImpl::kRuleAllowID = CFSTR(kAuthorizationRuleClassAllow);
 
 CFStringRef RuleImpl::kRuleClassID = CFSTR(kAuthorizationRuleClass);
 CFStringRef RuleImpl::kRuleAllowID = CFSTR(kAuthorizationRuleClassAllow);


@@ -194,13 +197,13 @@ RuleImpl::Attribute::getVector(CFDictionaryRef config, CFStringRef key, bool req
 }
 
 
 }
 
 

-bool RuleImpl::Attribute::getLocalizedPrompts(CFDictionaryRef config, map<string,string> &localizedPrompts)
+bool RuleImpl::Attribute::getLocalizedText(CFDictionaryRef config, map<string,string> &localizedPrompts, CFStringRef dictKey, const char *descriptionKey)

 {
        CFIndex numberOfPrompts = 0;
        CFDictionaryRef promptsDict;
 {
        CFIndex numberOfPrompts = 0;
        CFDictionaryRef promptsDict;

-       if (CFDictionaryContainsKey(config, kPromptID))
+       if (CFDictionaryContainsKey(config, dictKey))

        {
        {

-               promptsDict = reinterpret_cast<CFDictionaryRef>(CFDictionaryGetValue(config, kPromptID));
+               promptsDict = reinterpret_cast<CFDictionaryRef>(CFDictionaryGetValue(config, dictKey));

                if (promptsDict && (CFGetTypeID(promptsDict) == CFDictionaryGetTypeID()))
                        numberOfPrompts = CFDictionaryGetCount(promptsDict);
        }
                if (promptsDict && (CFGetTypeID(promptsDict) == CFDictionaryGetTypeID()))
                        numberOfPrompts = CFDictionaryGetCount(promptsDict);
        }


@@ -215,13 +218,15 @@ bool RuleImpl::Attribute::getLocalizedPrompts(CFDictionaryRef config, map<string
        {
                CFStringRef keyRef = reinterpret_cast<CFStringRef>(keys[numberOfPrompts]);
                CFStringRef valueRef = reinterpret_cast<CFStringRef>(values[numberOfPrompts]);
        {
                CFStringRef keyRef = reinterpret_cast<CFStringRef>(keys[numberOfPrompts]);
                CFStringRef valueRef = reinterpret_cast<CFStringRef>(values[numberOfPrompts]);

-               if (!keyRef || (CFGetTypeID(keyRef) != CFStringGetTypeID()))
+               if (!keyRef || (CFGetTypeID(keyRef) != CFStringGetTypeID())) {

                        continue;
                        continue;

-               if (!valueRef || (CFGetTypeID(valueRef) != CFStringGetTypeID()))
+               }
+               if (!valueRef || (CFGetTypeID(valueRef) != CFStringGetTypeID())) {

                        continue;
                        continue;

+               }

                string key = cfString(keyRef);
                string value = cfString(valueRef);
                string key = cfString(keyRef);
                string value = cfString(valueRef);

-               localizedPrompts[kAuthorizationRuleParameterDescription+key] = value;
+               localizedPrompts[descriptionKey + key] = value;

        }
 
        return true;
        }
 
        return true;


@@ -230,14 +235,14 @@ bool RuleImpl::Attribute::getLocalizedPrompts(CFDictionaryRef config, map<string
 
 // default rule
 RuleImpl::RuleImpl() :
 
 // default rule
 RuleImpl::RuleImpl() :

-mType(kUser), mGroupName("admin"), mMaxCredentialAge(300.0), mShared(true), mAllowRoot(false), mSessionOwner(false), mTries(0), mAuthenticateUser(true)
+mType(kUser), mGroupName("admin"), mMaxCredentialAge(300.0), mShared(true), mAllowRoot(false), mSessionOwner(false), mTries(0), mAuthenticateUser(true), mExtractPassword(false)

 {
        // XXX/cs read default descriptions from somewhere
        // @@@ Default rule is shared admin group with 5 minute timeout
 }
 
 // return rule built from rule definition; throw if invalid.
 {
        // XXX/cs read default descriptions from somewhere
        // @@@ Default rule is shared admin group with 5 minute timeout
 }
 
 // return rule built from rule definition; throw if invalid.

-RuleImpl::RuleImpl(const string &inRightName, CFDictionaryRef cfRight, CFDictionaryRef cfRules) : mRightName(inRightName)
+RuleImpl::RuleImpl(const string &inRightName, CFDictionaryRef cfRight, CFDictionaryRef cfRules) : mRightName(inRightName), mExtractPassword(false)

 {
        // @@@ make sure cfRight is non mutable and never used that way
        
 {
        // @@@ make sure cfRight is non mutable and never used that way
        


@@ -282,6 +287,7 @@ RuleImpl::RuleImpl(const string &inRightName, CFDictionaryRef cfRight, CFDiction
                        }
                        mTries = int(Attribute::getDouble(cfRight, kTriesID, false, double(kMaximumAuthorizationTries)));
                        mAuthenticateUser = Attribute::getBool(cfRight, kRuleAuthenticateUserID, false, true);
                        }
                        mTries = int(Attribute::getDouble(cfRight, kTriesID, false, double(kMaximumAuthorizationTries)));
                        mAuthenticateUser = Attribute::getBool(cfRight, kRuleAuthenticateUserID, false, true);

+                       mExtractPassword = Attribute::getBool(cfRight, kExtractPasswordID, false, false);

 
                        secdebug("authrule", "%s : rule user in group \"%s\" timeout %g%s%s",
                                inRightName.c_str(),
 
                        secdebug("authrule", "%s : rule user in group \"%s\" timeout %g%s%s",
                                inRightName.c_str(),


@@ -297,6 +303,7 @@ RuleImpl::RuleImpl(const string &inRightName, CFDictionaryRef cfRight, CFDiction
                        mEvalDef = Attribute::getVector(cfRight, kMechanismsID, true);
                        mTries = int(Attribute::getDouble(cfRight, kTriesID, false, 0.0)); // "forever"
                        mShared = Attribute::getBool(cfRight, kSharedID, false, true);
                        mEvalDef = Attribute::getVector(cfRight, kMechanismsID, true);
                        mTries = int(Attribute::getDouble(cfRight, kTriesID, false, 0.0)); // "forever"
                        mShared = Attribute::getBool(cfRight, kSharedID, false, true);

+                       mExtractPassword = Attribute::getBool(cfRight, kExtractPasswordID, false, false);

                }
                else if (classTag == kAuthorizationRightRule)
                {
                }
                else if (classTag == kAuthorizationRightRule)
                {


@@ -370,7 +377,8 @@ RuleImpl::RuleImpl(const string &inRightName, CFDictionaryRef cfRight, CFDiction
                mRuleDef.push_back(Rule(ruleName, cfRuleDef, cfRules));
        }
 
                mRuleDef.push_back(Rule(ruleName, cfRuleDef, cfRules));
        }
 

-       Attribute::getLocalizedPrompts(cfRight, mLocalizedPrompts);
+       Attribute::getLocalizedText(cfRight, mLocalizedPrompts, kPromptID, kAuthorizationRuleParameterDescription);
+       Attribute::getLocalizedText(cfRight, mLocalizedButtons, kButtonID, kAuthorizationRuleParameterButton);

 }
 
 /*
 }
 
 /*


@@ -390,6 +398,10 @@ RuleImpl::setAgentHints(const AuthItemRef &inRight, const Rule &inTopLevelRule,
        environmentToClient.erase(AuthItemRef(AGENT_HINT_CREATOR_PID)); 
        environmentToClient.insert(AuthItemRef(AGENT_HINT_CREATOR_PID, AuthValueOverlay(sizeof(pid_t), &creatorPid)));
 
        environmentToClient.erase(AuthItemRef(AGENT_HINT_CREATOR_PID)); 
        environmentToClient.insert(AuthItemRef(AGENT_HINT_CREATOR_PID, AuthValueOverlay(sizeof(pid_t), &creatorPid)));
 

+       audit_token_t creatorAuditToken = auth.creatorAuditToken().auditToken();
+       environmentToClient.erase(AuthItemRef(AGENT_HINT_CREATOR_AUDIT_TOKEN));
+       environmentToClient.insert(AuthItemRef(AGENT_HINT_CREATOR_AUDIT_TOKEN, AuthValueOverlay(sizeof(audit_token_t), &creatorAuditToken)));
+

        Process &thisProcess = Server::process();
        string bundlePath;
        if (SecStaticCodeRef clientCode = auth.creatorCode())
        Process &thisProcess = Server::process();
        string bundlePath;
        if (SecStaticCodeRef clientCode = auth.creatorCode())


@@ -403,9 +415,12 @@ RuleImpl::setAgentHints(const AuthItemRef &inRight, const Rule &inTopLevelRule,
        environmentToClient.insert(processHints.begin(), processHints.end());
 
        map<string,string> defaultPrompts = inTopLevelRule->localizedPrompts();
        environmentToClient.insert(processHints.begin(), processHints.end());
 
        map<string,string> defaultPrompts = inTopLevelRule->localizedPrompts();

+       map<string,string> defaultButtons = inTopLevelRule->localizedButtons();

 
        if (defaultPrompts.empty())
                defaultPrompts = localizedPrompts();
 
        if (defaultPrompts.empty())
                defaultPrompts = localizedPrompts();

+       if (defaultButtons.empty())
+               defaultButtons = localizedButtons();

                
        if (!defaultPrompts.empty())
        {
                
        if (!defaultPrompts.empty())
        {


@@ -417,6 +432,16 @@ RuleImpl::setAgentHints(const AuthItemRef &inRight, const Rule &inTopLevelRule,
                        environmentToClient.insert(AuthItemRef(key.c_str(), AuthValueOverlay(value)));
                }
        }
                        environmentToClient.insert(AuthItemRef(key.c_str(), AuthValueOverlay(value)));
                }
        }

+       if (!defaultButtons.empty())
+       {
+               map<string,string>::const_iterator it;
+               for (it = defaultButtons.begin(); it != defaultButtons.end(); it++)
+               {
+                       const string &key = it->first;
+                       const string &value = it->second;
+                       environmentToClient.insert(AuthItemRef(key.c_str(), AuthValueOverlay(value)));
+               }
+       }       

 
        // add rulename as a hint
        string ruleName = name();
 
        // add rulename as a hint
        string ruleName = name();


@@ -428,7 +453,7 @@ RuleImpl::setAgentHints(const AuthItemRef &inRight, const Rule &inTopLevelRule,
 // we'll run that and validate the credentials from there.
 // we fall back on a default configuration from the authenticate rule
 OSStatus
 // we'll run that and validate the credentials from there.
 // we fall back on a default configuration from the authenticate rule
 OSStatus

-RuleImpl::evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule,AuthItemSet &environmentToClient, AuthorizationFlags flags, CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, AuthorizationToken &auth, SecurityAgent::Reason &reason) const
+RuleImpl::evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule,AuthItemSet &environmentToClient, AuthorizationFlags flags, CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, AuthorizationToken &auth, SecurityAgent::Reason &reason, bool savePassword) const

 {
        OSStatus status = errAuthorizationDenied;
 
 {
        OSStatus status = errAuthorizationDenied;
 


@@ -464,6 +489,31 @@ RuleImpl::evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule,
     RightAuthenticationLogger rightAuthLogger(auth.creatorAuditToken(), AUE_ssauthint);
     rightAuthLogger.setRight(rightName);
 
     RightAuthenticationLogger rightAuthLogger(auth.creatorAuditToken(), AUE_ssauthint);
     rightAuthLogger.setRight(rightName);
 

+       // Just succeed for a continuously active session owner.
+       if (auth.session().originatorUid() == auth.creatorUid() && auth.session().attributes() & AU_SESSION_FLAG_HAS_AUTHENTICATED) {
+               secdebug("AuthEvalMech", "We are an active session owner.");
+               aslmsg m = asl_new(ASL_TYPE_MSG);
+               asl_set(m, "com.apple.message.domain", "com.apple.securityd.UserActivity");
+               asl_set(m, "com.apple.message.signature", "userIsActive");
+               asl_set(m, "com.apple.message.signature2", rightName);
+               asl_set(m, "com.apple.message.result", "failure");
+               asl_log(NULL, m, ASL_LEVEL_NOTICE, "We are an active session owner.");
+               asl_free(m);
+//             Credential rightCredential(rightName, auth.creatorUid(), mShared);
+//             credentials.erase(rightCredential); credentials.insert(rightCredential);
+//             return errAuthorizationSuccess;
+       }
+       else {
+               secdebug("AuthEvalMech", "We are not an active session owner.");
+               aslmsg m = asl_new(ASL_TYPE_MSG);
+               asl_set(m, "com.apple.message.domain", "com.apple.securityd.UserActivity");
+               asl_set(m, "com.apple.message.signature", "userIsNotActive");
+               asl_set(m, "com.apple.message.signature2", rightName);
+               asl_set(m, "com.apple.message.result", "success");
+               asl_log(NULL, m, ASL_LEVEL_NOTICE, "We are not an active session owner.");
+               asl_free(m);
+       }
+       

        AgentMechanismEvaluator eval(cltUid, auth.session(), mEvalDef);
 
        for (tries = 0; tries < mTries; tries++)
        AgentMechanismEvaluator eval(cltUid, auth.session(), mEvalDef);
 
        for (tries = 0; tries < mTries; tries++)


@@ -479,7 +529,7 @@ RuleImpl::evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule,
                 (status == errAuthorizationCanceled)) // @@@ can only pass back sideband through context
             {
                 secdebug("AuthEvalMech", "storing new context for authorization");
                 (status == errAuthorizationCanceled)) // @@@ can only pass back sideband through context
             {
                 secdebug("AuthEvalMech", "storing new context for authorization");

-                auth.setInfoSet(eval.context());
+                auth.setInfoSet(eval.context(), savePassword);

             }
 
             // successfully ran mechanisms to obtain credential
             }
 
             // successfully ran mechanisms to obtain credential


@@ -490,7 +540,7 @@ RuleImpl::evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule,
                 
                 CredentialSet newCredentials = makeCredentials(auth);
                 // clear context after extracting credentials
                 
                 CredentialSet newCredentials = makeCredentials(auth);
                 // clear context after extracting credentials

-                auth.scrubInfoSet(); 
+                auth.scrubInfoSet(savePassword);

                 
                 for (CredentialSet::const_iterator it = newCredentials.begin(); it != newCredentials.end(); ++it)
                 {
                 
                 for (CredentialSet::const_iterator it = newCredentials.begin(); it != newCredentials.end(); ++it)
                 {


@@ -532,8 +582,16 @@ RuleImpl::evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule,
                         
                         // use valid credential to set context info
                         // XXX/cs keeping this for now, such that the uid is passed back
                         
                         // use valid credential to set context info
                         // XXX/cs keeping this for now, such that the uid is passed back

-                        auth.setCredentialInfo(newCredential);
+                        auth.setCredentialInfo(newCredential, savePassword);

                         secdebug("SSevalMech", "added valid credential for user %s", newCredential->username().c_str());
                         secdebug("SSevalMech", "added valid credential for user %s", newCredential->username().c_str());

+                                               // set the sessionHasAuthenticated
+                                               if (newCredential->uid() == auth.session().originatorUid()) {
+                                                       secdebug("AuthEvalMech", "We authenticated as the session owner.\n");
+                                                       SessionAttributeBits flags = auth.session().attributes();
+                                                       flags |= AU_SESSION_FLAG_HAS_AUTHENTICATED;
+                                                       auth.session().setAttributes(flags);
+                                               }
+

                         status = errAuthorizationSuccess;
                         break;
                     }
                         status = errAuthorizationSuccess;
                         break;
                     }


@@ -545,7 +603,7 @@ RuleImpl::evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule,
                else
                        if ((status == errAuthorizationCanceled) || (status == errAuthorizationInternal))
                        {
                else
                        if ((status == errAuthorizationCanceled) || (status == errAuthorizationInternal))
                        {

-                               auth.scrubInfoSet();
+                               auth.scrubInfoSet(false);

                                break;
                        }
                        else // last mechanism is now authentication - fail
                                break;
                        }
                        else // last mechanism is now authentication - fail


@@ -563,7 +621,7 @@ RuleImpl::evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule,
                environmentToClient.erase(triesHint); environmentToClient.insert(triesHint); // replace
             eval.run(AuthValueVector(), environmentToClient, auth);
                // XXX/cs is this still necessary?
                environmentToClient.erase(triesHint); environmentToClient.insert(triesHint); // replace
             eval.run(AuthValueVector(), environmentToClient, auth);
                // XXX/cs is this still necessary?

-               auth.scrubInfoSet();
+               auth.scrubInfoSet(false);

                
         rightAuthLogger.logFailure(NULL, CommonCriteria::errTooManyTries);
        }
                
         rightAuthLogger.logFailure(NULL, CommonCriteria::errTooManyTries);
        }


@@ -613,28 +671,20 @@ RuleImpl::evaluateSessionOwner(const AuthItemRef &inRight, const Rule &inRule, c
        // @@@ we have no access to current requester uid here and the process uid is only taken when the authorization is created
        // meaning that a process like loginwindow that drops privs later is screwed.
        
        // @@@ we have no access to current requester uid here and the process uid is only taken when the authorization is created
        // meaning that a process like loginwindow that drops privs later is screwed.
        

-       uid_t uid;
-       Session &session = auth.session();

        Credential sessionCredential;
        Credential sessionCredential;

-       if (session.haveOriginatorUid()) {
-               // preflight session credential as if it were a fresh copy
-               const Credential &cred = session.originatorCredential();
-               sessionCredential = Credential(cred->uid(), cred->username(), cred->realname(), cred->groupname(), mShared/*ignored*/);
-       } else {
-               uid = auth.creatorUid();
-               Server::active().longTermActivity();
-               struct passwd *pw = getpwuid(uid);
-               if (pw != NULL) {
-                       // avoid hinting a locked account
-                       if ( (pw->pw_passwd == NULL) ||
-                               strcmp(pw->pw_passwd, "*") ) {
-                               // Check if username will authorize the request and set username to
-                               // be used as a hint to the user if so
-                               secdebug("AuthEvalMech", "preflight credential from current user, result follows:");
-                               sessionCredential = Credential(pw->pw_uid, pw->pw_name, pw->pw_gecos, "", mShared/*ignored*/);
-                       } //fi
-                       endpwent();
-               }
+       uid_t uid = auth.session().originatorUid();
+       Server::active().longTermActivity();
+       struct passwd *pw = getpwuid(uid);
+       if (pw != NULL) {
+               // avoid hinting a locked account
+               if ( (pw->pw_passwd == NULL) ||
+                       strcmp(pw->pw_passwd, "*") ) {
+                       // Check if username will authorize the request and set username to
+                       // be used as a hint to the user if so
+                       secdebug("AuthEvalMech", "preflight credential from current user, result follows:");
+                       sessionCredential = Credential(pw->pw_uid, pw->pw_name, pw->pw_gecos, "", mShared/*ignored*/);
+               } //fi
+               endpwent();

        }
        OSStatus status = evaluateUserCredentialForRight(auth, inRight, inRule, environment, now, sessionCredential, true, reason);
        if (errAuthorizationSuccess == status)
        }
        OSStatus status = evaluateUserCredentialForRight(auth, inRight, inRule, environment, now, sessionCredential, true, reason);
        if (errAuthorizationSuccess == status)


@@ -711,23 +761,20 @@ RuleImpl::evaluateUserCredentialForRight(const AuthorizationToken &auth, const A
        if (mSessionOwner)
        {
                Session &session = auth.session();
        if (mSessionOwner)
        {
                Session &session = auth.session();

-               if (session.haveOriginatorUid())
-               {
-                       uid_t console_user = session.originatorUid();
+               uid_t console_user = session.originatorUid();

 
 

-                       if (credential->uid() == console_user)
-                       {
-                               secdebug("autheval", "user %s is session-owner(uid: %d), granting right %s", user, console_user, inRight->name());
-                               return errAuthorizationSuccess;
-                       }
-            // set "reason" in this case?  not that a proper SA::Reason exists
+               if (credential->uid() == console_user)
+               {
+                       secdebug("autheval", "user %s is session-owner(uid: %d), granting right %s", user, console_user, inRight->name());
+                       return errAuthorizationSuccess;

                }
                }

-               else
-        {
-            // @@@  no proper SA::Reason
-            reason = SecurityAgent::unknownReason;
-                       secdebug("autheval", "session-owner check failed.");
-        }
+               // set "reason" in this case?  not that a proper SA::Reason exists
+       }
+       else
+       {
+               // @@@  no proper SA::Reason
+               reason = SecurityAgent::unknownReason;
+               secdebug("autheval", "session-owner check failed.");

        }
        
        if (mGroupName.length())
        }
        
        if (mGroupName.length())


@@ -750,7 +797,13 @@ RuleImpl::evaluateUserCredentialForRight(const AuthorizationToken &auth, const A
                                break;
                                
                        if (mbr_uid_to_uuid(credential->uid(), user_uuid))
                                break;
                                
                        if (mbr_uid_to_uuid(credential->uid(), user_uuid))

-                               break;
+                       {
+                               struct passwd *pwd;
+                               if (NULL == (pwd = getpwnam(user)))
+                                       break;
+                               if (mbr_uid_to_uuid(pwd->pw_uid, user_uuid))
+                                       break;                          
+                       }

 
                        if (mbr_check_membership(user_uuid, group_uuid, &is_member))
                                break;
 
                        if (mbr_check_membership(user_uuid, group_uuid, &is_member))
                                break;


@@ -781,7 +834,7 @@ RuleImpl::evaluateUserCredentialForRight(const AuthorizationToken &auth, const A
 
 
 OSStatus
 
 
 OSStatus

-RuleImpl::evaluateUser(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationFlags flags, CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, AuthorizationToken &auth, SecurityAgent::Reason &reason) const
+RuleImpl::evaluateUser(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationFlags flags, CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, AuthorizationToken &auth, SecurityAgent::Reason &reason, bool savePassword) const

 {
     // If we got here, this is a kUser type rule, let's start looking for a
        // credential that is satisfactory
 {
     // If we got here, this is a kUser type rule, let's start looking for a
        // credential that is satisfactory


@@ -833,7 +886,7 @@ RuleImpl::evaluateUser(const AuthItemRef &inRight, const Rule &inRule, AuthItemS
                        
                if (status != errAuthorizationDenied) {
                        // add credential to authinfo
                        
                if (status != errAuthorizationDenied) {
                        // add credential to authinfo

-                       auth.setCredentialInfo(*it);
+                       auth.setCredentialInfo(*it, savePassword);

                        return status;
                }
 
                        return status;
                }
 


@@ -853,7 +906,7 @@ RuleImpl::evaluateUser(const AuthItemRef &inRight, const Rule &inRule, AuthItemS
                                // whack an equivalent credential, so it gets updated to a later achieved credential which must have been more stringent
                                credentials.erase(*it); credentials.insert(*it);
                                // add credential to authinfo
                                // whack an equivalent credential, so it gets updated to a later achieved credential which must have been more stringent
                                credentials.erase(*it); credentials.insert(*it);
                                // add credential to authinfo

-                               auth.setCredentialInfo(*it);
+                               auth.setCredentialInfo(*it, savePassword);

 
                                return status;
                        }
 
                                return status;
                        }


@@ -879,11 +932,11 @@ RuleImpl::evaluateUser(const AuthItemRef &inRight, const Rule &inRule, AuthItemS
 
        setAgentHints(inRight, inRule, environmentToClient, auth);
 
 
        setAgentHints(inRight, inRule, environmentToClient, auth);
 

-       return evaluateAuthentication(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth, reason);
+       return evaluateAuthentication(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth, reason, savePassword);

 }
 
 OSStatus
 }
 
 OSStatus

-RuleImpl::evaluateMechanismOnly(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationToken &auth, CredentialSet &outCredentials) const
+RuleImpl::evaluateMechanismOnly(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationToken &auth, CredentialSet &outCredentials, bool savePassword) const

 {
        uint32 tries = 0; 
        OSStatus status;
 {
        uint32 tries = 0; 
        OSStatus status;


@@ -914,7 +967,7 @@ RuleImpl::evaluateMechanismOnly(const AuthItemRef &inRight, const Rule &inRule,
                                (status == errAuthorizationCanceled)) // @@@ can only pass back sideband through context
                        {
                                secdebug("AuthEvalMech", "storing new context for authorization");
                                (status == errAuthorizationCanceled)) // @@@ can only pass back sideband through context
                        {
                                secdebug("AuthEvalMech", "storing new context for authorization");

-                               auth.setInfoSet(eval.context());
+                               auth.setInfoSet(eval.context(), savePassword);

                                if (status == errAuthorizationSuccess)
                                {
                     // (try to) attach the authorizing UID to the least-priv cred
                                if (status == errAuthorizationSuccess)
                                {
                     // (try to) attach the authorizing UID to the least-priv cred


@@ -939,8 +992,16 @@ RuleImpl::evaluateMechanismOnly(const AuthItemRef &inRight, const Rule &inRule,
                             logger.logLeastPrivilege(cltUid, false);
                         }
                     }
                             logger.logLeastPrivilege(cltUid, false);
                         }
                     }

-                                       else
-                                               outCredentials = makeCredentials(auth);
+                                       else {
+                                               if (0 == strcmp(rightName, "system.login.console") && NULL == eval.context().find(AGENT_CONTEXT_AUTO_LOGIN)) {
+                                                       secdebug("AuthEvalMech", "We logged in as the session owner.\n");
+                                                       SessionAttributeBits flags = auth.session().attributes();
+                                                       flags |= AU_SESSION_FLAG_HAS_AUTHENTICATED;
+                                                       auth.session().setAttributes(flags);                                                    
+                                               }
+                                               CredentialSet newCredentials = makeCredentials(auth);
+                                               outCredentials.insert(newCredentials.begin(), newCredentials.end());
+                                       }

                                }
                        }
 
                                }
                        }
 


@@ -967,7 +1028,7 @@ RuleImpl::evaluateMechanismOnly(const AuthItemRef &inRight, const Rule &inRule,
 }
 
 OSStatus
 }
 
 OSStatus

-RuleImpl::evaluateRules(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationFlags flags, CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, AuthorizationToken &auth, SecurityAgent::Reason &reason) const
+RuleImpl::evaluateRules(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationFlags flags, CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, AuthorizationToken &auth, SecurityAgent::Reason &reason, bool savePassword) const

 {
        // line up the rules to try
        if (!mRuleDef.size())
 {
        // line up the rules to try
        if (!mRuleDef.size())


@@ -984,7 +1045,7 @@ RuleImpl::evaluateRules(const AuthItemRef &inRight, const Rule &inRule, AuthItem
                        return errAuthorizationSuccess;
 
                // get a rule and try it
                        return errAuthorizationSuccess;
 
                // get a rule and try it

-               status = (*it)->evaluate(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth, reason);
+               status = (*it)->evaluate(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth, reason, savePassword);

 
                // if status is cancel/internal error abort
                if ((status == errAuthorizationCanceled) || (status == errAuthorizationInternal))
 
                // if status is cancel/internal error abort
                if ((status == errAuthorizationCanceled) || (status == errAuthorizationInternal))


@@ -1001,13 +1062,16 @@ RuleImpl::evaluateRules(const AuthItemRef &inRight, const Rule &inRule, AuthItem
                else
                        count++;
        }
                else
                        count++;
        }

+
+       if ((mType == kKofN) && (status == errAuthorizationSuccess) && (count < mKofN))
+               status = errAuthorizationDenied;

        
        return status; // return the last failure
 }
 
 
 OSStatus
        
        return status; // return the last failure
 }
 
 
 OSStatus

-RuleImpl::evaluate(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationFlags flags, CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, AuthorizationToken &auth, SecurityAgent::Reason &reason) const
+RuleImpl::evaluate(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationFlags flags, CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, AuthorizationToken &auth, SecurityAgent::Reason &reason, bool savePassword) const

 {
        switch (mType)
        {
 {
        switch (mType)
        {


@@ -1019,18 +1083,18 @@ RuleImpl::evaluate(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &
                return errAuthorizationDenied;
        case kUser:
         SECURITYD_AUTH_USER(&auth, (char *)name().c_str());
                return errAuthorizationDenied;
        case kUser:
         SECURITYD_AUTH_USER(&auth, (char *)name().c_str());

-               return evaluateUser(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth, reason);
+               return evaluateUser(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth, reason, savePassword);

        case kRuleDelegation:
         SECURITYD_AUTH_RULES(&auth, (char *)name().c_str());
        case kRuleDelegation:
         SECURITYD_AUTH_RULES(&auth, (char *)name().c_str());

-               return evaluateRules(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth, reason);
+               return evaluateRules(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth, reason, savePassword);

        case kKofN:
         SECURITYD_AUTH_KOFN(&auth, (char *)name().c_str());
        case kKofN:
         SECURITYD_AUTH_KOFN(&auth, (char *)name().c_str());

-               return evaluateRules(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth, reason);
+               return evaluateRules(inRight, inRule, environmentToClient, flags, now, inCredentials, credentials, auth, reason, savePassword);

        case kEvaluateMechanisms:
         SECURITYD_AUTH_MECHRULE(&auth, (char *)name().c_str());
             // if we had a SecurityAgent::Reason code for "mechanism denied,"
             // it would make sense to pass down "reason"
        case kEvaluateMechanisms:
         SECURITYD_AUTH_MECHRULE(&auth, (char *)name().c_str());
             // if we had a SecurityAgent::Reason code for "mechanism denied,"
             // it would make sense to pass down "reason"

-               return evaluateMechanismOnly(inRight, inRule, environmentToClient, auth, credentials);
+               return evaluateMechanismOnly(inRight, inRule, environmentToClient, auth, credentials, savePassword);

        default:
                Syslog::alert("Unrecognized rule type %d", mType);
                MacOSError::throwMe(errAuthorizationInternal); // invalid rule
        default:
                Syslog::alert("Unrecognized rule type %d", mType);
                MacOSError::throwMe(errAuthorizationInternal); // invalid rule

diff --git a/src/AuthorizationRule.h b/src/AuthorizationRule.h
index 7a8e5bc8ff4ea44298cc0a070a65f2fa83bd319f..f6623b6ad42f33ad3d8a3e810b1fcaa763ca8fc8 100644 (file)
--- a/src/AuthorizationRule.h
+++ b/src/AuthorizationRule.h
@@ -46,9 +46,10 @@ public:
        OSStatus evaluate(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient,
                AuthorizationFlags flags, CFAbsoluteTime now,
                const CredentialSet *inCredentials, CredentialSet &credentials,
        OSStatus evaluate(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient,
                AuthorizationFlags flags, CFAbsoluteTime now,
                const CredentialSet *inCredentials, CredentialSet &credentials,

-               AuthorizationToken &auth, SecurityAgent::Reason &reason) const;
+               AuthorizationToken &auth, SecurityAgent::Reason &reason, bool savePassword) const;

 
        string name() const { return mRightName; }
 
        string name() const { return mRightName; }

+       bool extractPassword() const { return mExtractPassword; }

 
 private:
 // internal machinery
 
 private:
 // internal machinery


@@ -62,19 +63,19 @@ private:
        OSStatus evaluateRules(const AuthItemRef &inRight, const Rule &inRule,
     AuthItemSet &environmentToClient, AuthorizationFlags flags,
        CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials,
        OSStatus evaluateRules(const AuthItemRef &inRight, const Rule &inRule,
     AuthItemSet &environmentToClient, AuthorizationFlags flags,
        CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials,

-       AuthorizationToken &auth, SecurityAgent::Reason &reason) const;
+       AuthorizationToken &auth, SecurityAgent::Reason &reason, bool savePassword) const;

 
        void setAgentHints(const AuthItemRef &inRight, const Rule &inTopLevelRule, AuthItemSet &environmentToClient, AuthorizationToken &auth) const;
 
        // perform authorization based on running specified mechanisms (see evaluateMechanism)
 
        void setAgentHints(const AuthItemRef &inRight, const Rule &inTopLevelRule, AuthItemSet &environmentToClient, AuthorizationToken &auth) const;
 
        // perform authorization based on running specified mechanisms (see evaluateMechanism)

-       OSStatus evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationFlags flags, CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, AuthorizationToken &auth, SecurityAgent::Reason &reason) const;
+       OSStatus evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationFlags flags, CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, AuthorizationToken &auth, SecurityAgent::Reason &reason, bool savePassword) const;

 
        OSStatus evaluateUser(const AuthItemRef &inRight, const Rule &inRule,
                AuthItemSet &environmentToClient, AuthorizationFlags flags,
                CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials,
 
        OSStatus evaluateUser(const AuthItemRef &inRight, const Rule &inRule,
                AuthItemSet &environmentToClient, AuthorizationFlags flags,
                CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials,

-               AuthorizationToken &auth, SecurityAgent::Reason &reason) const;
+               AuthorizationToken &auth, SecurityAgent::Reason &reason, bool savePassword) const;

 
 

-       OSStatus evaluateMechanismOnly(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationToken &auth, CredentialSet &outCredentials) const;
+       OSStatus evaluateMechanismOnly(const AuthItemRef &inRight, const Rule &inRule, AuthItemSet &environmentToClient, AuthorizationToken &auth, CredentialSet &outCredentials, bool savePassword) const;

 
        // find username hint based on session owner
        OSStatus evaluateSessionOwner(const AuthItemRef &inRight, const Rule &inRule, const AuthItemSet &environment, const CFAbsoluteTime now, const AuthorizationToken &auth, Credential &credential, SecurityAgent::Reason &reason) const;
 
        // find username hint based on session owner
        OSStatus evaluateSessionOwner(const AuthItemRef &inRight, const Rule &inRule, const AuthItemSet &environment, const CFAbsoluteTime now, const AuthorizationToken &auth, Credential &credential, SecurityAgent::Reason &reason) const;


@@ -82,6 +83,7 @@ private:
        CredentialSet makeCredentials(const AuthorizationToken &auth) const;
        
        map<string,string> localizedPrompts() const { return mLocalizedPrompts; }
        CredentialSet makeCredentials(const AuthorizationToken &auth) const;
        
        map<string,string> localizedPrompts() const { return mLocalizedPrompts; }

+       map<string,string> localizedButtons() const { return mLocalizedButtons; }

        
     
 // parsed attributes
        
     
 // parsed attributes


@@ -106,8 +108,10 @@ private:
        vector<Rule> mRuleDef;
        uint32_t mKofN;
        mutable uint32_t mTries;
        vector<Rule> mRuleDef;
        uint32_t mKofN;
        mutable uint32_t mTries;

+       bool mExtractPassword;

        bool mAuthenticateUser;
        map<string,string> mLocalizedPrompts;
        bool mAuthenticateUser;
        map<string,string> mLocalizedPrompts;

+       map<string,string> mLocalizedButtons;

 
 private:
 
 
 private:
 


@@ -118,7 +122,7 @@ private:
                static double getDouble(CFDictionaryRef config, CFStringRef key, bool required, double defaultValue);
                static string getString(CFDictionaryRef config, CFStringRef key, bool required, const char *defaultValue);
                static vector<string> getVector(CFDictionaryRef config, CFStringRef key, bool required);
                static double getDouble(CFDictionaryRef config, CFStringRef key, bool required, double defaultValue);
                static string getString(CFDictionaryRef config, CFStringRef key, bool required, const char *defaultValue);
                static vector<string> getVector(CFDictionaryRef config, CFStringRef key, bool required);

-               static bool getLocalizedPrompts(CFDictionaryRef config, map<string,string> &localizedPrompts);
+               static bool getLocalizedText(CFDictionaryRef config, map<string,string> &localizedPrompts, CFStringRef dictKey, const char *descriptionKey);

        };
 
 
        };
 
 


@@ -131,7 +135,9 @@ private:
        static CFStringRef kSessionOwnerID;
        static CFStringRef kKofNID;
        static CFStringRef kPromptID;
        static CFStringRef kSessionOwnerID;
        static CFStringRef kKofNID;
        static CFStringRef kPromptID;

+       static CFStringRef kButtonID;

     static CFStringRef kTriesID;
     static CFStringRef kTriesID;

+       static CFStringRef kExtractPasswordID;

     
        static CFStringRef kRuleClassID;
        static CFStringRef kRuleAllowID;
     
        static CFStringRef kRuleClassID;
        static CFStringRef kRuleAllowID;

diff --git a/src/agentquery.cpp b/src/agentquery.cpp
index b165b4f4ebd10d9fa661820d3a9621726c5bbc25..b929b953ba35f47dbc3146421d7fbf134ab3ddfe 100644 (file)
--- a/src/agentquery.cpp
+++ b/src/agentquery.cpp
@@ -31,7 +31,12 @@
 #include <Security/AuthorizationTags.h>
 #include <Security/AuthorizationTagsPriv.h>
 #include <Security/checkpw.h>
 #include <Security/AuthorizationTags.h>
 #include <Security/AuthorizationTagsPriv.h>
 #include <Security/checkpw.h>

+#include <System/sys/fileport.h>
+#include <bsm/audit.h>

 #include <bsm/audit_uevents.h>      // AUE_ssauthint
 #include <bsm/audit_uevents.h>      // AUE_ssauthint

+#include <security_utilities/logging.h>
+#include <security_utilities/mach++.h>
+#include <stdlib.h>

 
 //
 // NOSA support functions. This is a test mode where the SecurityAgent
 
 //
 // NOSA support functions. This is a test mode where the SecurityAgent


@@ -93,15 +98,82 @@ void
 SecurityAgentConnection::activate()
 {
     secdebug("SecurityAgentConnection", "activate(%p)", this);
 SecurityAgentConnection::activate()
 {
     secdebug("SecurityAgentConnection", "activate(%p)", this);

+       
+    Session &session = mHostInstance->session();
+    SessionId targetSessionId = session.sessionId();
+    MachPlusPlus::Bootstrap processBootstrap = Server::process().taskPort().bootstrap();
+    fileport_t userPrefsFP = MACH_PORT_NULL;
+       
+    // send the the userPrefs to SecurityAgent
+    if (mAuthHostType == securityAgent || mAuthHostType == userAuthHost) {
+               CFRef<CFDataRef> userPrefs(mHostInstance->session().copyUserPrefs());
+               if (NULL != userPrefs)
+               {
+                       FILE *mbox = NULL;
+                       int fd = 0;
+                       mbox = tmpfile();               
+                       if (NULL != mbox)
+                       {
+                               fd = dup(fileno(mbox));
+                               fclose(mbox);
+                               if (fd != -1)
+                               {
+                                       CFIndex length = CFDataGetLength(userPrefs);
+                                       if (write(fd, CFDataGetBytePtr(userPrefs), length) != length)
+                                               Syslog::error("could not write userPrefs");
+                                       else
+                                       {
+                                               if (0 == fileport_makeport(fd, &userPrefsFP))
+                                                       secdebug("SecurityAgentConnection", "stashed the userPrefs file descriptor");
+                                               else
+                                                       Syslog::error("failed to stash the userPrefs file descriptor");
+                                       }
+                                       close(fd);
+                               }
+                       }
+               }
+               if (MACH_PORT_NULL == userPrefsFP)
+               {
+                       secdebug("SecurityAgentConnection", "could not read userPrefs");
+               }
+    }
+    

        mConnection->useAgent(this);
        mConnection->useAgent(this);

-       try {
-        mPort = mHostInstance->activate();
+       try 
+    {
+        StLock<Mutex> _(*mHostInstance);
+               
+        mach_port_t lookupPort = mHostInstance->lookup(targetSessionId);
+        if (MACH_PORT_NULL == lookupPort)
+        {
+                       Syslog::error("could not find real service, bailing");
+                       MacOSError::throwMe(CSSM_ERRCODE_SERVICE_NOT_AVAILABLE);
+        }
+        // reset Client contact info
+        mPort = lookupPort;
+        SecurityAgent::Client::activate(mPort);
+        

         secdebug("SecurityAgentConnection", "%p activated", this);
         secdebug("SecurityAgentConnection", "%p activated", this);

-       } catch (...) {
+       } 
+    catch (MacOSError &err) 
+    {

                mConnection->useAgent(NULL);    // guess not
                mConnection->useAgent(NULL);    // guess not

-        secdebug("SecurityAgentConnection", "error activating %p", this);
+        Syslog::error("SecurityAgentConnection: error activating %s instance %p",
+                      mAuthHostType == privilegedAuthHost 
+                      ? "authorizationhost" 
+                      : "SecurityAgent", this);

                throw;
        }
                throw;
        }

+       
+    secdebug("SecurityAgentConnection", "contacting service (%p)", this);
+       mach_port_name_t jobPort;
+       if (0 > audit_session_port(session.sessionId(), &jobPort))
+               Syslog::error("audit_session_port failed: %m");
+    MacOSError::check(SecurityAgent::Client::contact(jobPort, processBootstrap, userPrefsFP));
+    secdebug("SecurityAgentConnection", "contact didn't throw (%p)", this);
+       
+    if (userPrefsFP != MACH_PORT_NULL)
+        mach_port_deallocate(mach_task_self(), userPrefsFP);

 }
 
 void
 }
 
 void


@@ -110,8 +182,6 @@ SecurityAgentConnection::reconnect()
     // if !mHostInstance throw()?
     if (mHostInstance)
     {
     // if !mHostInstance throw()?
     if (mHostInstance)
     {

-        Session &session = mHostInstance->session();
-        mHostInstance = session.authhost(mAuthHostType, true);

         activate();
     }
 }
         activate();
     }
 }


@@ -188,22 +258,6 @@ SecurityAgentQuery::~SecurityAgentQuery()
         destroy(); 
 }
 
         destroy(); 
 }
 

-void 
-SecurityAgentQuery::activate()
-{
-    SecurityAgentConnection::activate();
-    SecurityAgent::Client::activate(mPort);
-    secdebug("SecurityAgentQuery", "activate(%p)", this);
-}
-
-void 
-SecurityAgentQuery::reconnect()
-{
-    SecurityAgentConnection::reconnect();
-    SecurityAgent::Client::activate(mPort);
-    secdebug("SecurityAgentQuery", "reconnect(%p)", this);
-}
-

 void
 SecurityAgentQuery::inferHints(Process &thisProcess)
 {
 void
 SecurityAgentQuery::inferHints(Process &thisProcess)
 {

diff --git a/src/agentquery.h b/src/agentquery.h
index 771ee7e0b69ae35c82520c07011af5e0d437146f..ef635a3dcb747f205e09b0c4ce9f3343bd65db3b 100644 (file)
--- a/src/agentquery.h
+++ b/src/agentquery.h
@@ -45,7 +45,8 @@ using Security::OSXCode;
 //
 // base for classes talking to SecurityAgent and authorizationhost
 //
 //
 // base for classes talking to SecurityAgent and authorizationhost
 //

-class SecurityAgentConnection : public SecurityAgentConnectionInterface
+class SecurityAgentConnection : public SecurityAgent::Client,
+                                public SecurityAgentConnectionInterface

 {
 public:
     SecurityAgentConnection(const AuthHostType type = securityAgent, Session &session = Server::session());
 {
 public:
     SecurityAgentConnection(const AuthHostType type = securityAgent, Session &session = Server::session());


@@ -90,8 +91,7 @@ private:
 //
 // The main SecurityAgent/authorizationhost interaction base class
 //
 //
 // The main SecurityAgent/authorizationhost interaction base class
 //

-class SecurityAgentQuery : public SecurityAgent::Client, 
-                           public SecurityAgentConnection
+class SecurityAgentQuery : public SecurityAgentConnection

 {
 public:
        typedef SecurityAgent::Reason Reason;
 {
 public:
        typedef SecurityAgent::Reason Reason;


@@ -104,8 +104,6 @@ public:
 
        virtual ~SecurityAgentQuery();
 
 
        virtual ~SecurityAgentQuery();
 

-       virtual void activate();
-       virtual void reconnect();

        virtual void disconnect();
        virtual void terminate();
        void create(const char *pluginId, const char *mechanismId, const SessionId inSessionId);
        virtual void disconnect();
        virtual void terminate();
        void create(const char *pluginId, const char *mechanismId, const SessionId inSessionId);


@@ -190,7 +188,7 @@ private:
 // A query for a new passphrase
 //
 class QueryNewPassphrase : public SecurityAgentQuery {
 // A query for a new passphrase
 //
 class QueryNewPassphrase : public SecurityAgentQuery {

-       static const int maxTries = 7;
+       static const int maxTries = kMaximumAuthorizationTries;

 public:
        QueryNewPassphrase(Database &db, Reason reason) :
            database(db), initialReason(reason),
 public:
        QueryNewPassphrase(Database &db, Reason reason) :
            database(db), initialReason(reason),

diff --git a/src/auditevents.cpp b/src/auditevents.cpp
new file mode 100644 (file)
index 0000000..4654131
--- /dev/null
+++ b/src/auditevents.cpp
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2009 Apple Inc. All Rights Reserved.
+ * 
+ * @APPLE_LICENSE_HEADER_START@
+ * 
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ * 
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+//
+// auditevents - monitor and act upon audit subsystem events
+//
+#include "auditevents.h"
+#include "dtrace.h"
+#include <security_utilities/logging.h>
+#include "self.h"
+
+using namespace UnixPlusPlus;
+using namespace MachPlusPlus;
+
+
+AuditMonitor::AuditMonitor(Port relay)
+       : mRelay(relay)
+{
+}
+
+AuditMonitor::~AuditMonitor()
+{
+}
+
+
+//
+// Endlessly retrieve session events and dispatch them.
+// (The current version of MachServer cannot receive FileDesc-based events,
+// so we need a monitor thread for this.)
+//
+void AuditMonitor::action()
+{
+       au_sdev_handle_t *dev = au_sdev_open(AU_SDEVF_ALLSESSIONS);
+       int event;
+       auditinfo_addr_t aia;
+
+       if (NULL == dev) {
+               Syslog::error("This is bad, man. I've got bad vibes here. Could not open %s: %d", AUDIT_SDEV_PATH, errno);
+               return;
+       }
+
+       for (;;) {
+               if (0 != au_sdev_read_aia(dev, &event, &aia)) {
+                       Syslog::error("au_sdev_read_aia failed: %d\n", errno);
+                       continue;
+               }
+               SECURITYD_SESSION_NOTIFY(aia.ai_asid, event, aia.ai_auid);
+               if (kern_return_t rc = self_client_handleSession(mRelay, mach_task_self(), event, aia.ai_asid))
+                       Syslog::error("self-send failed (mach error %d)", rc);
+       }
+}

diff --git a/src/auditevents.h b/src/auditevents.h
new file mode 100644 (file)
index 0000000..4a110ba
--- /dev/null
+++ b/src/auditevents.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2009 Apple Inc. All Rights Reserved.
+ * 
+ * @APPLE_LICENSE_HEADER_START@
+ * 
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ * 
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+//
+// child - track a single child process and its belongings
+//
+#ifndef _H_AUDITEVENTS
+#define _H_AUDITEVENTS
+
+#include <security_utilities/threading.h>
+#include <security_utilities/mach++.h>
+#include <security_utilities/kq++.h>
+#include <sys/event.h>
+#include <bsm/audit_session.h>
+
+
+class AuditMonitor : public Thread, public UnixPlusPlus::KQueue {
+public:
+       AuditMonitor(MachPlusPlus::Port relay);
+       ~AuditMonitor();
+       
+       void action();
+
+private:
+       MachPlusPlus::Port mRelay;
+};
+
+
+#endif //_H_AUDITEVENTS

diff --git a/src/authhost.cpp b/src/authhost.cpp
index bc3f2457555958fa53581d3cb9d905a9c25fe915..3ca8f54a0f5b83dda2f070e0da23be0867025ca2 100644 (file)
--- a/src/authhost.cpp
+++ b/src/authhost.cpp
@@ -25,6 +25,12 @@
 #include <fcntl.h>
 #include "authhost.h"
 #include "server.h"
 #include <fcntl.h>
 #include "authhost.h"
 #include "server.h"

+#include <security_utilities/logging.h>
+#include <security_utilities/debugging.h>
+#include <security_agent_client/sa_request.h>
+#include <security_agent_client/utils.h>
+#include <bsm/audit.h>
+#include <bootstrap_priv.h>

 
 #include <grp.h>
 #include <pwd.h>
 
 #include <grp.h>
 #include <pwd.h>


@@ -71,6 +77,12 @@ Session &AuthHostInstance::session() const
 void
 AuthHostInstance::childAction()
 {
 void
 AuthHostInstance::childAction()
 {

+       // switch to desired session
+       CommonCriteria::AuditInfo &audit = this->session().auditInfo();
+       audit.get(audit.sessionId());
+       audit.set();
+       //this->session().auditInfo().set();
+

        // Setup the environment for the SecurityAgent
        unsetenv("USER");
        unsetenv("LOGNAME");
        // Setup the environment for the SecurityAgent
        unsetenv("USER");
        unsetenv("LOGNAME");


@@ -96,6 +108,7 @@ AuthHostInstance::childAction()
        const char *path = getenv("SECURITYAGENT");
        if (!path)
                path = "/System/Library/CoreServices/SecurityAgent.app";
        const char *path = getenv("SECURITYAGENT");
        if (!path)
                path = "/System/Library/CoreServices/SecurityAgent.app";

+       secdebug("adhoc", "hostType = %d", mHostType);

 
        if ((mHostType == userAuthHost) || (mHostType == privilegedAuthHost))
        {
 
        if ((mHostType == userAuthHost) || (mHostType == privilegedAuthHost))
        {


@@ -116,42 +129,54 @@ AuthHostInstance::childAction()
                setgid(agent_gid);
                setuid(agent_uid);
 
                setgid(agent_gid);
                setuid(agent_uid);
 

-               CFRef<CFDataRef> userPrefs(session().copyUserPrefs());
-               
-               FILE *mbox = tmpfile();
-               
-               if (userPrefs && mbox)
-               {
-                       if (fwrite(CFDataGetBytePtr(userPrefs), CFDataGetLength(userPrefs), 1, mbox) != 1)
-                               fclose(mbox);
-                       else
-                       {
-                               char mboxFdString[20];
-                               fflush(mbox);
-                               if ((int)sizeof(mboxFdString) > snprintf(mboxFdString, sizeof(mboxFdString), "%d", fileno(mbox)))
-                                       setenv("SECURITYAGENT_USERPREFS_FD", mboxFdString, 1);
-                       }
-               }
-               

                secdebug("AuthHostInstance", "execl(%s) as user (%d,%d)", agentExecutable, agent_uid, agent_gid);
                execl(agentExecutable, agentExecutable, NULL);
        }
 
        secdebug("AuthHostInstance", "execl failed, errno=%d", errno);
        // Unconditional suicide follows.
                secdebug("AuthHostInstance", "execl(%s) as user (%d,%d)", agentExecutable, agent_uid, agent_gid);
                execl(agentExecutable, agentExecutable, NULL);
        }
 
        secdebug("AuthHostInstance", "execl failed, errno=%d", errno);
        // Unconditional suicide follows.

-       // See comments below on why we can't use abort()
-#if 1

        _exit(1);
        _exit(1);

-#else
-       // NOTE: OS X abort() is implemented as kill(getuid()), which fails
-       // for a setuid-root process that has setuid'd. Go back to root to die...
-       setuid(0);
-       abort();
-#endif

 }
 
 }
 

-Port
-AuthHostInstance::activate()
+// @@@  these definitions and the logic in lookup() should move into 
+// libsecurity_agent
+#define SECURITYAGENT_BOOTSTRAP_NAME_BASE       "com.apple.SecurityAgent"
+#define AUTHORIZATIONHOST_BOOTSTRAP_NAME_BASE   "com.apple.authorizationhost"
+
+mach_port_t
+AuthHostInstance::lookup(SessionId jobId)
+{
+    StLock<Mutex> _(*this);
+    
+    mach_port_t pluginhostPort = MACH_PORT_NULL;
+    kern_return_t result;
+    const char *serviceName;
+    /* PR-7483709 const */ uuid_t instanceId = UUID_INITIALIZER_FROM_SESSIONID(jobId);
+    uuid_string_t s;
+
+    if ((mHostType == securityAgent) &&
+      !(session().attributes() & sessionHasGraphicAccess))
+        CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
+    
+    if (mHostType == securityAgent)
+       serviceName = SECURITYAGENT_BOOTSTRAP_NAME_BASE;
+    else
+       serviceName = AUTHORIZATIONHOST_BOOTSTRAP_NAME_BASE;
+
+    secdebug("AuthHostInstance", "looking up %s instance %s", serviceName,
+      uuid_to_string(instanceId, s)); // XXX/gh  debugging
+    if ((result = bootstrap_look_up3(bootstrap_port, serviceName,
+      &pluginhostPort, 0, instanceId, BOOTSTRAP_SPECIFIC_INSTANCE)) != KERN_SUCCESS) {
+
+        Syslog::error("error %d looking up %s instance %s", result, serviceName,
+         uuid_to_string(instanceId, s));
+    } else
+       secdebug("AuthHostInstance", "port = %x", (unsigned int)pluginhostPort);
+
+    return pluginhostPort;
+}
+
+Port AuthHostInstance::activate()

 {
        StLock<Mutex> _(*this);
        if (state() != alive)
 {
        StLock<Mutex> _(*this);
        if (state() != alive)


@@ -160,8 +185,6 @@ AuthHostInstance::activate()
                    !(session().attributes() & sessionHasGraphicAccess))
                        CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
 
                    !(session().attributes() & sessionHasGraphicAccess))
                        CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
 

-               Security::MachPlusPlus::StBootstrap bootSaver(session().bootstrapPort());
-

                fork();
                switch (ServerChild::state()) {
                case Child::alive:
                fork();
                switch (ServerChild::state()) {
                case Child::alive:

diff --git a/src/authhost.h b/src/authhost.h
index 5ec87e408d7569ce200c5a7a180c8887f6e20df0..5e415339b0f88c82a080a86866b8aa158e78e378 100644 (file)
--- a/src/authhost.h
+++ b/src/authhost.h
@@ -23,6 +23,8 @@
 #ifndef _H_AUTHHOST
 #define _H_AUTHHOST
 
 #ifndef _H_AUTHHOST
 #define _H_AUTHHOST
 

+#include <security_agent_client/sa_types.h>
+

 #include "structure.h"
 #include "child.h"
 
 #include "structure.h"
 #include "child.h"
 


@@ -40,6 +42,7 @@ public:
        virtual ~AuthHostInstance();
 
        Session &session() const;
        virtual ~AuthHostInstance();
 
        Session &session() const;

+       mach_port_t lookup(SessionId jobId);

        Port activate();
                
 protected:
        Port activate();
                
 protected:

diff --git a/src/authority.cpp b/src/authority.cpp
index 3b910d0543461896076f3f3b4ea79b669576d837..5577188bb46abb4d6ca250f6322e8b8e3499b5c0 100644 (file)
--- a/src/authority.cpp
+++ b/src/authority.cpp
@@ -35,6 +35,8 @@
 
 #include <security_utilities/ccaudit.h>                // AuditToken
 
 
 #include <security_utilities/ccaudit.h>                // AuditToken
 

+#include <sandbox.h>
+

 using Authorization::AuthItemSet;
 using Authorization::AuthItemRef;
 using Authorization::AuthValue;
 using Authorization::AuthItemSet;
 using Authorization::AuthItemRef;
 using Authorization::AuthValue;


@@ -62,6 +64,11 @@ const audit_token_t &auditToken, bool operateAsLeastPrivileged)
 {
        mCreatorUid = mCreatorAuditToken.euid();
        mCreatorGid = mCreatorAuditToken.egid();
 {
        mCreatorUid = mCreatorAuditToken.euid();
        mCreatorGid = mCreatorAuditToken.egid();

+
+       if (sandbox_check(mCreatorPid, "authorization-right-obtain", SANDBOX_FILTER_NONE) != 0)
+               mCreatorSandboxed = true;
+       else
+               mCreatorSandboxed = false;

        
        if (SecCodeRef code = Server::process().currentGuest())
                MacOSError::check(SecCodeCopyStaticCode(code, kSecCSDefaultFlags, &mCreatorCode.aref()));
        
        if (SecCodeRef code = Server::process().currentGuest())
                MacOSError::check(SecCodeCopyStaticCode(code, kSecCSDefaultFlags, &mCreatorCode.aref()));


@@ -236,30 +243,40 @@ AuthorizationToken::infoSet(AuthorizationString tag)
 }
 
 void
 }
 
 void

-AuthorizationToken::setInfoSet(AuthItemSet &newInfoSet)
+AuthorizationToken::setInfoSet(AuthItemSet &newInfoSet, bool savePassword)

 {
        StLock<Mutex> _(mLock); // consider a separate lock
     secdebug("SSauth", "Authorization %p setting new context", this);
 {
        StLock<Mutex> _(mLock); // consider a separate lock
     secdebug("SSauth", "Authorization %p setting new context", this);

+       
+       AuthItemSet::const_iterator end = mInfoSet.end();
+       for (AuthItemSet::const_iterator it = mInfoSet.begin(); it != end; ++it) {
+               const AuthItemRef &item = *it;
+               if (0 == strcmp(item->name(), "password")) {
+                       mSavedPassword.clear();
+                       mSavedPassword.insert(item);
+               }
+       }
+       
+       if (true == savePassword)
+               newInfoSet.insert(mSavedPassword.begin(), mSavedPassword.end());
+

     mInfoSet = newInfoSet;
 }
 
 // This is destructive (non-merging)
 void
     mInfoSet = newInfoSet;
 }
 
 // This is destructive (non-merging)
 void

-AuthorizationToken::setCredentialInfo(const Credential &inCred)
+AuthorizationToken::setCredentialInfo(const Credential &inCred, bool savePassword)

 {
     AuthItemSet dstInfoSet;
 {
     AuthItemSet dstInfoSet;

-    char uid_string[16]; // fit a uid_t(u_int32_t)
-       
-    if (snprintf(uid_string, sizeof(uid_string), "%u", inCred->uid()) >=
-               int(sizeof(uid_string)))
-        uid_string[0] = '\0';
-    AuthItemRef uidHint("uid", AuthValueOverlay(uid_string[0] ? strlen(uid_string) + 1 : 0, uid_string), 0);
+
+    uid_t uid = inCred->uid();
+    AuthItemRef uidHint("uid", AuthValueOverlay(sizeof(uid), &uid));

     dstInfoSet.insert(uidHint);
  
     AuthItemRef userHint("username", AuthValueOverlay(inCred->username()), 0);
     dstInfoSet.insert(userHint);
  
     dstInfoSet.insert(uidHint);
  
     AuthItemRef userHint("username", AuthValueOverlay(inCred->username()), 0);
     dstInfoSet.insert(userHint);
  

-       setInfoSet(dstInfoSet);
+       setInfoSet(dstInfoSet, savePassword);

 }
 
 void
 }
 
 void


@@ -267,11 +284,11 @@ AuthorizationToken::clearInfoSet()
 {
     AuthItemSet dstInfoSet;
     secdebug("SSauth", "Authorization %p clearing context", this);
 {
     AuthItemSet dstInfoSet;
     secdebug("SSauth", "Authorization %p clearing context", this);

-    setInfoSet(dstInfoSet);
+    setInfoSet(dstInfoSet, false);

 }
 
 void
 }
 
 void

-AuthorizationToken::scrubInfoSet()
+AuthorizationToken::scrubInfoSet(bool savePassword)

 {
        AuthItemSet srcInfoSet = infoSet(), dstInfoSet;
        AuthItemSet::const_iterator end = srcInfoSet.end();
 {
        AuthItemSet srcInfoSet = infoSet(), dstInfoSet;
        AuthItemSet::const_iterator end = srcInfoSet.end();


@@ -282,5 +299,5 @@ AuthorizationToken::scrubInfoSet()
                        dstInfoSet.insert(item);
        }
     secdebug("SSauth", "Authorization %p scrubbing context", this);
                        dstInfoSet.insert(item);
        }
     secdebug("SSauth", "Authorization %p scrubbing context", this);

-    setInfoSet(dstInfoSet);
+    setInfoSet(dstInfoSet, savePassword);

 }
 }

diff --git a/src/authority.h b/src/authority.h
index 044ffeea6cee58a95ef187c9959e59db90d8b515..009d734d87243a67ecfd6045af4ebc3a4cba8a36 100644 (file)
--- a/src/authority.h
+++ b/src/authority.h
@@ -72,14 +72,15 @@ public:
        gid_t creatorGid() const        { return mCreatorGid; }
     SecStaticCodeRef creatorCode() const { return mCreatorCode; }
        pid_t creatorPid() const        { return mCreatorPid; }
        gid_t creatorGid() const        { return mCreatorGid; }
     SecStaticCodeRef creatorCode() const { return mCreatorCode; }
        pid_t creatorPid() const        { return mCreatorPid; }

+       bool creatorSandboxed() const { return mCreatorSandboxed; }

        
        const AuditToken &creatorAuditToken() const { return mCreatorAuditToken; }
        
        AuthItemSet infoSet(AuthorizationString tag = NULL);
        
        const AuditToken &creatorAuditToken() const { return mCreatorAuditToken; }
        
        AuthItemSet infoSet(AuthorizationString tag = NULL);

-    void setInfoSet(AuthItemSet &newInfoSet);
-    void setCredentialInfo(const Credential &inCred);
+    void setInfoSet(AuthItemSet &newInfoSet, bool savePassword);
+    void setCredentialInfo(const Credential &inCred, bool savePassword);

     void clearInfoSet();
     void clearInfoSet();

-       void scrubInfoSet();
+       void scrubInfoSet(bool savePassword);

        bool operatesAsLeastPrivileged() const { return mOperatesAsLeastPrivileged; }
 
 public:
        bool operatesAsLeastPrivileged() const { return mOperatesAsLeastPrivileged; }
 
 public:


@@ -111,6 +112,7 @@ private:
        gid_t mCreatorGid;                              // Gid of process that created this authorization
        CFCopyRef<SecStaticCodeRef> mCreatorCode; // code reference to creator
        pid_t mCreatorPid;                              // Pid of processs that created this authorization
        gid_t mCreatorGid;                              // Gid of process that created this authorization
        CFCopyRef<SecStaticCodeRef> mCreatorCode; // code reference to creator
        pid_t mCreatorPid;                              // Pid of processs that created this authorization

+       bool mCreatorSandboxed;         // A record of whether or not the creator was Sandboxed

        
        AuditToken mCreatorAuditToken;  // Audit token of the process that created this authorization
 
        
        AuditToken mCreatorAuditToken;  // Audit token of the process that created this authorization
 


@@ -118,6 +120,8 @@ private:
 
        bool mOperatesAsLeastPrivileged;
 
 
        bool mOperatesAsLeastPrivileged;
 

+       AuthItemSet mSavedPassword;
+

 private:
        typedef map<AuthorizationBlob, RefPointer<AuthorizationToken> > AuthMap;
        static AuthMap &authMap;                        // set of extant authorizations
 private:
        typedef map<AuthorizationBlob, RefPointer<AuthorizationToken> > AuthMap;
        static AuthMap &authMap;                        // set of extant authorizations

diff --git a/src/ccaudit_extensions.cpp b/src/ccaudit_extensions.cpp
index dff043a6f0f5d739983a04b4497fdb4ee21e51d4..fe43692978db56854baa31335f144dce2727b56a 100644 (file)
--- a/src/ccaudit_extensions.cpp
+++ b/src/ccaudit_extensions.cpp
@@ -112,7 +112,7 @@ AuditLogger::setClientInfo(const AuditToken &srcToken)
     mRuid = srcToken.ruid();
     mRgid = srcToken.rgid();
     mPid = srcToken.pid();
     mRuid = srcToken.ruid();
     mRgid = srcToken.rgid();
     mPid = srcToken.pid();

-    mAuditSessionId = srcToken.auditSession();
+    mAuditSessionId = srcToken.sessionId();

     memcpy(&mOldTerminalId, &(srcToken.terminalId()), sizeof(mOldTerminalId));
     
     mTerminalId.at_type = AU_IPv4;
     memcpy(&mOldTerminalId, &(srcToken.terminalId()), sizeof(mOldTerminalId));
     
     mTerminalId.at_type = AU_IPv4;

diff --git a/src/csproxy.cpp b/src/csproxy.cpp
index 5783e08987e7b97720718364ec4635ad8ffc4610..11af7cc2c82cbccfc236a12f1ff4f32554a92b56 100644 (file)
--- a/src/csproxy.cpp
+++ b/src/csproxy.cpp
@@ -36,7 +36,7 @@
 // Construct a CodeSigningHost
 //
 CodeSigningHost::CodeSigningHost()
 // Construct a CodeSigningHost
 //
 CodeSigningHost::CodeSigningHost()

-       : mHostingState(noHosting)
+       : mLock(Mutex::recursive), mHostingState(noHosting)

 {
 }
 
 {
 }
 


@@ -56,6 +56,7 @@ CodeSigningHost::~CodeSigningHost()
 //
 void CodeSigningHost::reset()
 {
 //
 void CodeSigningHost::reset()
 {

+       StLock<Mutex> _(mLock);

        switch (mHostingState) {
        case noHosting:
                break;  // nothing to do
        switch (mHostingState) {
        case noHosting:
                break;  // nothing to do


@@ -98,7 +99,7 @@ CodeSigningHost::Guest *CodeSigningHost::findHost(SecGuestRef hostRef)
 
 //
 // Look up guest by guestRef.
 
 //
 // Look up guest by guestRef.

-// Throws if they we don't have a guest by that ref.
+// Throws if we don't have a guest by that ref.

 //
 CodeSigningHost::Guest *CodeSigningHost::findGuest(SecGuestRef guestRef, bool hostOk /* = false */)
 {
 //
 CodeSigningHost::Guest *CodeSigningHost::findGuest(SecGuestRef guestRef, bool hostOk /* = false */)
 {


@@ -181,6 +182,7 @@ CodeSigningHost::Guest *CodeSigningHost::findGuest(Guest *host)
 //
 void CodeSigningHost::registerCodeSigning(mach_port_t hostingPort, SecCSFlags flags)
 {
 //
 void CodeSigningHost::registerCodeSigning(mach_port_t hostingPort, SecCSFlags flags)
 {

+       StLock<Mutex> _(mLock);

        switch (mHostingState) {
        case noHosting:
                mHostingPort = hostingPort;
        switch (mHostingState) {
        case noHosting:
                mHostingPort = hostingPort;


@@ -202,6 +204,7 @@ SecGuestRef CodeSigningHost::createGuest(SecGuestRef hostRef,
                uint32_t status, const char *path,
                const CssmData &cdhash, const CssmData &attributes, SecCSFlags flags)
 {
                uint32_t status, const char *path,
                const CssmData &cdhash, const CssmData &attributes, SecCSFlags flags)
 {

+       StLock<Mutex> _(mLock);

        if (path[0] != '/')             // relative path (relative to what? :-)
                MacOSError::throwMe(errSecCSHostProtocolRelativePath);
        if (cdhash.length() > maxUcspHashLength)
        if (path[0] != '/')             // relative path (relative to what? :-)
                MacOSError::throwMe(errSecCSHostProtocolRelativePath);
        if (cdhash.length() > maxUcspHashLength)


@@ -241,7 +244,7 @@ SecGuestRef CodeSigningHost::createGuest(SecGuestRef hostRef,
        guest->setHash(cdhash, flags & kSecCSGenerateGuestHash);
        guest->dedicated = (flags & kSecCSDedicatedHost);
        mGuests[guest->guestRef()] = guest;
        guest->setHash(cdhash, flags & kSecCSGenerateGuestHash);
        guest->dedicated = (flags & kSecCSDedicatedHost);
        mGuests[guest->guestRef()] = guest;

-       SECURITYD_GUEST_CREATE(DTSELF, hostRef, guest->guestRef(), guest->status, flags, (char *)guest->path.c_str());
+       SECURITYD_GUEST_CREATE(DTSELF, hostRef, guest->guestRef(), guest->status, flags, guest->path.c_str());

        if (SECURITYD_GUEST_CDHASH_ENABLED())
                SECURITYD_GUEST_CDHASH(DTSELF, guest->guestRef(),
                        (void*)CFDataGetBytePtr(guest->cdhash), CFDataGetLength(guest->cdhash));
        if (SECURITYD_GUEST_CDHASH_ENABLED())
                SECURITYD_GUEST_CDHASH(DTSELF, guest->guestRef(),
                        (void*)CFDataGetBytePtr(guest->cdhash), CFDataGetLength(guest->cdhash));


@@ -251,6 +254,7 @@ SecGuestRef CodeSigningHost::createGuest(SecGuestRef hostRef,
 
 void CodeSigningHost::setGuestStatus(SecGuestRef guestRef, uint32_t status, const CssmData &attributes)
 {
 
 void CodeSigningHost::setGuestStatus(SecGuestRef guestRef, uint32_t status, const CssmData &attributes)
 {

+       StLock<Mutex> _(mLock);

        if (mHostingState != proxyHosting)
                MacOSError::throwMe(errSecCSHostProtocolNotProxy);
        Guest *guest = findGuest(guestRef);
        if (mHostingState != proxyHosting)
                MacOSError::throwMe(errSecCSHostProtocolNotProxy);
        Guest *guest = findGuest(guestRef);


@@ -274,6 +278,7 @@ void CodeSigningHost::setGuestStatus(SecGuestRef guestRef, uint32_t status, cons
 //
 void CodeSigningHost::removeGuest(SecGuestRef hostRef, SecGuestRef guestRef)
 {
 //
 void CodeSigningHost::removeGuest(SecGuestRef hostRef, SecGuestRef guestRef)
 {

+       StLock<Mutex> _(mLock);

        if (mHostingState != proxyHosting) 
                MacOSError::throwMe(errSecCSHostProtocolNotProxy);
        RefPointer<Guest> host = findHost(hostRef);
        if (mHostingState != proxyHosting) 
                MacOSError::throwMe(errSecCSHostProtocolNotProxy);
        RefPointer<Guest> host = findHost(hostRef);


@@ -378,12 +383,20 @@ bool CodeSigningHost::Guest::matches(CFIndex count, CFTypeRef keys[], CFTypeRef
 //
 // The MachServer dispatch handler for proxy hosting.
 //
 //
 // The MachServer dispatch handler for proxy hosting.
 //

+
+// give MIG handlers access to the object lock
+struct CodeSigningHost::Lock : private StLock<Mutex> {
+       Lock(CodeSigningHost *host) : StLock<Mutex>(host->mLock) { }
+};
+
+

 boolean_t cshosting_server(mach_msg_header_t *, mach_msg_header_t *);
 
 static ThreadNexus<CodeSigningHost *> context;
 
 boolean_t CodeSigningHost::handle(mach_msg_header_t *in, mach_msg_header_t *out)
 {
 boolean_t cshosting_server(mach_msg_header_t *, mach_msg_header_t *);
 
 static ThreadNexus<CodeSigningHost *> context;
 
 boolean_t CodeSigningHost::handle(mach_msg_header_t *in, mach_msg_header_t *out)
 {

+       CodeSigningHost::Lock _(this);

        context() = this;
        return cshosting_server(in, out);
 }
        context() = this;
        return cshosting_server(in, out);
 }


@@ -481,6 +494,7 @@ kern_return_t cshosting_server_guestStatus(CSH_ARGS, SecGuestRef guestRef, uint3
 
 void CodeSigningHost::dump() const
 {
 
 void CodeSigningHost::dump() const
 {

+       StLock<Mutex> _(mLock);

        switch (mHostingState) {
        case noHosting:
                break;
        switch (mHostingState) {
        case noHosting:
                break;

diff --git a/src/csproxy.h b/src/csproxy.h
index 61dcf82714105f8caa0b8a9f5f0469ae1b540de7..9629cca2a80b5b608b01e5f671de5d0c7f35b2de 100644 (file)
--- a/src/csproxy.h
+++ b/src/csproxy.h
@@ -97,19 +97,27 @@ public:
                const CssmData &cdhash, const CssmData &attributes, SecCSFlags flags);
        void setGuestStatus(SecGuestRef guest, uint32_t status, const CssmData &attributes);
        void removeGuest(SecGuestRef host, SecGuestRef guest);
                const CssmData &cdhash, const CssmData &attributes, SecCSFlags flags);
        void setGuestStatus(SecGuestRef guest, uint32_t status, const CssmData &attributes);
        void removeGuest(SecGuestRef host, SecGuestRef guest);

+
+public:        
+       IFDUMP(void dump() const);

        
        

+public:
+       // internal use only (public for use by MIG handlers)

        Guest *findHost(SecGuestRef hostRef); // find most dedicated guest of this host
        Guest *findGuest(Guest *host, const CssmData &attrData); // by host and attributes
        Guest *findGuest(SecGuestRef guestRef, bool hostOk = false); // by guest reference
        Guest *findGuest(Guest *host);          // any guest of this host
        Guest *findHost(SecGuestRef hostRef); // find most dedicated guest of this host
        Guest *findGuest(Guest *host, const CssmData &attrData); // by host and attributes
        Guest *findGuest(SecGuestRef guestRef, bool hostOk = false); // by guest reference
        Guest *findGuest(Guest *host);          // any guest of this host

-       
-       IFDUMP(void dump() const);
+
+       class Lock;
+       friend class Lock;

        
 private:
        boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out);
        void eraseGuest(Guest *guest);
 
 private:       
        
 private:
        boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out);
        void eraseGuest(Guest *guest);
 
 private:       

+       mutable Mutex mLock;                            // protects everything below
+       

        // host port registry
        HostingState mHostingState;                     // status of hosting support
        Port mHostingPort;                                      // his or ours or NULL
        // host port registry
        HostingState mHostingState;                     // status of hosting support
        Port mHostingPort;                                      // his or ours or NULL

diff --git a/src/main.cpp b/src/main.cpp
index 68cfdbaf385bb53f9f9c4b8b8ad4de3cdd7efa9e..8647e721dd8c636e233d898b093e57a07e01fce3 100644 (file)
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -33,6 +33,7 @@
 #include "session.h"
 #include "notifications.h"
 #include "pcscmonitor.h"
 #include "session.h"
 #include "notifications.h"
 #include "pcscmonitor.h"

+#include "auditevents.h"

 #include "self.h"
 
 #include <security_utilities/daemon.h>
 #include "self.h"
 
 #include <security_utilities/daemon.h>


@@ -111,7 +112,7 @@ int main(int argc, char *argv[])
        extern char *optarg;
        extern int optind;
        int arg;
        extern char *optarg;
        extern int optind;
        int arg;

-       while ((arg = getopt(argc, argv, "a:c:de:E:fimN:s:t:T:uvWX")) != -1) {
+       while ((arg = getopt(argc, argv, "a:c:de:E:imN:s:t:T:uvWX")) != -1) {

                switch (arg) {
                case 'a':
                        authorizationConfig = optarg;
                switch (arg) {
                case 'a':
                        authorizationConfig = optarg;


@@ -127,9 +128,6 @@ int main(int argc, char *argv[])
                        break;
         case 'E':
             entropyFile = optarg;
                        break;
         case 'E':
             entropyFile = optarg;

-            break;
-        case 'f':
-            fprintf(stderr, "%s: the -f option is obsolete\n", argv[0]);

             break;
                case 'i':
                        keychainAclDefault &= ~CSSM_ACL_KEYCHAIN_PROMPT_INVALID;
             break;
                case 'i':
                        keychainAclDefault &= ~CSSM_ACL_KEYCHAIN_PROMPT_INVALID;


@@ -277,8 +275,11 @@ int main(int argc, char *argv[])
        gPCSC = new PCSCMonitor(server, tokenCacheDir, scOptions(smartCardOptions));
     
     // create the RootSession object (if -d, give it graphics and tty attributes)
        gPCSC = new PCSCMonitor(server, tokenCacheDir, scOptions(smartCardOptions));
     
     // create the RootSession object (if -d, give it graphics and tty attributes)

-    RootSession rootSession(server,
-               debugMode ? (sessionHasGraphicAccess | sessionHasTTY) : 0);
+    RootSession rootSession(debugMode ? (sessionHasGraphicAccess | sessionHasTTY) : 0, server);
+       
+       // create a monitor thread to watch for audit session events
+       AuditMonitor audits(gMainServerPort);
+       audits.run();

     
     // install MDS (if needed) and initialize the local CSSM
     server.loadCssm(mdsIsInstalled);
     
     // install MDS (if needed) and initialize the local CSSM
     server.loadCssm(mdsIsInstalled);

diff --git a/src/process.cpp b/src/process.cpp
index 3d46ae43e39a79b64330980a9ad2f96357f971f8..868a082df7d0a42bafd77e1119821b0d81dbbb7b 100644 (file)
--- a/src/process.cpp
+++ b/src/process.cpp
@@ -39,18 +39,16 @@
 //
 // Construct a Process object.
 //
 //
 // Construct a Process object.
 //

-Process::Process(Port servicePort, TaskPort taskPort,
-       const ClientSetupInfo *info, const char *identity, const CommonCriteria::AuditToken &audit)
+Process::Process(TaskPort taskPort,    const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit)

  :  mTaskPort(taskPort), mByteFlipped(false), mPid(audit.pid()), mUid(audit.euid()), mGid(audit.egid())
 {
        // set parent session
  :  mTaskPort(taskPort), mByteFlipped(false), mPid(audit.pid()), mUid(audit.euid()), mGid(audit.egid())
 {
        // set parent session

-       parent(Session::find(servicePort));
+       parent(Session::find(audit.sessionId(), true));

 
     // let's take a look at our wannabe client...
        if (mTaskPort.pid() != mPid) {
 
     // let's take a look at our wannabe client...
        if (mTaskPort.pid() != mPid) {

-               secdebug("SS", "Task/pid setup mismatch pid=%d task=%d(%d) for %s",
-                       mPid, mTaskPort.port(), mTaskPort.pid(),
-                       (identity && identity[0]) ? identity : "(unknown)");
+               secdebug("SS", "Task/pid setup mismatch pid=%d task=%d(%d)",
+                       mPid, mTaskPort.port(), mTaskPort.pid());

                CssmError::throwMe(CSSMERR_CSSM_ADDIN_AUTHENTICATE_FAILED);     // you lied!
        }
 
                CssmError::throwMe(CSSMERR_CSSM_ADDIN_AUTHENTICATE_FAILED);     // you lied!
        }
 


@@ -76,37 +74,23 @@ Process::Process(Port servicePort, TaskPort taskPort,
 // talked to it in the past. This could either be an exec(2), or the client could just
 // have forgotten all about its securityd client state. Or it could be an attack...
 //
 // talked to it in the past. This could either be an exec(2), or the client could just
 // have forgotten all about its securityd client state. Or it could be an attack...
 //

-void Process::reset(Port servicePort, TaskPort taskPort,
-       const ClientSetupInfo *info, const char *identity, const CommonCriteria::AuditToken &audit)
+void Process::reset(TaskPort taskPort, const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit)

 {
 {

-       if (servicePort != session().servicePort() || taskPort != mTaskPort) {
-               secdebug("SS", "Process %p(%d) reset mismatch (sp %d-%d, tp %d-%d) for %s",
-                       this, pid(), servicePort.port(), session().servicePort().port(), taskPort.port(), mTaskPort.port(),
-                       (identity && identity[0]) ? identity : "(unknown)");
-               Session &newSession = Session::find(servicePort);
-               Syslog::alert("Process reset %p(%d) session %d(0x%x:0x%x)->%d(0x%x:0x%x) for %s",
-                       this, pid(),
-                       session().servicePort().port(), &session(), session().attributes(),
-                       newSession.servicePort().port(), &newSession, newSession.attributes(),
-                       (identity && identity[0]) ? identity : "(unknown)");
-               //CssmError::throwMe(CSSM_ERRCODE_VERIFICATION_FAILURE);                // liar
+       if (taskPort != mTaskPort) {
+               secdebug("SS", "Process %p(%d) reset mismatch (tp %d-%d)",
+                       this, pid(), taskPort.port(), mTaskPort.port());
+               //@@@ CssmError::throwMe(CSSM_ERRCODE_VERIFICATION_FAILURE);            // liar

        }
        setup(info);
        }
        setup(info);

-       CFRef<SecCodeRef> oldCode;  // DO NOT MAKE THE ASSIGNMENT HERE.  If you do, you will invoke the copy constructor, not the assignment operator.  For the CFRef
-                                                               // template, they have very different meanings (assignment retains the CFRef, copy does not).
-       oldCode = processCode();        // This is the right place to do the assignment.
+       CFCopyRef<SecCodeRef> oldCode = processCode();

 
        ClientIdentification::setup(this->pid());       // re-constructs processCode()
        if (CFEqual(oldCode, processCode())) {
 
        ClientIdentification::setup(this->pid());       // re-constructs processCode()
        if (CFEqual(oldCode, processCode())) {

-               secdebug("SS", "process %p(%d) unchanged; assuming client-side reset", this, mPid);
+               SECURITYD_CLIENT_RESET_AMNESIA(this);

        } else {
        } else {

-               secdebug("SS", "process %p(%d) changed; assuming exec with full reset", this, mPid);
+               SECURITYD_CLIENT_RESET_FULL(this);

                CodeSigningHost::reset();
        }
                CodeSigningHost::reset();
        }

-       
-       secdebug("SS", "process %p(%d) has reset; now %sfor %s",
-               this, mPid, mByteFlipped ? "FLIP " : "",
-               (identity && identity[0]) ? identity : "(unknown)");

 }
 
 
 }
 
 


@@ -175,6 +159,14 @@ Session& Process::session() const
 }
 
 
 }
 
 

+void Process::checkSession(const audit_token_t &auditToken)
+{
+       AuditToken audit(auditToken);
+       if (audit.sessionId() != this->session().sessionId())
+               this->changeSession(audit.sessionId());
+}
+
+

 LocalDatabase &Process::localStore()
 {
        StLock<Mutex> _(*this);
 LocalDatabase &Process::localStore()
 {
        StLock<Mutex> _(*this);


@@ -194,10 +186,10 @@ Key *Process::makeTemporaryKey(const CssmKey &key, CSSM_KEYATTR_FLAGS moreAttrib
 // Change the session of a process.
 // This is the result of SessionCreate from a known process client.
 //
 // Change the session of a process.
 // This is the result of SessionCreate from a known process client.
 //

-void Process::changeSession(Port servicePort)
+void Process::changeSession(Session::SessionId sessionId)

 {
        // re-parent
 {
        // re-parent

-       parent(Session::find(servicePort));
+       parent(Session::find(sessionId, true));

        SECURITYD_CLIENT_CHANGE_SESSION(this, &this->session());
 }
 
        SECURITYD_CLIENT_CHANGE_SESSION(this, &this->session());
 }
 

diff --git a/src/process.h b/src/process.h
index b7085826db671cddfb6800223d317c70eb4bba49..6ed890dd18c12209f93d5ec15bc0e38be2eae68b 100644 (file)
--- a/src/process.h
+++ b/src/process.h
@@ -29,6 +29,7 @@
 #define _H_PROCESS
 
 #include "structure.h"
 #define _H_PROCESS
 
 #include "structure.h"

+#include "session.h"

 #include <security_agent_client/agentclient.h>
 #include <security_utilities/refcount.h>
 #include <security_utilities/ccaudit.h>
 #include <security_agent_client/agentclient.h>
 #include <security_utilities/refcount.h>
 #include <security_utilities/ccaudit.h>


@@ -71,14 +72,10 @@ class Process : public PerProcess,
                                public ClientIdentification,
                                private VProc::Transaction {
 public:
                                public ClientIdentification,
                                private VProc::Transaction {
 public:

-       Process(Port servicePort, TaskPort tPort,
-               const ClientSetupInfo *info, const char *identity,
-               const CommonCriteria::AuditToken &audit);
+       Process(TaskPort tPort, const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit);

        virtual ~Process();
        
        virtual ~Process();
        

-       void reset(Port servicePort, TaskPort tPort,
-               const ClientSetupInfo *info, const char *identity,
-               const CommonCriteria::AuditToken &audit);
+       void reset(TaskPort tPort, const ClientSetupInfo *info, const CommonCriteria::AuditToken &audit);

     
     uid_t uid() const                  { return mUid; }
     gid_t gid() const                  { return mGid; }
     
     uid_t uid() const                  { return mUid; }
     gid_t gid() const                  { return mGid; }


@@ -93,9 +90,10 @@ public:
        using PerProcess::kill;
        void kill();
        
        using PerProcess::kill;
        void kill();
        

-       void changeSession(Port servicePort);   // very special indeed
+       void changeSession(Session::SessionId sessionId);

     
        Session& session() const;
     
        Session& session() const;

+       void checkSession(const audit_token_t &auditToken);

        
        LocalDatabase &localStore();
        Key *makeTemporaryKey(const CssmKey &key, CSSM_KEYATTR_FLAGS moreAttributes,
        
        LocalDatabase &localStore();
        Key *makeTemporaryKey(const CssmKey &key, CSSM_KEYATTR_FLAGS moreAttributes,

diff --git a/src/securityd.d b/src/securityd.d
index c66571e7c3be3be207edbacea016ba58b90bc843..1a711ce0376cbefaae6b2a52055fe722bb44523f 100644 (file)
--- a/src/securityd.d
+++ b/src/securityd.d
@@ -47,6 +47,8 @@ provider securityd {
        probe client__connection__release(DTHandle id);
        
        probe client__change_session(DTHandle id, DTHandle session);
        probe client__connection__release(DTHandle id);
        
        probe client__change_session(DTHandle id, DTHandle session);

+       probe client__reset__amnesia(DTHandle id);
+       probe client__reset__full(DTHandle id);

        
        probe request__entry(const char *name, DTHandle connection, DTHandle process);
        probe request__return(uint32_t osstatus);
        
        probe request__entry(const char *name, DTHandle connection, DTHandle process);
        probe request__return(uint32_t osstatus);


@@ -54,9 +56,11 @@ provider securityd {
        /*
         * Session management
         */
        /*
         * Session management
         */

-       probe session__create(DTHandle id, uint32_t attributes, DTPort port);
-       probe session__setattr(DTHandle id, uint32_t attributes);
-       probe session__destroy(DTHandle id);
+       probe session__create(DTHandle id, uint32_t sessionId, const void *auditInfo, uint32_t auditInfoLength);
+       probe session__kill(DTHandle id, uint32_t sessionId);
+       probe session__destroy(DTHandle id, uint32_t sessionId);
+       
+       probe session__notify(uint64_t id, uint32_t flags, int uid);

        
        /*
         * Port-related events (internal interest only)
        
        /*
         * Port-related events (internal interest only)

diff --git a/src/securityd.order b/src/securityd.order
index 8c328e26e8b08a486c254561016fb554d88c3edc..38454ed583b73ac90e06b31aaa3455577fcb1d89 100644 (file)
--- a/src/securityd.order
+++ b/src/securityd.order
@@ -1,662 +1,136 @@
-__ZN8Security5MutexC1Ev
-__ZN8Security5MutexC2Ev
-__ZN8Security5MutexC1ENS0_4TypeE
-__ZN8Security5MutexC2ENS0_4TypeE
-__ZN8Security11ModuleNexusI15MutexAttributesEclEv
-__ZN8Security17ModuleNexusCommon6createEPFPvvE
+_self_client_handleSession
+__ZN8Security12MachPlusPlus10MachServer4busyEv

 __ZN8Security5Mutex4lockEv
 __ZN8Security5Mutex4lockEv

-__ZN8Security11ModuleNexusI15MutexAttributesE4makeEv
-__ZN15MutexAttributesC2Ev
+__ZN8Security12MachPlusPlus10MachServer17ensureReadyThreadEv

 __ZN8Security5Mutex6unlockEv
 __ZN8Security5Mutex6unlockEv

-__ZN8Security5MutexD1Ev
-__ZN8Security5MutexD2Ev
-__ZN7PortMapI7SessionEC2Ev
-__ZN8Security15ThreadStoreSlotC2EPFvPvE
-start
-_main
-__ZN8Security6Syslog4openEPKcii
-__ZN9AuthorityC1EPKc
-__ZN13Authorization6EngineC2EPKc
-__ZN13Authorization20AuthorizationDBPlistC1EPKc
-__ZN13Authorization20AuthorizationDBPlistC2EPKc
-__ZN8Security10AclSubject5MakerC2Ei
-__ZN8Security11ModuleNexusISt3mapIiPNS_10AclSubject5MakerESt4lessIiESaISt4pairIKiS4_EEEEclEv
-__ZN8Security11ModuleNexusISt3mapIiPNS_10AclSubject5MakerESt4lessIiESaISt4pairIKiS4_EEEE4makeEv
-__ZNSt3mapIiPN8Security10AclSubject5MakerESt4lessIiESaISt4pairIKiS3_EEEixERS7_
-__ZNSt8_Rb_treeIiSt4pairIKiPN8Security10AclSubject5MakerEESt10_Select1stIS6_ESt4lessIiESaIS6_EE16_M_insert_uniqueESt17_Rb_tree_
-__ZNSt8_Rb_treeIiSt4pairIKiPN8Security10AclSubject5MakerEESt10_Select1stIS6_ESt4lessIiESaIS6_EE16_M_insert_uniqueERKS6_
-__ZNSt8_Rb_treeIiSt4pairIKiPN8Security10AclSubject5MakerEESt10_Select1stIS6_ESt4lessIiESaIS6_EE9_M_insertEPSt18_Rb_tree_node_ba
-__ZNSt8_Rb_treeIiSt4pairIKiPN8Security10AclSubject5MakerEESt10_Select1stIS6_ESt4lessIiESaIS6_EE14_M_create_nodeERKS6_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeISt4pairIKiPN8Security10AclSubject5MakerEEEE8allocateEmPKv
-__ZN14CodeSignaturesC1EPKc
-__ZN14CodeSignaturesC2EPKc
-__ZN8Security12UnixPlusPlus6UnixDbC1Ev
-__ZN8Security12UnixPlusPlus6UnixDb4openEPKcii6DBTYPE
-__ZN8Security12UnixPlusPlus6UnixDb5closeEv
-__ZN8Security12UnixPlusPlus6UnixDb5flushEi
-__ZN8Security12UnixPlusPlus10checkErrorIiEET_S2_
-__ZN6ServerC1ER9AuthorityR14CodeSignaturesPKc
-__ZN6ServerC2ER9AuthorityR14CodeSignaturesPKc
-__ZN8NodeCoreC2Ev
-__ZN8Security12MachPlusPlus10MachServerC2EPKc
-__ZN8Security12MachPlusPlus9BootstrapC2Ev
-__ZN8Security12MachPlusPlus5Error5checkEi
-__ZN8Security12MachPlusPlus11ReceivePortC1EPKcRKNS0_9BootstrapEb
-__ZN8Security12MachPlusPlus11ReceivePortC2EPKcRKNS0_9BootstrapEb
-__ZNK8Security12MachPlusPlus9Bootstrap15checkInOptionalEPKc
-__ZN8Security12MachPlusPlus4Port8allocateEj
-__ZN8Security12MachPlusPlus7PortSetpLERKNS0_4PortE
-__ZN8Security18DevRandomGeneratorC2Eb
-__ZN6Server12SleepWatcherC2Ev
-__ZN8Security12MachPlusPlus16PortPowerWatcherC2Ev
-__ZN8Security12MachPlusPlus14IOPowerWatcherC2Ev
-__ZN7PortMapI10ConnectionEC2Ev
-__ZN7PortMapI7ProcessEC2Ev
-__ZN8Security10CssmClient4CssmC2Ev
-__ZN8Security10CssmClient8CssmImplC1Ev
-__ZN8Security11ModuleNexusINS_10CssmClient8CssmImpl12StandardCssmEEclEv
-__ZN8Security11ModuleNexusINS_10CssmClient8CssmImpl12StandardCssmEE4makeEv
-__ZN8Security10CssmClient8CssmImpl12StandardCssm7setCssmEPS1_
-__ZNK8Security8RefCount3refEv
-__ZN8Security10CssmClient6ModuleC2ERKNS_4GuidERKNS0_4CssmE
-__ZN8Security10CssmClient10ModuleImplC1ERKNS_4GuidERKNS0_4CssmE
-__ZN8Security10CssmClient10ObjectImplC2ERKNS0_6ObjectE
-__ZN8Security10CssmClient3CSPC2ERKNS0_6ModuleE
-__ZN8Security10CssmClient7CSPImplC1ERKNS0_6ModuleE
-__ZN8Security10CssmClient14AttachmentImplC2ERKNS0_6ModuleEj
-__ZN8Security14CommonCriteria10TerminalIdC1Ev
-__ZN8Security14CommonCriteria10TerminalIdC2Ev
-__ZN8Security14CommonCriteria12AuditSession15registerSessionEv
-__ZN8Security12MachPlusPlus10MachServer3addERNS1_7HandlerE
-__ZNSt8_Rb_treeIPN8Security12MachPlusPlus10MachServer7HandlerES4_St9_IdentityIS4_ESt4lessIS4_ESaIS4_EE16_M_insert_uniqueERKS4_
-__ZNSt8_Rb_treeIPN8Security12MachPlusPlus10MachServer7HandlerES4_St9_IdentityIS4_ESt4lessIS4_ESaIS4_EE9_M_insertEPSt18_Rb_tree_
-__ZNSt8_Rb_treeIPN8Security12MachPlusPlus10MachServer7HandlerES4_St9_IdentityIS4_ESt4lessIS4_ESaIS4_EE14_M_create_nodeERKS4_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeIPN8Security12MachPlusPlus10MachServer7HandlerEEE8allocateEmPKv
-__ZN6Server14waitForClientsEb
-__ZN14EntropyManagerC1ERN8Security12MachPlusPlus10MachServerEPKc
-__ZN14EntropyManagerC2ERN8Security12MachPlusPlus10MachServerEPKc
-__ZN8Security4Time3nowEv
-__ZN8Security12UnixPlusPlus8FileDesc4openEPKcit
-__ZN8Security12UnixPlusPlus8FileDesc4readEPvm
-__ZN8Security18DevRandomGenerator10addEntropyEPKvm
-__ZN8Security11ModuleNexusINS_18DevRandomGenerator8WritableEEclEv
-__ZN8Security11ModuleNexusINS_18DevRandomGenerator8WritableEE4makeEv
-__ZN8Security12UnixPlusPlus8FileDesc5writeEPKvm
-__ZN8Security12UnixPlusPlus8FileDesc5closeEv
-__ZN14EntropyManager6actionEv
-__ZN14EntropyManager14collectEntropyEv
-__ZN14EntropyManager17updateEntropyFileEv
-__ZN8Security18DevRandomGenerator6randomEPvm
-__ZN8Security11ModuleNexusINS_18DevRandomGenerator8ReadonlyEEclEv
-__ZN8Security11ModuleNexusINS_18DevRandomGenerator8ReadonlyEE4makeEv
-__ZN8Security12MachPlusPlus10MachServer8setTimerEPNS1_5TimerENS_4Time8IntervalE
-__ZN8Security12MachPlusPlus10MachServer8setTimerEPNS1_5TimerENS_4Time8AbsoluteE
-__ZN8Security13ScheduleQueueINS_4Time8AbsoluteEE8scheduleEPNS3_5EventES2_
-__ZN11PCSCMonitorC1ER6ServerPKcNS_12ServiceLevelE
-__ZN11PCSCMonitorC2ER6ServerPKcNS_12ServiceLevelE
-__ZN8ListenerC2Ejjj
-__ZNSt8_Rb_treeIjSt4pairIKjN8Security10RefPointerI8ListenerEEESt10_Select1stIS6_ESt4lessIjESaIS6_EE9_M_insertEPSt18_Rb_tree_nod
-__ZNSt8_Rb_treeIjSt4pairIKjN8Security10RefPointerI8ListenerEEESt10_Select1stIS6_ESt4lessIjESaIS6_EE14_M_create_nodeERKS6_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeISt4pairIKjN8Security10RefPointerI8ListenerEEEEE8allocateEmPKv
-__ZN8Security10RefPointerI8ListenerE7releaseEv
-__ZNK8Security8RefCount5unrefEv
-__ZN8Security12UnixPlusPlus5ChildC2Ev
-__ZN8Security4PCSC7SessionC1Ev
-__ZN8Security5IOKit24MachPortNotificationPortC1Ev
-__ZN8Security5IOKit24MachPortNotificationPortC2Ev
-__ZN8Security5IOKit16NotificationPortC2Ev
-__ZN8Security5IOKit10MasterPortC2Ev
-__ZN8Security12MachPlusPlus4Port10deallocateEv
-__ZNK8Security5IOKit16NotificationPort4portEv
-__ZN11RootSessionC1ER6Serverj
-__ZN11RootSessionC2ER6Serverj
-__ZN7SessionC2EN8Security12MachPlusPlus9BootstrapENS1_4PortEj
-__ZN8Security13MappingHandleIjE4makeEv
-__ZN8Security11ModuleNexusINS_13MappingHandleIjE5StateEEclEv
-__ZN8Security11ModuleNexusINS_13MappingHandleIjE5StateEE4makeEv
-__ZN8Security13MappingHandleIjE5StateC2Ev
-__ZN9__gnu_cxx9hashtableISt4pairIKjPN8Security13MappingHandleIjEEEjNS_4hashIjEESt10_Select1stIS7_ESt8equal_toIjESaIS6_EEC2EmRKS
-__ZN9__gnu_cxx9hashtableISt4pairIKjPN8Security13MappingHandleIjEEEjNS_4hashIjEESt10_Select1stIS7_ESt8equal_toIjESaIS6_EE21_M_in
-__ZSt11lower_boundIPKmmET_S2_S2_RKT0_
-__ZNSt6vectorIPN9__gnu_cxx15_Hashtable_nodeISt4pairIKjPN8Security13MappingHandleIjEEEEESaISA_EE7reserveEm
-__ZNSt6vectorIPN9__gnu_cxx15_Hashtable_nodeISt4pairIKjPN8Security13MappingHandleIjEEEEESaISA_EE20_M_allocate_and_copyIPSA_EESE_
-__ZN9__gnu_cxx13new_allocatorIPNS_15_Hashtable_nodeISt4pairIKjPN8Security13MappingHandleIjEEEEEE8allocateEmPKv
-__ZSt18uninitialized_copyIPPN9__gnu_cxx15_Hashtable_nodeISt4pairIKjPN8Security13MappingHandleIjEEEEESB_ET0_T_SD_SC_
-__ZNSt6vectorIPN9__gnu_cxx15_Hashtable_nodeISt4pairIKjPN8Security13MappingHandleIjEEEEESaISA_EE14_M_fill_insertENS0_17__normal_
-__ZN8Security13MappingHandleIjE5State11handleInUseEj
-__ZN9__gnu_cxx9hashtableISt4pairIKjPN8Security13MappingHandleIjEEEjNS_4hashIjEESt10_Select1stIS7_ESt8equal_toIjESaIS6_EE4findER
-__ZN9__gnu_cxx9hashtableISt4pairIKjPN8Security13MappingHandleIjEEEjNS_4hashIjEESt10_Select1stIS7_ESt8equal_toIjESaIS6_EE14find_
-__ZN9__gnu_cxx9hashtableISt4pairIKjPN8Security13MappingHandleIjEEEjNS_4hashIjEESt10_Select1stIS7_ESt8equal_toIjESaIS6_EE6resize
-__ZN9__gnu_cxx13new_allocatorINS_15_Hashtable_nodeISt4pairIKjPN8Security13MappingHandleIjEEEEEE8allocateEmPKv
-__ZN13Authorization10CredentialC1Ev
-__ZN13Authorization10CredentialC2Ev
-__ZN13Authorization14CredentialImplC2Ev
-__ZN8Security6Syslog6noticeEPKcz
-__ZN8NodeCore6parentERS_
-__ZN8Security10RefPointerI8NodeCoreE10setPointerEPS1_
-__ZN8Security10RefPointerI8NodeCoreE7releaseEv
-__ZNSt3mapIN8Security12MachPlusPlus4PortENS0_10RefPointerI7SessionEESt4lessIS2_ESaISt4pairIKS2_S5_EEEixERS9_
-__ZNSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI7SessionEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE16
-__ZNSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI7SessionEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE9_
-__ZNSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI7SessionEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE14
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeISt4pairIKN8Security12MachPlusPlus4PortENS3_10RefPointerI7SessionEEEEE8allocateE
-__ZN8Security10RefPointerI7SessionE7releaseEv
-__ZN8Security10RefPointerI7SessionE10setPointerEPS1_
-__ZN6Server8loadCssmEb
-__ZNK8Security10CssmClient6Object4implINS0_8CssmImplEEERT_v
-__ZN8Security11ModuleNexusINS_9MDSClient9DirectoryEEclEv
-__ZN8Security11ModuleNexusINS_9MDSClient9DirectoryEE4makeEv
-__ZN8Security9MDSClient9DirectoryC1Ev
-__ZN8Security9MDSClient9DirectoryC2Ev
-__ZN8Security9Allocator8standardEj
-__ZN8Security11ModuleNexusI17DefaultAllocatorsEclEv
-__ZN8Security11ModuleNexusI17DefaultAllocatorsE4makeEv
-__ZN8Security28CssmAllocatorMemoryFunctionsC1ERNS_9AllocatorE
-__ZN8Security9MDSClient9Directory7installEv
-__ZN8Security28CssmAllocatorMemoryFunctions11relayMallocEmPv
-__ZN16DefaultAllocator6mallocEm
-__ZN8Security28CssmAllocatorMemoryFunctions9relayFreeEPvS1_
-__ZN16DefaultAllocator4freeEPv
-__ZN8Security10CssmClient8CssmImpl8activateEv
-__ZNK8Security10CssmClient6Object4implINS0_7CSPImplEEERT_v
-__ZN8Security10CssmClient14AttachmentImpl8activateEv
-__ZNK8Security10CssmClient6Object4implINS0_10ModuleImplEEERT_v
-__ZN8Security10CssmClient10ModuleImpl8activateEv
-__ZN8Security10RefPointerINS_10CssmClient10ObjectImplEE7releaseEv
-__ZNK8Security10CssmClient10ObjectImpl9allocatorEv
-__ZNK8Security10CssmClient14AttachmentImpl4guidEv
-__ZNK8Security10CssmClient14AttachmentImpl6moduleEv
-__ZN20SharedMemoryListenerC1EPKcj
-__ZN20SharedMemoryListenerC2EPKcj
-__ZN18SharedMemoryServerC2EPKcj
-__ZN6Server3runEv
-__ZN8Security12MachPlusPlus10MachServer3runEmi
-__ZN8Security12MachPlusPlus10MachServer15runServerThreadEb
-__ZN8Security12MachPlusPlus7MessageC1Em
-__ZN8Security12MachPlusPlus7Message9setBufferEm
-__ZN8Security12MachPlusPlus10MachServer9perThreadEv
-__ZN8Security11ModuleNexusINS_11ThreadNexusINS_12MachPlusPlus10MachServer9PerThreadEEEEclEv
-__ZN8Security11ModuleNexusINS_11ThreadNexusINS_12MachPlusPlus10MachServer9PerThreadEEEE4makeEv
-__ZN8Security11ThreadNexusINS_12MachPlusPlus10MachServer9PerThreadEEclEv
-__ZNK8Security15ThreadStoreSlotaSEPv
-__ZN8Security11ModuleNexusINS_5MutexEEclEv
-__ZN8Security11ModuleNexusINS_5MutexEE4makeEv
-__ZN8Security11ModuleNexusISt3setIPvSt4lessIS2_ESaIS2_EEEclEv
-__ZN8Security11ModuleNexusISt3setIPvSt4lessIS2_ESaIS2_EEE4makeEv
-__ZNSt8_Rb_treeIPvS0_St9_IdentityIS0_ESt4lessIS0_ESaIS0_EE16_M_insert_uniqueERKS0_
-__ZNSt8_Rb_treeIPvS0_St9_IdentityIS0_ESt4lessIS0_ESaIS0_EE9_M_insertEPSt18_Rb_tree_node_baseS8_RKS0_
-__ZNSt8_Rb_treeIPvS0_St9_IdentityIS0_ESt4lessIS0_ESaIS0_EE14_M_create_nodeERKS0_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeIPvEE8allocateEmPKv
+__ZThn144_N6Server6handleEP17mach_msg_header_tS1_
+__ZN6Server6handleEP17mach_msg_header_tS1_
+__Z11ucsp_serverP17mach_msg_header_tS0_
+__Z11self_serverP17mach_msg_header_tS0_
+__ZL15_XhandleSessionP17mach_msg_header_tS0_
+__Z25self_server_handleSessionjjjy
+__ZN8Security6StLockINS_12MachPlusPlus10MachServerEXadL_ZNS2_4busyEvEEXadL_ZNS2_4idleEvEEED2Ev

 __ZThn144_N6Server9eventDoneEv
 __ZN6Server9eventDoneEv
 __ZN8Security12MachPlusPlus10MachServer12processTimerEv
 __ZThn144_N6Server9eventDoneEv
 __ZN6Server9eventDoneEv
 __ZN8Security12MachPlusPlus10MachServer12processTimerEv

-__ZN8Security13ScheduleQueueINS_4Time8AbsoluteEE3popES2_
-__ZN8Security13ScheduleQueueINS_4Time8AbsoluteEE5Event10unscheduleEv
-__ZN8Security12MachPlusPlus10MachServer5Timer6selectEv
-__ZN8Security12MachPlusPlus10MachServer4busyEv
-__ZN8Security12MachPlusPlus10MachServer17ensureReadyThreadEv
-__ZN8Security6Thread3runEv
-__ZThn24_N11PCSCMonitor6actionEv
-__ZN11PCSCMonitor6actionEv
-__ZN11PCSCMonitor12initialSetupEv
-__ZN6Server3addEPN8Security12MachPlusPlus12PowerWatcherE
-__ZN6Server12SleepWatcher3addEPN8Security12MachPlusPlus12PowerWatcherE
-__ZN8Security6Thread6runnerEPv
-__ZN8Security12MachPlusPlus10MachServer10LoadThread6actionEv
-__ZNSt8_Rb_treeIPN8Security12MachPlusPlus12PowerWatcherES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE16_M_insert_uniqueERKS3_
-__ZN8Security12MachPlusPlus10MachServer9addThreadEPNS_6ThreadE
-__ZNSt8_Rb_treeIPN8Security12MachPlusPlus12PowerWatcherES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE9_M_insertEPSt18_Rb_tree_node_b
-__ZNSt8_Rb_treeIPN8Security6ThreadES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE16_M_insert_uniqueERKS2_
-__ZNSt8_Rb_treeIPN8Security12MachPlusPlus12PowerWatcherES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE14_M_create_nodeERKS3_
-__ZNSt8_Rb_treeIPN8Security6ThreadES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE9_M_insertEPSt18_Rb_tree_node_baseSA_RKS2_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeIPN8Security12MachPlusPlus12PowerWatcherEEE8allocateEmPKv
-__ZNSt8_Rb_treeIPN8Security6ThreadES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE14_M_create_nodeERKS2_
-__ZN8Security5IOKit11DeviceMatchC1EPKc
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeIPN8Security6ThreadEEE8allocateEmPKv
-__ZN8Security5IOKit11DeviceMatchC2EPKc
+__ZN8Security4Time3nowEv

 __ZN8Security12MachPlusPlus10MachServer26releaseDeferredAllocationsEv
 __ZN8Security12MachPlusPlus10MachServer26releaseDeferredAllocationsEv

+__ZN8Security11ModuleNexusINS_11ThreadNexusINS_12MachPlusPlus10MachServer9PerThreadEEEEclEv
+__ZN8Security11ThreadNexusINS_12MachPlusPlus10MachServer9PerThreadEEclEv
+__ZNSt8_Rb_treeIN8Security12MachPlusPlus10MachServer10AllocationES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE5eraseESt23_Rb_tree_co

 __ZNSt8_Rb_treeIN8Security12MachPlusPlus10MachServer10AllocationES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE8_M_eraseEPSt13_Rb_tre
 __ZNSt8_Rb_treeIN8Security12MachPlusPlus10MachServer10AllocationES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE8_M_eraseEPSt13_Rb_tre

-__ZN8Security5IOKit16NotificationPort3addERKNS0_11DeviceMatchERNS1_8ReceiverEPKc
-__ZThn144_N6Server6handleEP17mach_msg_header_tS1_
-__ZN6Server6handleEP17mach_msg_header_tS1_
-__Z11ucsp_serverP17mach_msg_header_tS0_
-__ZL18_XverifyPrivilegedP17mach_msg_header_tS0_
-__Z28ucsp_server_verifyPrivilegedjj13audit_token_tPi
-__ZN8Security12MachPlusPlus10MachServer4idleEv
+_cdsa_notify_server
+__Xmach_notify_dead_name
+_cdsa_mach_notify_dead_name
+__ZThn144_N6Server14notifyDeadNameEN8Security12MachPlusPlus4PortE
+__ZN6Server14notifyDeadNameEN8Security12MachPlusPlus4PortE
+__ZNSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI10ConnectionEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_
+__ZNK8Security8RefCount3refEv
+__ZN8Security10RefPointerI10ConnectionE7releaseEv
+__ZNK8Security8RefCount5unrefEv
+__ZN10Connection5abortEb
+__ZN8Security12MachPlusPlus5Error5checkEi
+__ZN10ConnectionD0Ev
+__ZNSt8_Rb_treeIjSt4pairIKjN8Security10RefPointerIN8Listener12NotificationEEEESt10_Select1stIS7_ESt4lessIjESaIS7_EED2Ev
+__ZNSt8_Rb_treeIjSt4pairIKjN8Security10RefPointerIN8Listener12NotificationEEEESt10_Select1stIS7_ESt4lessIjESaIS7_EE8_M_eraseEPS
+__ZN8NodeCoreD2Ev
+__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EED2Ev
+__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE8_M_eraseEPSt13_Rb_tree_nodeIS3_E
+__ZN8Security10RefPointerI8NodeCoreE7releaseEv
+__ZN8Security5MutexD2Ev
+__ZL19_XverifyPrivileged2P17mach_msg_header_tS0_
+__Z29ucsp_server_verifyPrivileged2jj13audit_token_tPiPj

 __ZL7_XsetupP17mach_msg_header_tS0_
 __Z17ucsp_server_setupjj13audit_token_tPijN8Security14SecurityServer15ClientSetupInfoEPKc
 __ZL7_XsetupP17mach_msg_header_tS0_
 __Z17ucsp_server_setupjj13audit_token_tPijN8Security14SecurityServer15ClientSetupInfoEPKc

-__ZN6Server15setupConnectionENS_12ConnectLevelEN8Security12MachPlusPlus4PortES3_S3_RK13audit_token_tPKNS1_14SecurityServer15Cli
+__ZN6Server6activeEv
+__ZN6Server15setupConnectionENS_12ConnectLevelEN8Security12MachPlusPlus4PortES3_RK13audit_token_tPKNS1_14SecurityServer15Client
+__ZN8Security14CommonCriteria10AuditTokenC1ERK13audit_token_t
+__ZN8Security14CommonCriteria10AuditTokenC2ERK13audit_token_t
+__ZN8Security14CommonCriteria10TerminalIdC2Ev

 __ZNSt3mapIN8Security12MachPlusPlus4PortENS0_10RefPointerI7ProcessEESt4lessIS2_ESaISt4pairIKS2_S5_EEEixERS9_
 __ZNSt3mapIN8Security12MachPlusPlus4PortENS0_10RefPointerI7ProcessEESt4lessIS2_ESaISt4pairIKS2_S5_EEEixERS9_

-__ZNSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI7ProcessEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE16

 __ZNSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI7ProcessEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE9_
 __ZNSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI7ProcessEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE14
 __ZNSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI7ProcessEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE9_
 __ZNSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI7ProcessEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE14

-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeISt4pairIKN8Security12MachPlusPlus4PortENS3_10RefPointerI7ProcessEEEEE8allocateE
+__ZN9__gnu_cxx13new_allocatorISt4pairIKN8Security12MachPlusPlus4PortENS2_10RefPointerI7ProcessEEEE9constructEPS9_RKS9_

 __ZN8Security10RefPointerI7ProcessE7releaseEv
 __ZN8Security10RefPointerI7ProcessE7releaseEv

-__ZN8Security14CommonCriteria10AuditTokenC1ERK13audit_token_t
-__ZN8Security14CommonCriteria10AuditTokenC2ERK13audit_token_t
-__ZN7ProcessC1EN8Security12MachPlusPlus4PortENS1_8TaskPortEPKNS0_14SecurityServer15ClientSetupInfoEPKcRKNS0_14CommonCriteria10A
-__ZN7ProcessC2EN8Security12MachPlusPlus4PortENS1_8TaskPortEPKNS0_14SecurityServer15ClientSetupInfoEPKcRKNS0_14CommonCriteria10A
+__ZN7ProcessC1EN8Security12MachPlusPlus8TaskPortEPKNS0_14SecurityServer15ClientSetupInfoERKNS0_14CommonCriteria10AuditTokenE
+__ZN7ProcessC2EN8Security12MachPlusPlus8TaskPortEPKNS0_14SecurityServer15ClientSetupInfoERKNS0_14CommonCriteria10AuditTokenE

 __ZN10PerProcessC2Ev
 __ZN10PerProcessC2Ev

+__ZN8Security13MappingHandleIjE4makeEv
+__ZN8Security11ModuleNexusINS_13MappingHandleIjE5StateEEclEv
+__ZN9__gnu_cxx9hashtableISt4pairIKjPN8Security13MappingHandleIjEEEjNS_4hashIjEESt10_Select1stIS7_ESt8equal_toIjESaIS6_EE4findER
+__ZN9__gnu_cxx9hashtableISt4pairIKjPN8Security13MappingHandleIjEEEjNS_4hashIjEESt10_Select1stIS7_ESt8equal_toIjESaIS6_EE14find_
+__ZN9__gnu_cxx9hashtableISt4pairIKjPN8Security13MappingHandleIjEEEjNS_4hashIjEESt10_Select1stIS7_ESt8equal_toIjESaIS6_EE6resize
+__ZN8NodeCoreC2Ev
+__ZN8Security5MutexC2ENS0_4TypeE
+__ZN8Security11ModuleNexusI15MutexAttributesEclEv

 __ZN15CodeSigningHostC2Ev
 __ZN15CodeSigningHostC2Ev

+__ZN8Security5MutexC1ENS0_4TypeE

 __ZN20ClientIdentificationC2Ev
 __ZN14CodeSignatures8IdentityC2Ev
 __ZN20ClientIdentificationC2Ev
 __ZN14CodeSignatures8IdentityC2Ev

-__ZN7Session4findEN8Security12MachPlusPlus4PortE
+__ZN8Security5MutexC1Ev
+__ZN8Security5MutexC2Ev
+__ZN7Session4findEib
+__ZNSt8_Rb_treeIiSt4pairIKiN8Security10RefPointerI7SessionEEESt10_Select1stIS6_ESt4lessIiESaIS6_EE4findERS1_
+__ZN8Security14CommonCriteria9AuditInfo3getEi
+__ZN8Security9UnixError5checkEi
+__ZN14DynamicSessionC2ERKN8Security14CommonCriteria9AuditInfoE
+__ZN7SessionC2ERKN8Security14CommonCriteria9AuditInfoER6Server
+__ZN13Authorization10CredentialC1Ev
+__ZN13Authorization10CredentialC2Ev
+__ZN13Authorization14CredentialImplC2Ev
+__ZN8NodeCore6parentERS_
+__ZN8Security10RefPointerI8NodeCoreE10setPointerEPS1_
+__ZNSt3mapIiN8Security10RefPointerI7SessionEESt4lessIiESaISt4pairIKiS3_EEEixERS7_
+__ZNSt8_Rb_treeIiSt4pairIKiN8Security10RefPointerI7SessionEEESt10_Select1stIS6_ESt4lessIiESaIS6_EE16_M_insert_uniqueESt17_Rb_tr
+__ZNSt8_Rb_treeIiSt4pairIKiN8Security10RefPointerI7SessionEEESt10_Select1stIS6_ESt4lessIiESaIS6_EE9_M_insertEPSt18_Rb_tree_node
+__ZNSt8_Rb_treeIiSt4pairIKiN8Security10RefPointerI7SessionEEESt10_Select1stIS6_ESt4lessIiESaIS6_EE14_M_create_nodeERKS6_
+__ZN9__gnu_cxx13new_allocatorISt4pairIKiN8Security10RefPointerI7SessionEEEE9constructEPS7_RKS7_
+__ZN8Security10RefPointerI7SessionE7releaseEv
+__ZN8Security10RefPointerI7SessionE10setPointerEPS1_
+__ZN8Security6Syslog6noticeEPKcz
+__ZNSt8_Rb_treeIiSt4pairIKiN8Security10RefPointerI7SessionEEESt10_Select1stIS6_ESt4lessIiESaIS6_EE16_M_insert_uniqueERKS6_

 __ZNK8Security12MachPlusPlus8TaskPort3pidEv
 __ZN7Process5setupEPKN8Security14SecurityServer15ClientSetupInfoE
 __ZN20ClientIdentification5setupEi
 __ZNK8Security12MachPlusPlus8TaskPort3pidEv
 __ZN7Process5setupEPKN8Security14SecurityServer15ClientSetupInfoE
 __ZN20ClientIdentification5setupEi

-__ZThn72_N11PCSCMonitor8ioChangeERN8Security5IOKit14DeviceIteratorE
-__ZN11PCSCMonitor8ioChangeERN8Security5IOKit14DeviceIteratorE
-__ZN8Security5IOKit14DeviceIteratorclEv
-__ZN11PCSCMonitor13deviceSupportERKN8Security5IOKit6DeviceE
-__ZNK8Security5IOKit6Device8propertyEPKc
-__ZN8Security8cfNumberIjEET_PK10__CFNumber
-__ZN8Security5IOKit6DeviceD1Ev
-__ZN11PCSCMonitor16isExcludedDeviceERKN8Security5IOKit6DeviceE
-__ZN8Security5IOKit14DeviceIteratorD2Ev
+__ZNSt8_Rb_treeIjSt4pairIKjN20ClientIdentification10GuestStateEESt10_Select1stIS4_ESt4lessIjESaIS4_EE5eraseESt17_Rb_tree_iterat

 __ZNSt8_Rb_treeIjSt4pairIKjN20ClientIdentification10GuestStateEESt10_Select1stIS4_ESt4lessIjESaIS4_EE8_M_eraseEPSt13_Rb_tree_no
 __ZN8Security12UnixPlusPlus5Child4findI11ServerChildEEPT_i
 __ZN8Security12UnixPlusPlus5Child11findGenericEi
 __ZN8Security11ModuleNexusINS_12UnixPlusPlus5Child8ChildrenEEclEv
 __ZNSt8_Rb_treeIjSt4pairIKjN20ClientIdentification10GuestStateEESt10_Select1stIS4_ESt4lessIjESaIS4_EE8_M_eraseEPSt13_Rb_tree_no
 __ZN8Security12UnixPlusPlus5Child4findI11ServerChildEEPT_i
 __ZN8Security12UnixPlusPlus5Child11findGenericEi
 __ZN8Security11ModuleNexusINS_12UnixPlusPlus5Child8ChildrenEEclEv

-__ZN8Security11ModuleNexusINS_12UnixPlusPlus5Child8ChildrenEE4makeEv
-__ZN8Security12UnixPlusPlus5Child8ChildrenC2Ev
+__ZNSt8_Rb_treeIiSt4pairIKiPN8Security12UnixPlusPlus5ChildEESt10_Select1stIS6_ESt4lessIiESaIS6_EE4findERS1_

 __ZN8Security10RefPointerI7ProcessE10setPointerEPS1_
 __ZNK8Security12MachPlusPlus10MachServer12notifyIfDeadENS0_4PortEb
 __ZN8Security12MachPlusPlus4Port13requestNotifyEjij
 __ZNSt3mapIiP7ProcessSt4lessIiESaISt4pairIKiS1_EEEixERS5_
 __ZNSt8_Rb_treeIiSt4pairIKiP7ProcessESt10_Select1stIS4_ESt4lessIiESaIS4_EE16_M_insert_uniqueESt17_Rb_tree_iteratorIS4_ERKS4_
 __ZN8Security10RefPointerI7ProcessE10setPointerEPS1_
 __ZNK8Security12MachPlusPlus10MachServer12notifyIfDeadENS0_4PortEb
 __ZN8Security12MachPlusPlus4Port13requestNotifyEjij
 __ZNSt3mapIiP7ProcessSt4lessIiESaISt4pairIKiS1_EEEixERS5_
 __ZNSt8_Rb_treeIiSt4pairIKiP7ProcessESt10_Select1stIS4_ESt4lessIiESaIS4_EE16_M_insert_uniqueESt17_Rb_tree_iteratorIS4_ERKS4_

-__ZNSt8_Rb_treeIiSt4pairIKiP7ProcessESt10_Select1stIS4_ESt4lessIiESaIS4_EE16_M_insert_uniqueERKS4_

 __ZNSt8_Rb_treeIiSt4pairIKiP7ProcessESt10_Select1stIS4_ESt4lessIiESaIS4_EE9_M_insertEPSt18_Rb_tree_node_baseSC_RKS4_
 __ZNSt8_Rb_treeIiSt4pairIKiP7ProcessESt10_Select1stIS4_ESt4lessIiESaIS4_EE9_M_insertEPSt18_Rb_tree_node_baseSC_RKS4_

-__ZNSt8_Rb_treeIiSt4pairIKiP7ProcessESt10_Select1stIS4_ESt4lessIiESaIS4_EE14_M_create_nodeERKS4_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeISt4pairIKiP7ProcessEEE8allocateEmPKv

 __ZN10ConnectionC1ER7ProcessN8Security12MachPlusPlus4PortE
 __ZN10ConnectionC2ER7ProcessN8Security12MachPlusPlus4PortE
 __ZN10ConnectionC1ER7ProcessN8Security12MachPlusPlus4PortE
 __ZN10ConnectionC2ER7ProcessN8Security12MachPlusPlus4PortE

-__ZN8Security12MachPlusPlus4Port7modRefsEji
-__ZNK7PortMapI10ConnectionE8containsEj
+__ZNKSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI10ConnectionEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8

 __ZNSt3mapIN8Security12MachPlusPlus4PortENS0_10RefPointerI10ConnectionEESt4lessIS2_ESaISt4pairIKS2_S5_EEEixERS9_
 __ZNSt3mapIN8Security12MachPlusPlus4PortENS0_10RefPointerI10ConnectionEESt4lessIS2_ESaISt4pairIKS2_S5_EEEixERS9_

-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeISt4pairIKN8Security12MachPlusPlus4PortENS3_10RefPointerI10ConnectionEEEEE8alloc
-__ZN8Security10RefPointerI10ConnectionE7releaseEv
+__ZN9__gnu_cxx13new_allocatorISt4pairIKN8Security12MachPlusPlus4PortENS2_10RefPointerI10ConnectionEEEE9constructEPS9_RKS9_

 __ZN8Security10RefPointerI10ConnectionE10setPointerEPS1_
 __ZN8Security10RefPointerI10ConnectionE10setPointerEPS1_

-__ZL16_XgetSessionInfoP17mach_msg_header_tS0_
-__Z26ucsp_server_getSessionInfojj13audit_token_tPiPjS1_
+__ZL21_XauthorizationCreateP17mach_msg_header_tS0_
+__Z31ucsp_server_authorizationCreatejj13audit_token_tPiPvjjS1_jPN8Security14SecurityServer17AuthorizationBlobE

 __ZN6Server10connectionEjR13audit_token_t
 __ZNK7PortMapI10ConnectionE3getEji
 __ZN6Server10connectionEjR13audit_token_t
 __ZNK7PortMapI10ConnectionE3getEji

+__ZN7Process12checkSessionERK13audit_token_t

 __ZN8Security11ThreadNexusINS_10RefPointerI10ConnectionEEEclEv
 __ZN10Connection9beginWorkER13audit_token_t
 __ZN8Security11ThreadNexusINS_10RefPointerI10ConnectionEEEclEv
 __ZN10Connection9beginWorkER13audit_token_t

-__ZN7Session4findEj
-__ZN6Server7sessionEv
-__ZN6Server10connectionEb
-__ZN10Connection9checkWorkEv
-__ZNK7Process7sessionEv
-__ZN6Server15requestCompleteERi
-__ZN10Connection7endWorkERi
-__ZN11PCSCMonitor15startSoftTokensEv
-__ZN11PCSCMonitor12clearReadersEN6Reader4TypeE
-__ZN8Security14CodeRepositoryINS_6BundleEEC2ERKSsPKcS6_b
-__ZN8Security8PathListC2ERKSsPKcS4_b
-__ZStplIcSt11char_traitsIcESaIcEESbIT_T0_T1_EPKS3_RKS6_
-__ZNSt6vectorISsSaISsEE9push_backERKSs
-__ZNSt6vectorISsSaISsEE13_M_insert_auxEN9__gnu_cxx17__normal_iteratorIPSsS1_EERKSs
-__ZN9__gnu_cxx13new_allocatorISsE8allocateEmPKv
-__ZSt24__uninitialized_copy_auxIPSsS0_ET0_T_S2_S1_St12__false_type
-__ZN8Security14CodeRepositoryINS_6BundleEE6updateEv
-__ZN8Security9makeCFURLEPKcbPK7__CFURL
-__ZN8Security6BundleC1EP10__CFBundlePKc
-__ZN8Security6BundleC2EP10__CFBundlePKc
-__ZN8Security8cfStringEPK7__CFURLb
-__ZNSt6vectorIN8Security10RefPointerINS0_6BundleEEESaIS3_EE9push_backERKS3_
-__ZNSt6vectorIN8Security10RefPointerINS0_6BundleEEESaIS3_EE13_M_insert_auxEN9__gnu_cxx17__normal_iteratorIPS3_S5_EERKS3_
-__ZN9__gnu_cxx13new_allocatorIN8Security10RefPointerINS1_6BundleEEEE8allocateEmPKv
-__ZSt24__uninitialized_copy_auxIPN8Security10RefPointerINS0_6BundleEEES4_ET0_T_S6_S5_St12__false_type
-__ZN8Security10RefPointerINS_6BundleEE7releaseEv
-__ZNSt6vectorIN8Security10RefPointerINS0_6BundleEEESaIS3_EED2Ev
-__ZNSt12_Vector_baseIN8Security10RefPointerINS0_6BundleEEESaIS3_EED2Ev
-__ZNK8Security6Bundle13infoPlistItemEPKc
-__ZNK8Security6Bundle8cfBundleEv
-__ZN8Security14CodeRepositoryINS_6BundleEED2Ev
-__ZN8Security8PathListD2Ev
-__ZNSt6vectorISsSaISsEED2Ev
-__ZNSt12_Vector_baseISsSaISsEED2Ev
-__ZN8Security6BundleD0Ev
-__ZN8Security12MachPlusPlus10MachServer5Timer8unselectEv
-__ZL10_XdecodeDbP17mach_msg_header_tS0_
-__Z20ucsp_server_decodeDbjj13audit_token_tPiPjPvjS2_jS2_j
-__ZN7CopyOutC2EPvmPFiP9__rpc_xdrzEbP9cssm_data
-_copyout
-_sec_xdrmem_create
-_sec_xdr_sizeof_out
-_sec_xdr_arena_init_size_alloc
-__Z25xdr_DLDbFlatIdentifierRefP9__rpc_xdrPPN8Security11DataWalkers18DLDbFlatIdentifierE
-_sec_xdr_reference
-_sec_xdr_arena_size_allocator
-_sec_mem_alloc
-__Z22xdr_DLDbFlatIdentifierP9__rpc_xdrPN8Security11DataWalkers18DLDbFlatIdentifierE
-_sec_xdr_pointer
-_sec_xdrmem_getlong_aligned
-_xdr_CSSM_SUBSERVICE_UID
-_sec_xdrmem_getbytes
-_xdr_CSSM_VERSION
-_sec_xdr_charp
-_sec_xdr_bytes
-_sec_xdr_arena_init
-__ZN8Security14DLDbIdentifierC2ERK19cssm_subservice_uidPKcPK16cssm_net_address
-__ZN8Security14DLDbIdentifier4ImplC2ERK19cssm_subservice_uidPKcPK16cssm_net_address
-__ZN8Security6DbNameC1EPKcPK16cssm_net_address
-__ZN8Security6DbNameC2EPKcPK16cssm_net_address
-__Z8makeBlobIN8Security14SecurityServer6DbBlobEEPKT_RKNS0_8CssmDataEi
-__ZN16KeychainDatabaseC1ERKN8Security14DLDbIdentifierEPKNS0_14SecurityServer6DbBlobER7ProcessPKNS0_17AccessCredentialsE
-__ZN17SecurityServerAclC2Ev
-__ZN8Security9ObjectAclC2ERNS_9AllocatorE
-__ZN13LocalDatabaseC2ER7Process
-__ZN8DatabaseC2ER7Process
-__ZN8NodeCore8referentERS_
-__ZN16KeychainDatabase12validateBlobEPKN8Security14SecurityServer6DbBlobE
-__ZNK8Security14SecurityServer10CommonBlob8validateEi
-__ZN8Security11DataWalkers4copyINS_17AccessCredentialsEEEPT_PKS3_RNS_9AllocatorE
-__ZNK8Security14SecurityServer6DbBlob4copyERNS_9AllocatorE
-__ZN8Security9Allocator6mallocINS_14SecurityServer6DbBlobEEEPT_m
-__ZNK8Database7processEv
-__ZN8NodeCore9findFirstI16KeychainDbCommonRK12DbIdentifierEEN8Security10RefPointerIT_EEMS7_KFT0_vES9_
-__ZN8Security10RefPointerI16KeychainDbCommonE7releaseEv
-__ZN16KeychainDbCommonC2ER7SessionRK12DbIdentifier
-__ZN13LocalDbCommonC2ER7Session
-__ZN8DbCommonC2ER7Session
-__ZN18DatabaseCryptoCoreC2Ev
-__ZN8NodeCore9findFirstI16KeychainDbGlobalRK12DbIdentifierEEN8Security10RefPointerIT_EEMS7_KFT0_vES9_
-__ZN8Security10RefPointerI16KeychainDbGlobalE7releaseEv
-__ZN16KeychainDbGlobalC2ERK12DbIdentifier
-__ZNK8DbCommon7sessionEv
-__ZN8NodeCore12addReferenceERS_
-__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE16_M_insert_uniqueERKS3_
-__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE9_M_insertEPSt18_Rb_tree_node_baseSB_
-__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE14_M_create_nodeERKS3_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeIN8Security10RefPointerI8NodeCoreEEEE8allocateEmPKv
-__ZN8Security10RefPointerINS_14DLDbIdentifier4ImplEE7releaseEv
-__ZN7CopyOutD1Ev
-__ZN7CopyOutD2Ev
-__ZL16_XauthenticateDbP17mach_msg_header_tS0_
-__Z26ucsp_server_authenticateDbjj13audit_token_tPijjPvj
-_xdr_CSSM_ACCESS_CREDENTIALS_PTR
-_xdr_CSSM_ACCESS_CREDENTIALS
-_xdr_CSSM_BASE_CERTS
-_xdr_CSSM_CERTGROUP
-_sec_xdr_array
-_xdr_CSSM_SAMPLE
-_xdr_CSSM_LIST
-_xdr_CSSM_LIST_ELEMENT
-__ZN6Server8databaseEj
-__ZN6Server4findI8DatabaseEEN8Security10RefPointerIT_EEji
-__ZN8Security13MappingHandleIjE7findRefI8DatabaseEENS_10RefPointerIT_EEji
-__ZN8Security13MappingHandleIjE5State6locateEji
-__ZN16KeychainDatabase12authenticateEjPKN8Security17AccessCredentialsE
-__ZN8Security11DataWalkers4sizeIPNS_17AccessCredentialsEEEmT_
-__ZN8Security11DataWalkers14enumerateArrayINS0_10SizeWalkerENS_11SampleGroupENS_10CssmSampleEEEvRT_RT0_MS7_FRPT1_vE
-__ZN8Security11SampleGroup7samplesEv
-__ZN8Security11DataWalkers4walkINS0_10SizeWalkerEEEPNS_11ListElementERT_RS4_
-__ZN8Security11DataWalkers4copyINS_17AccessCredentialsEEEPT_PKS3_RNS_9AllocatorEm
-__ZN8Security11DataWalkers4walkINS0_10CopyWalkerEEEPNS_17AccessCredentialsERT_RS4_
-__ZN8Security11DataWalkers14enumerateArrayINS0_10CopyWalkerENS_11SampleGroupENS_10CssmSampleEEEvRT_RT0_MS7_FRPT1_vE
-__ZN8Security11DataWalkers4walkINS0_10CopyWalkerEEEvRT_RNS_10CssmSampleE
-__ZN8Security11DataWalkers9enumerateINS0_10CopyWalkerEEEvRT_RNS_8CssmListE
-__ZN8Security11DataWalkers4walkINS0_10CopyWalkerEEEPNS_11ListElementERT_RS4_
-__ZN8Security11ListElement4lastEv
-__ZN8Security10RefPointerI8DatabaseE7releaseEv
-__ZL11_XdecodeKeyP17mach_msg_header_tS0_
-__Z21ucsp_server_decodeKeyjj13audit_token_tPiPjPPvS1_jS2_j
-__ZN6Server8keychainEj
-__ZN6Server4findI16KeychainDatabaseEEN8Security10RefPointerIT_EEji
-__ZN8Security13MappingHandleIjE7findRefI16KeychainDatabaseEENS_10RefPointerIT_EEji
-__Z8makeBlobIN8Security14SecurityServer7KeyBlobEEPKT_RKNS0_8CssmDataEi
-__ZN11KeychainKeyC1ER8DatabasePKN8Security14SecurityServer7KeyBlobE
-__ZN11KeychainKeyC2ER8DatabasePKN8Security14SecurityServer7KeyBlobE
-__ZN8LocalKeyC2ER8Databasej
-__ZN3KeyC2ER8Database
-__ZN8Database10SubsidiaryC2ERS_
-__ZNK8Security14SecurityServer7KeyBlob4copyERNS_9AllocatorE
-__ZN8Security9Allocator6mallocINS_14SecurityServer7KeyBlobEEEPT_m
-__ZN8Security10RefPointerI16KeychainDatabaseE7releaseEv
-__ZN8LocalKey9returnKeyERjRN8Security7CssmKey6HeaderE
-__ZN11KeychainKey9getHeaderERN8Security7CssmKey6HeaderE
-__ZN8Security4n2hiERNS_7CssmKey6HeaderE
-_copyin
-_sec_xdr_sizeof_in
-_xdr_CSSM_KEYHEADER
-_sec_x_putlong
-_sec_x_putbytes
-_sec_xdrmem_putlong_aligned
-_sec_xdrmem_putbytes
-__ZN6Server15releaseWhenDoneEPv
-__ZN6Server15releaseWhenDoneERN8Security9AllocatorEPv
-__ZN8Security12MachPlusPlus10MachServer15releaseWhenDoneERNS_9AllocatorEPv
-__ZNSt8_Rb_treeIN8Security12MachPlusPlus10MachServer10AllocationES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE16_M_insert_uniqueERKS
-__ZNSt8_Rb_treeIN8Security12MachPlusPlus10MachServer10AllocationES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE9_M_insertEPSt18_Rb_tr
-__ZNSt8_Rb_treeIN8Security12MachPlusPlus10MachServer10AllocationES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE14_M_create_nodeERKS3_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeIN8Security12MachPlusPlus10MachServer10AllocationEEE8allocateEmPKv
-__ZN8Security10RefPointerI3KeyE7releaseEv
-__ZL9_XdecryptP17mach_msg_header_tS0_
-__Z19ucsp_server_decryptjj13audit_token_tPiPvjjS1_jPS1_Pj
-_xdr_CSSM_CONTEXT_PTR
-_xdr_CSSM_CONTEXT
-_xdr_CSSM_CONTEXT_ATTRIBUTE
-_xdr_CSSM_KEY
-_xdr_CSSM_DATA
-__ZN6Server3keyEj
-__ZN8Security13MappingHandleIjE7findRefI3KeyEENS_10RefPointerIT_EEji
-__ZN13LocalDatabase7decryptERKN8Security7ContextER3KeyRKNS0_8CssmDataERS6_
-__ZN8LocalKey7cssmKeyEv
-__ZN8LocalKey8keyValueEv
-__ZN11KeychainKey6getKeyEv
-__ZN11KeychainKey6decodeEv
-__ZN16KeychainDatabase9decodeKeyEPN8Security14SecurityServer7KeyBlobERNS0_7CssmKeyERPvS7_
-__ZN8Security14SecurityServer7KeyBlob11isClearTextEv
-__ZN16KeychainDatabase8unlockDbEv
-__ZN16KeychainDatabase12makeUnlockedEPKN8Security17AccessCredentialsE
-__ZN16KeychainDatabase8isLockedEv
-__ZN16KeychainDatabase19establishOldSecretsEPKN8Security17AccessCredentialsE
-__ZNK16KeychainDbCommon15belongsToSystemEv
-__ZN17SystemKeychainKeyC1EPKc
-__ZN17SystemKeychainKeyC2EPKc
-__ZN17SystemKeychainKey7matchesERKN8Security14SecurityServer6DbBlob9SignatureE
-__ZN17SystemKeychainKey6updateEv
-__ZNK8Security14SecurityServer10CommonBlob7isValidEv
-__ZN8Security4Time8AbsoluteC1ERK8timespec
-__ZN8Security10CssmClient3KeyC2ERKNS0_3CSPERK8cssm_keyb
-__ZN8Security10CssmClient7KeyImplC1ERKNS0_3CSPERK8cssm_keyb
-__ZN8Security7CssmKeyC2ERK8cssm_key
-__ZN8Security12CssmAutoDataC2INS_8CssmDataEEERNS_9AllocatorERKT_
-__ZN8Security13CssmOwnedData4copyIvEEvPKT_m
-__ZN8Security12CssmAutoData5resetEv
-__ZN8Security7destroyEPvRNS_9AllocatorE
-__ZN8Security12CssmAutoData7releaseEv
-__ZN8Security12CssmAutoDataD2Ev
-__ZN8Security13CssmOwnedDataD2Ev
-__ZN8Security15CssmManagedDataD2Ev
-__ZN18DatabaseCryptoCore5setupEPKN8Security14SecurityServer6DbBlobENS0_10CssmClient3KeyE
-__ZNK8Security10CssmClient6Object4implINS0_7KeyImplEEERT_v
-__ZN8Security10RefPointerINS_10CssmClient10ObjectImplEE10setPointerEPS2_
-__ZN16KeychainDatabase6decodeEv
-__ZN16KeychainDbCommon8unlockDbEPN8Security14SecurityServer6DbBlobEPPv
-__ZN18DatabaseCryptoCore10decodeCoreEPKN8Security14SecurityServer6DbBlobEPPv
-__ZN8Security10CssmClient7DecryptC1ERKNS0_3CSPEj
-__ZN8Security10CssmClient5CryptC2ERKNS0_3CSPEj
-__ZN8Security10CssmClient7ContextC2ERKNS0_3CSPEj
-__ZN8Security10CssmClient7Context3setEjj
-__ZN8Security10CssmClient5Crypt3keyERKNS0_3KeyE
-__ZN8Security10CssmClient7Context3setINS_7CssmKeyEEEvjRKT_
-__ZN8Security10CssmClient7Context3setINS_8CssmDataEEEvjRKT_
-__ZN8Security10CssmClient7Decrypt7decryptEPKNS_8CssmDataEjPS2_jRS2_
-__ZN8Security10CssmClient7Context8unstagedEv
-__ZN8Security10CssmClient5Crypt8activateEv
-__ZN8Security10CssmClient10ObjectImpl5checkEi
-__ZN18DatabaseCryptoCore10makeRawKeyEPvmjj
-__ZN8Security10CssmClient9UnwrapKeyC1ERKNS0_3CSPEj
-__ZN8Security10CssmClient9RccBearerC2Ev
-__ZN8Security10CssmClient9UnwrapKeyclERKNS_7CssmKeyERKNS0_7KeySpecERS2_PNS_8CssmDataEPS3_
-__ZNK8Security10CssmClient9RccBearer12compositeRccEv
-__ZN8Security10CssmClient9UnwrapKeyD1Ev
-__ZN8Security10CssmClient5CryptD2Ev
-__ZN8Security10CssmClient7ContextD2Ev
-__ZN8Security10CssmClient7Context10deactivateEv
-__ZN8Security10CssmClient10ObjectImplD2Ev
-__ZN8Security10CssmClient9VerifyMacC1ERKNS0_3CSPEj
-__ZN8Security10CssmClient10MacContextC2ERKNS0_3CSPEj
-__ZN8Security10CssmClient10MacContext3keyERKNS0_3KeyE
-__ZN8Security10CssmClient7Context3setINS0_3KeyEEEvjRKT_
-__ZN8Security10CssmClient9VerifyMac6verifyEPKNS_8CssmDataEjRS3_
-__ZN8Security10CssmClient10MacContext8activateEv
-__ZN8Security10CssmClient9VerifyMacD1Ev
-__ZN8Security10CssmClient10MacContextD2Ev
-__ZN8Security10CssmClient7DecryptD1Ev
-__ZN16KeychainDbCommon11setUnlockedEv
-__ZN16KeychainDbCommon8activityEv
-__ZN8DbCommon6notifyEjRKN8Security14DLDbIdentifierE
-__ZN8Security19NameValueDictionaryC1Ev
-__ZN8Security19NameValueDictionary41MakeNameValueDictionaryFromDLDbIdentifierERKNS_14DLDbIdentifierERS0_
-__ZN8Security13NameValuePair9CloneDataERKNS_8CssmDataE
-__ZNSt6vectorIPN8Security13NameValuePairESaIS2_EE9push_backERKS2_
-__ZNSt6vectorIPN8Security13NameValuePairESaIS2_EE13_M_insert_auxEN9__gnu_cxx17__normal_iteratorIPS2_S4_EERKS2_
-__ZN9__gnu_cxx13new_allocatorIPN8Security13NameValuePairEE8allocateEmPKv
-__ZN8Security19NameValueDictionary6ExportERNS_8CssmDataE
-__ZNK8Security13NameValuePair6ExportERNS_8CssmDataE
-__ZN8Listener6notifyEjjRKN8Security8CssmDataE
-__ZN8Listener12NotificationC2EjjjRKN8Security8CssmDataE
-__ZN8Listener16sendNotificationEPNS_12NotificationE
-__ZN20SharedMemoryListener8notifyMeEPN8Listener12NotificationE
-__ZNK8Security13CssmOwnedData3getEv
-__ZN18SharedMemoryServer12WriteMessageEjjPKvj
-_CalculateCRC
-__ZN18SharedMemoryServer11WriteOffsetEj
-__ZN18SharedMemoryServer9WriteDataEPKvj
-__ZN8Security10RefPointerIN8Listener12NotificationEE7releaseEv
-__ZN8Listener12NotificationD0Ev
-__ZN8Security19NameValueDictionaryD1Ev
-__ZN8Security19NameValueDictionaryD2Ev
-__ZNSt6vectorIPN8Security13NameValuePairESaIS2_EE5eraseEN9__gnu_cxx17__normal_iteratorIPS2_S4_EE
-__ZNSt6vectorIPN8Security13NameValuePairESaIS2_EED2Ev
-__ZNSt12_Vector_baseIPN8Security13NameValuePairESaIS2_EED2Ev
-__ZN16KeychainDatabase3aclEv
-__ZN8Security9ObjectAcl10importBlobEPKvS2_
-__ZN8Security9ObjectAcl5Entry10importBlobERNS_23LowLevelMemoryUtilities6ReaderES4_
-__ZN8Security9ObjectAcl13importSubjectERNS_23LowLevelMemoryUtilities6ReaderES3_
-__ZN8Security9ObjectAcl4makeEjRNS_23LowLevelMemoryUtilities6ReaderES3_
-__ZN8Security9ObjectAcl8makerForEi
-__ZNK8Security13AnyAclSubject5Maker4makeEhRNS_23LowLevelMemoryUtilities6ReaderES4_
-__ZN8Security10AclSubjectC2Ejh
-__ZN8Security10RefPointerINS_10AclSubjectEE10setPointerEPS1_
-__ZN8Security10RefPointerINS_10AclSubjectEE7releaseEv
-__ZNSt8_Rb_treeISsSt4pairIKSsN8Security9ObjectAcl8AclEntryEESt10_Select1stIS5_ESt4lessISsESaIS5_EE8_M_eraseEPSt13_Rb_tree_nodeI
-__ZN8Security9ObjectAcl8AclEntryC2Ev
-__ZN8Security9ObjectAcl8AclEntry10importBlobERNS_23LowLevelMemoryUtilities6ReaderES4_
-__ZN8Security23LowLevelMemoryUtilities6ReaderclERPKc
-__ZNSt8_Rb_treeIiiSt9_IdentityIiESt4lessIiESaIiEE5eraseESt23_Rb_tree_const_iteratorIiES7_
-__ZNSt8_Rb_treeIiiSt9_IdentityIiESt4lessIiESaIiEE8_M_eraseEPSt13_Rb_tree_nodeIiE
-__ZN8Security9ObjectAcl3addERKSsRKNS0_8AclEntryE
-__ZN8Security9ObjectAcl8AclEntryC2ERKS1_
-__ZNSt8_Rb_treeIiiSt9_IdentityIiESt4lessIiESaIiEEC2ERKS5_
-__ZN8Security9ObjectAcl3addERKSsNS0_8AclEntryEl
-__ZNSt4pairISsN8Security9ObjectAcl8AclEntryEEC2ERKSsRKS2_
-__ZNSt4pairIKSsN8Security9ObjectAcl8AclEntryEEC2ISsS3_EERKS_IT_T0_E
-__ZNSt8_Rb_treeISsSt4pairIKSsN8Security9ObjectAcl8AclEntryEESt10_Select1stIS5_ESt4lessISsESaIS5_EE15_M_insert_equalERKS5_
-__ZNSt8_Rb_treeISsSt4pairIKSsN8Security9ObjectAcl8AclEntryEESt10_Select1stIS5_ESt4lessISsESaIS5_EE9_M_insertEPSt18_Rb_tree_node
-__ZNSt8_Rb_treeISsSt4pairIKSsN8Security9ObjectAcl8AclEntryEESt10_Select1stIS5_ESt4lessISsESaIS5_EE14_M_create_nodeERKS5_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeISt4pairIKSsN8Security9ObjectAcl8AclEntryEEEE8allocateEmPKv
-__ZNSt4pairIKSsN8Security9ObjectAcl8AclEntryEEC2ERKS4_
-__ZNSt4pairIKSsN8Security9ObjectAcl8AclEntryEED2Ev
-__ZN8Security9ObjectAcl8AclEntryD2Ev
-__ZN8Security9ObjectAcl5EntryD2Ev
-__ZNSt4pairISsN8Security9ObjectAcl8AclEntryEED2Ev
-__ZN17SystemKeychainKeyD1Ev
-__ZNK18DatabaseCryptoCore13decodeKeyCoreEPN8Security14SecurityServer7KeyBlobERNS0_7CssmKeyERPvS7_
-__ZN8Security4h2niERNS_7CssmKey6HeaderE
-__ZN8Security10CssmClient7Context3addEjj
-__ZN8Security10CssmClient9UnwrapKeyclERKNS_7CssmKeyERKNS0_7KeySpecERS2_PNS_8CssmDataE
-__ZN11KeychainKey3aclEv
-__ZNK8Security17ProcessAclSubject5Maker4makeEhRNS_23LowLevelMemoryUtilities6ReaderES4_
-__ZNK8Security7Context7replaceINS_7CssmKeyEEEvjRKT_
-__ZN8Security7Context4findEjPK22cssm_context_attributej
-__ZN9AclSource8validateEiRKN8Security7ContextE
-__ZThn160_N11KeychainKey15relatedDatabaseEv
-__ZN11KeychainKey15relatedDatabaseEv
-__ZThn160_N11KeychainKey3aclEv
-__ZN17SecurityServerAcl8validateEiRKN8Security7ContextEP8Database
-__ZThn232_N11KeychainKey8validateEiPKN8Security17AccessCredentialsEP8Database
-__ZN11KeychainKey8validateEiPKN8Security17AccessCredentialsEP8Database
-__ZN17SecurityServerAcl8validateEiPKN8Security17AccessCredentialsEP8Database
-__ZN25SecurityServerEnvironmentC1ER17SecurityServerAclP8Database
-__ZN6Server7processEv
-__ZN8Security9ObjectAcl8validateEiPKNS_17AccessCredentialsEPNS_24AclValidationEnvironmentE
-__ZN8Security9ObjectAcl9validatesEiPKNS_17AccessCredentialsEPNS_24AclValidationEnvironmentE
-__ZN8Security9ObjectAcl9validatesERNS_20AclValidationContextE
-__ZThn232_N11KeychainKey14instantiateAclEv
-__ZN11KeychainKey14instantiateAclEv
-__ZNK8Security20AclValidationContext9s_credTagEv
-__ZNK8Security20AclValidationContext7credTagEv
-__ZNK8Security9ObjectAcl8getRangeERKSsRSt4pairISt23_Rb_tree_const_iteratorIS3_IS1_NS0_8AclEntryEEES7_E
-__ZNK8Security9ObjectAcl8AclEntry10authorizesEi
-__ZN8Security20AclValidationContext4initEPNS_9ObjectAclEPNS_10AclSubjectE
-__ZN8Security20AclValidationContext8entryTagERKSs
-__ZNK8Security17ProcessAclSubject8validateERKNS_20AclValidationContextE
-__ZNK25SecurityServerEnvironment6getuidEv
-__ZN21BaseValidationContextD2Ev
-__ZN8Security20AclValidationContextD2Ev
-__ZN25SecurityServerEnvironmentD1Ev
-__ZN8Security20PreAuthorizationAcls11EnvironmentD2Ev
-__ZN8Security18PromptedAclSubject11EnvironmentD2Ev
-__ZN8Security16SecretAclSubject11EnvironmentD2Ev
-__ZN8Security23CodeSignatureAclSubject11EnvironmentD2Ev
-__ZN8Security17ProcessAclSubject11EnvironmentD2Ev
-__ZN8Security24AclValidationEnvironmentD2Ev
-__ZNK16KeychainDatabase8activityEv
-__ZNK16KeychainDatabase6commonEv
-__ZN8Security10CssmClient7Context8overrideERKNS_7ContextE
-__ZL12_XreleaseKeyP17mach_msg_header_tS0_
-__Z22ucsp_server_releaseKeyjj13audit_token_tPij
-__ZN8Database10releaseKeyER3Key
-__ZN8NodeCore4killERS_
-__ZN8NodeCore4killEv
-__ZN8NodeCore15clearReferencesEv
-__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE8_M_eraseEPSt13_Rb_tree_nodeIS3_E
-__ZN8NodeCore15removeReferenceERS_
-__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE5eraseERKS3_
-__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE11equal_rangeERKS3_
-__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE5eraseESt17_Rb_tree_iteratorIS3_ESB_
-__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE15_M_destroy_nodeEPSt13_Rb_tree_nodeI
-__ZN11KeychainKeyD0Ev
-__ZN17SecurityServerAclD2Ev
-__ZN8Security9ObjectAclD2Ev
-__ZN8Security9ObjectAcl10OwnerEntryD2Ev
-__ZN8Security17ProcessAclSubjectD0Ev
-__ZN8Security10AclSubjectD2Ev
-__ZNSt8_Rb_treeISsSt4pairIKSsN8Security9ObjectAcl8AclEntryEESt10_Select1stIS5_ESt4lessISsESaIS5_EE15_M_destroy_nodeEPSt13_Rb_tr
-__ZN8LocalKeyD2Ev
-__ZN8Security10CssmClient7KeyImplD0Ev
-__ZN8Security10CssmClient7KeyImpl10deactivateEv
-__ZN8Security10CssmClient9AclBearerD2Ev
-__ZN3KeyD2Ev
-__ZN9AclSourceD2Ev
-__ZN8Database10SubsidiaryD2Ev
-__ZN10PerProcessD2Ev
-__ZN4NodeI10PerProcess10PerSessionED2Ev
-__ZN8NodeCoreD2Ev
-__ZN8Security13MappingHandleIjED2Ev
-__ZN9__gnu_cxx9hashtableISt4pairIKjPN8Security13MappingHandleIjEEEjNS_4hashIjEESt10_Select1stIS7_ESt8equal_toIjESaIS6_EE5eraseE
-__ZL18_XpostNotificationP17mach_msg_header_tS0_
-__Z28ucsp_server_postNotificationjj13audit_token_tPijjPvjj
-__ZN8Listener6notifyEjjjRKN8Security8CssmDataE
-__ZN8Listener12JitterBuffer10inSequenceEPNS_12NotificationE
-__ZN8Listener12JitterBuffer15popNotificationEv
-__ZThn88_N20SharedMemoryListener6actionEv
-__ZN20SharedMemoryListener6actionEv
-__ZL21_XauthorizationCreateP17mach_msg_header_tS0_
-__Z31ucsp_server_authorizationCreatejj13audit_token_tPiPvjjS1_jPN8Security14SecurityServer17AuthorizationBlobE

 __ZN13Authorization11AuthItemSetC1EPK20AuthorizationItemSet
 __ZN13Authorization11AuthItemSetC2EPK20AuthorizationItemSet
 __ZN13Authorization11AuthItemSetC1EPK20AuthorizationItemSet
 __ZN13Authorization11AuthItemSetC2EPK20AuthorizationItemSet

+__ZNK7Process7sessionEv

 __ZN7Session10authCreateERKN13Authorization11AuthItemSetES3_jRN8Security14SecurityServer17AuthorizationBlobERK13audit_token_t
 __ZN18AuthorizationTokenC1ER7SessionRKSt3setIN13Authorization10CredentialESt4lessIS4_ESaIS4_EERK13audit_token_tb
 __ZN18AuthorizationTokenC2ER7SessionRKSt3setIN13Authorization10CredentialESt4lessIS4_ESaIS4_EERK13audit_token_tb
 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EEC2ERKS7_
 __ZN7Session10authCreateERKN13Authorization11AuthItemSetES3_jRN8Security14SecurityServer17AuthorizationBlobERK13audit_token_t
 __ZN18AuthorizationTokenC1ER7SessionRKSt3setIN13Authorization10CredentialESt4lessIS4_ESaIS4_EERK13audit_token_tb
 __ZN18AuthorizationTokenC2ER7SessionRKSt3setIN13Authorization10CredentialESt4lessIS4_ESaIS4_EERK13audit_token_tb
 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EEC2ERKS7_

+__ZN6Server7processEv
+__ZN6Server10connectionEb
+__ZN10Connection9checkWorkEv

 __ZN13Authorization11AuthItemSetC1Ev
 __ZNK20ClientIdentification12currentGuestEv
 __ZNK20ClientIdentification7currentEv
 __ZN13Authorization11AuthItemSetC1Ev
 __ZNK20ClientIdentification12currentGuestEv
 __ZNK20ClientIdentification7currentEv

+__ZNSt8_Rb_treeIjSt4pairIKjN20ClientIdentification10GuestStateEESt10_Select1stIS4_ESt4lessIjESaIS4_EE4findERS1_

 __ZN8Security12MachPlusPlus10MachServer16longTermActivityEv
 __ZN8Security5CFRefIP9__SecCodeEaSERKS3_
 __ZNSt3mapIjN20ClientIdentification10GuestStateESt4lessIjESaISt4pairIKjS1_EEEixERS5_
 __ZN8Security12MachPlusPlus10MachServer16longTermActivityEv
 __ZN8Security5CFRefIP9__SecCodeEaSERKS3_
 __ZNSt3mapIjN20ClientIdentification10GuestStateESt4lessIjESaISt4pairIKjS1_EEEixERS5_


@@ -664,300 +138,185 @@ __ZNSt8_Rb_treeIjSt4pairIKjN20ClientIdentification10GuestStateEESt10_Select1stIS
 __ZNSt8_Rb_treeIjSt4pairIKjN20ClientIdentification10GuestStateEESt10_Select1stIS4_ESt4lessIjESaIS4_EE16_M_insert_uniqueERKS4_
 __ZNSt8_Rb_treeIjSt4pairIKjN20ClientIdentification10GuestStateEESt10_Select1stIS4_ESt4lessIjESaIS4_EE9_M_insertEPSt18_Rb_tree_n
 __ZNSt8_Rb_treeIjSt4pairIKjN20ClientIdentification10GuestStateEESt10_Select1stIS4_ESt4lessIjESaIS4_EE14_M_create_nodeERKS4_
 __ZNSt8_Rb_treeIjSt4pairIKjN20ClientIdentification10GuestStateEESt10_Select1stIS4_ESt4lessIjESaIS4_EE16_M_insert_uniqueERKS4_
 __ZNSt8_Rb_treeIjSt4pairIKjN20ClientIdentification10GuestStateEESt10_Select1stIS4_ESt4lessIjESaIS4_EE9_M_insertEPSt18_Rb_tree_n
 __ZNSt8_Rb_treeIjSt4pairIKjN20ClientIdentification10GuestStateEESt10_Select1stIS4_ESt4lessIjESaIS4_EE14_M_create_nodeERKS4_

-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeISt4pairIKjN20ClientIdentification10GuestStateEEEE8allocateEmPKv
-__ZNSt3mapIN8Security14SecurityServer17AuthorizationBlobENS0_10RefPointerI18AuthorizationTokenEESt4lessIS2_ESaISt4pairIKS2_S5_E
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeISt4pairIKN8Security14SecurityServer17AuthorizationBlobENS3_10RefPointerI18Autho
-__ZN8Security10RefPointerI18AuthorizationTokenE7releaseEv
-__ZN8Security10RefPointerI18AuthorizationTokenE10setPointerEPS1_
-__ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EEaSERKS7_
-__ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE8_M_eraseEPSt13_Rb_tree_nodeIS1_E
-__ZN13Authorization6Engine9authorizeERKNS_11AuthItemSetES3_jPKSt3setINS_10CredentialESt4lessIS5_ESaIS5_EEPS9_RS1_R18Authorizati
-__ZN13Authorization20AuthorizationDBPlist4syncEd
-__ZN13Authorization20AuthorizationDBPlist4loadEv
-__ZN13Authorization20AuthorizationDBPlist11parseConfigEPK14__CFDictionary
-__ZN8Security5CFRefIP14__CFDictionaryEaSES2_
-__ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization4RuleEESt10_Select1stIS4_ESt4lessISsESaIS4_EE8_M_eraseEPSt13_Rb_tree_nodeIS4_E
-__ZN13Authorization20AuthorizationDBPlist9parseRuleEPKvS2_Pv
-__ZN13Authorization20AuthorizationDBPlist8addRightEPK10__CFStringPK14__CFDictionary
-__ZN8Security8cfStringEPK10__CFStringb
-__ZN13Authorization4RuleC1ERKSsPK14__CFDictionaryS5_
-__ZN13Authorization4RuleC2ERKSsPK14__CFDictionaryS5_
-__ZN13Authorization8RuleImplC2ERKSsPK14__CFDictionaryS5_
-__ZN13Authorization8RuleImpl9Attribute9getStringEPK14__CFDictionaryPK10__CFStringbPKc
-__ZN13Authorization8RuleImpl9Attribute9getDoubleEPK14__CFDictionaryPK10__CFStringbd
-__ZN13Authorization8RuleImpl9Attribute7getBoolEPK14__CFDictionaryPK10__CFStringbb
-__ZN13Authorization8RuleImpl9Attribute9getVectorEPK14__CFDictionaryPK10__CFStringb
-__ZNSt6vectorISsSaISsEEaSERKS1_
-__ZNSt6__copyILb0ESt26random_access_iterator_tagE4copyIPKSsPSsEET0_T_S7_S6_
-__ZNSt6vectorISsSaISsEE20_M_allocate_and_copyIN9__gnu_cxx17__normal_iteratorIPKSsS1_EEEEPSsmT_S9_
-__ZSt24__uninitialized_copy_auxIN9__gnu_cxx17__normal_iteratorIPKSsSt6vectorISsSaISsEEEEPSsET0_T_SA_S9_St12__false_type
-__ZN13Authorization8RuleImpl9Attribute19getLocalizedPromptsEPK14__CFDictionaryRSt3mapISsSsSt4lessISsESaISt4pairIKSsSsEEE
-__ZNSt6vectorIN13Authorization4RuleESaIS1_EE9push_backERKS1_
-__ZNSt6vectorIN13Authorization4RuleESaIS1_EE13_M_insert_auxEN9__gnu_cxx17__normal_iteratorIPS1_S3_EERKS1_
-__ZN9__gnu_cxx13new_allocatorIN13Authorization4RuleEE8allocateEmPKv
-__ZSt24__uninitialized_copy_auxIPN13Authorization4RuleES2_ET0_T_S4_S3_St12__false_type
-__ZN8Security10RefPointerIN13Authorization8RuleImplEE7releaseEv
-__ZNSt3mapISsN13Authorization4RuleESt4lessISsESaISt4pairIKSsS1_EEEixERS5_
-__ZN13Authorization4RuleC1Ev
-__ZN13Authorization4RuleC2Ev
-__ZN13Authorization8RuleImplC2Ev
-__ZNSt4pairIKSsN13Authorization4RuleEEC2ERS0_RKS2_
-__ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization4RuleEESt10_Select1stIS4_ESt4lessISsESaIS4_EE16_M_insert_uniqueESt17_Rb_tree_itera
-__ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization4RuleEESt10_Select1stIS4_ESt4lessISsESaIS4_EE16_M_insert_uniqueERKS4_
-__ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization4RuleEESt10_Select1stIS4_ESt4lessISsESaIS4_EE9_M_insertEPSt18_Rb_tree_node_baseSC_
-__ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization4RuleEESt10_Select1stIS4_ESt4lessISsESaIS4_EE14_M_create_nodeERKS4_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeISt4pairIKSsN13Authorization4RuleEEEE8allocateEmPKv
-__ZNSt4pairIKSsN13Authorization4RuleEEC2ERKS3_
-__ZNSt4pairIKSsN13Authorization4RuleEED2Ev
-__ZN8Security10RefPointerIN13Authorization8RuleImplEE10setPointerEPS2_
-__ZN13Authorization8RuleImplD2Ev
-__ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E
-__ZNSt6vectorIN13Authorization4RuleESaIS1_EED2Ev
-__ZNSt12_Vector_baseIN13Authorization4RuleESaIS1_EED2Ev
-__ZN8Security5CFRefIPK14__CFDictionaryEaSES3_
-__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EEC2ERKS7_
-__ZN8Security14CommonCriteria9Securityd25RightAuthenticationLoggerC1ERKNS0_10AuditTokenEs
-__ZN8Security14CommonCriteria9Securityd25RightAuthenticationLoggerC2ERKNS0_10AuditTokenEs
-__ZN8Security14CommonCriteria9Securityd11AuditLogger13setClientInfoERKNS0_10AuditTokenE
-__ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE4swapERS7_
-__ZN8Security14CommonCriteria9Securityd25RightAuthenticationLoggerD2Ev
-__ZN8Security14CommonCriteria9Securityd11RightLoggerD2Ev
-__ZN8Security14CommonCriteria9Securityd11AuditLoggerD2Ev
-__ZN8Security14CommonCriteria9Securityd11AuditLogger5closeEb
-__ZN13Authorization11AuthItemSetD1Ev
-__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE8_M_eraseEPSt13_Rb_tree_nodeIS1_E
-__ZN7Process16addAuthorizationEP18AuthorizationToken
-__ZNSt8_Rb_treeIP18AuthorizationTokenS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE9_M_insertEPSt18_Rb_tree_node_baseS9_RKS1_
-__ZNSt8_Rb_treeIP18AuthorizationTokenS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE14_M_create_nodeERKS1_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeIP18AuthorizationTokenEE8allocateEmPKv
-__ZN18AuthorizationToken10addProcessER7Process
-__ZNSt8_Rb_treeIP7ProcessS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE16_M_insert_uniqueERKS1_
-__ZNSt8_Rb_treeIP7ProcessS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE9_M_insertEPSt18_Rb_tree_node_baseS9_RKS1_
-__ZNSt8_Rb_treeIP7ProcessS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE14_M_create_nodeERKS1_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeIP7ProcessEE8allocateEmPKv
-__ZL20_XauthorizationdbGetP17mach_msg_header_tS0_
-__Z30ucsp_server_authorizationdbGetjj13audit_token_tPiPKcPPvPj
-__ZN7Session18authorizationdbGetEPKcPPK14__CFDictionary
-__ZN13Authorization6Engine7getRuleERSsPPK14__CFDictionary
-__ZN13Authorization20AuthorizationDBPlist17getRuleDefinitionERSs
-__ZL20_XauthorizationdbSetP17mach_msg_header_tS0_
-__Z30ucsp_server_authorizationdbSetjj13audit_token_tPiN8Security14SecurityServer17AuthorizationBlobEPKcPvj
-__ZN7Session18authorizationdbSetERKN8Security14SecurityServer17AuthorizationBlobEPKcPK14__CFDictionary
-__ZN7Session13authorizationERKN8Security14SecurityServer17AuthorizationBlobE
-__ZN18AuthorizationToken4findERKN8Security14SecurityServer17AuthorizationBlobE
-__ZN7Process18checkAuthorizationEP18AuthorizationToken
-__ZNK18AuthorizationToken14effectiveCredsEv
-__ZN13Authorization6Engine7setRuleEPKcPK14__CFDictionaryPKSt3setINS_10CredentialESt4lessIS7_ESaIS7_EEPSB_R18AuthorizationToken
-__ZNK13Authorization20AuthorizationDBPlist12validateRuleESsPK14__CFDictionary
-__ZN13Authorization6Engine18verifyModificationESsbPKSt3setINS_10CredentialESt4lessIS2_ESaIS2_EEPS6_R18AuthorizationToken
-__ZNK13Authorization20AuthorizationDBPlist9existRuleERSs
-__ZN13Authorization11AuthItemRefC1EPKc
-__ZN13Authorization11AuthItemRefC2EPKc
-__ZNK13Authorization20AuthorizationDBPlist7getRuleERKNS_11AuthItemRefE
-__ZNKSt8_Rb_treeISsSt4pairIKSsN13Authorization4RuleEESt10_Select1stIS4_ESt4lessISsESaIS4_EE4findERS1_
-__ZN8Security10RefPointerIN13Authorization8AuthItemEE7releaseEv
-__ZN13Authorization8AuthItemD1Ev
-__ZN13Authorization8AuthItemD2Ev
-__ZStplIcSt11char_traitsIcESaIcEESbIT_T0_T1_ERKS6_S8_
-__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE16_M_insert_uniqueERKS1_
-__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE9_M_insertEPSt18_Rb_tree_node_baseS9_RKS1
-__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE14_M_create_nodeERKS1_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeIN13Authorization11AuthItemRefEEE8allocateEmPKv
-__ZNK13Authorization8RuleImpl8evaluateERKNS_11AuthItemRefERKNS_4RuleERNS_11AuthItemSetEjdPKSt3setINS_10CredentialESt4lessISA_ES
-__ZNK13Authorization8RuleImpl13evaluateRulesERKNS_11AuthItemRefERKNS_4RuleERNS_11AuthItemSetEjdPKSt3setINS_10CredentialESt4less
-__ZNK13Authorization8RuleImpl12evaluateUserERKNS_11AuthItemRefERKNS_4RuleERNS_11AuthItemSetEjdPKSt3setINS_10CredentialESt4lessI
-__ZN8Security14CommonCriteria9Securityd11RightLogger8setRightEPKc
-__ZN8Security14CommonCriteria9Securityd11RightLogger8setRightERKSs
-__ZN8Security14CommonCriteria9Securityd25RightAuthenticationLogger22logAuthorizationResultEPKcS4_i
-__ZN8Security14CommonCriteria9Securityd11AuditLogger4openEv
-__ZN8Security14CommonCriteria9Securityd25RightAuthenticationLogger11writeCommonEv
-__ZN8Security14CommonCriteria9Securityd11AuditLogger12writeSubjectEv
-__ZN8Security14CommonCriteria9Securityd11AuditLogger10writeTokenEP8au_tokenPKc
-__ZN8Security14CommonCriteria9Securityd11AuditLogger11writeReturnEci
-__ZN8Security6Syslog4infoEPKcz
-__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE15_M_destroy_nodeEPSt13_Rb_tree_nodeIS1_E
-__ZN13Authorization20AuthorizationDBPlist7setRuleEPKcPK14__CFDictionary
-__ZN13Authorization20AuthorizationDBPlist4saveEv
-__ZStplIcSt11char_traitsIcESaIcEESbIT_T0_T1_ERKS6_PKS3_
-__ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization4RuleEESt10_Select1stIS4_ESt4lessISsESaIS4_EE15_M_destroy_nodeEPSt13_Rb_tree_nodeI
-__ZN7Session16mergeCredentialsERSt3setIN13Authorization10CredentialESt4lessIS2_ESaIS2_EE
-__ZN18AuthorizationToken16mergeCredentialsERKSt3setIN13Authorization10CredentialESt4lessIS2_ESaIS2_EE
-__ZL22_XauthorizationReleaseP17mach_msg_header_tS0_
-__Z32ucsp_server_authorizationReleasejj13audit_token_tPiN8Security14SecurityServer17AuthorizationBlobEj
-__ZN7Session8authFreeERKN8Security14SecurityServer17AuthorizationBlobEj
-__ZN18AuthorizationToken7DeleterC1ERKN8Security14SecurityServer17AuthorizationBlobE
-__ZN18AuthorizationToken7DeleterC2ERKN8Security14SecurityServer17AuthorizationBlobE
-__ZN7Process19removeAuthorizationEP18AuthorizationToken
-__ZNSt8_Rb_treeIP18AuthorizationTokenS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseESt23_Rb_tree_const_iteratorIS1_E
-__ZN18AuthorizationToken10endProcessER7Process
-__ZNSt8_Rb_treeIP7ProcessS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseERKS1_
-__ZNSt8_Rb_treeIP7ProcessS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseESt17_Rb_tree_iteratorIS1_ES9_
-__ZNSt8_Rb_treeIP7ProcessS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE8_M_eraseEPSt13_Rb_tree_nodeIS1_E
-__ZN18AuthorizationToken7Deleter6removeEv
+__ZN8NodeCore8referentERS_
+__ZN8Security18DevRandomGenerator6randomEPvm
+__ZN8Security11ModuleNexusINS_18DevRandomGenerator8ReadonlyEEclEv
+__ZN8Security12UnixPlusPlus8FileDesc4readEPvm
+__ZNSt3mapIN8Security14SecurityServer17AuthorizationBlobENS0_10RefPointerI18AuthorizationTokenEESt4lessIS2_ESaISt4pairIKS2_S5_E

 __ZNSt8_Rb_treeIN8Security14SecurityServer17AuthorizationBlobESt4pairIKS2_NS0_10RefPointerI18AuthorizationTokenEEESt10_Select1s
 __ZNSt8_Rb_treeIN8Security14SecurityServer17AuthorizationBlobESt4pairIKS2_NS0_10RefPointerI18AuthorizationTokenEEESt10_Select1s

-__ZN18AuthorizationTokenD0Ev
-__ZN10PerSessionD2Ev
-__ZN4NodeI10PerSession9PerGlobalED2Ev
-_cdsa_notify_server
-__Xmach_notify_dead_name
-_cdsa_mach_notify_dead_name
-__ZThn144_N6Server14notifyDeadNameEN8Security12MachPlusPlus4PortE
-__ZN6Server14notifyDeadNameEN8Security12MachPlusPlus4PortE
-__ZN10Connection5abortEb
-__ZN8Security12MachPlusPlus4Port7destroyEv
-__ZNSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI10ConnectionEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_
-__ZN10ConnectionD0Ev
-__ZNSt8_Rb_treeIjSt4pairIKjN8Security10RefPointerIN8Listener12NotificationEEEESt10_Select1stIS7_ESt4lessIjESaIS7_EE8_M_eraseEPS
-__ZN13PerConnectionD2Ev
-__ZN4NodeI13PerConnection10PerProcessED2Ev
-__ZN7Process4killEv
-__ZN8Security10RefPointerI13LocalDatabaseE10setPointerEPS1_
-__ZN8Security10RefPointerI13LocalDatabaseE7releaseEv
-__ZNSt8_Rb_treeIiSt4pairIKiP7ProcessESt10_Select1stIS4_ESt4lessIiESaIS4_EE5eraseERS1_
-__ZNSt8_Rb_treeIiSt4pairIKiP7ProcessESt10_Select1stIS4_ESt4lessIiESaIS4_EE5eraseESt17_Rb_tree_iteratorIS4_ESC_
-__ZNSt8_Rb_treeIiSt4pairIKiP7ProcessESt10_Select1stIS4_ESt4lessIiESaIS4_EE5eraseESt17_Rb_tree_iteratorIS4_E
-__ZNSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI7ProcessEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE5e
-__ZNSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI7ProcessEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE15
-__ZN7ProcessD0Ev
-__ZNSt8_Rb_treeIP18AuthorizationTokenS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE8_M_eraseEPSt13_Rb_tree_nodeIS1_E
-__ZN20ClientIdentificationD2Ev
-__ZNSt8_Rb_treeIjSt4pairIKjN20ClientIdentification10GuestStateEESt10_Select1stIS4_ESt4lessIjESaIS4_EE15_M_destroy_nodeEPSt13_Rb
-__ZN14CodeSignatures8IdentityD2Ev
-__ZN15CodeSigningHostD2Ev
-__ZN15CodeSigningHost5resetEv
-__ZNSt8_Rb_treeIjSt4pairIKjN8Security10RefPointerIN15CodeSigningHost5GuestEEEESt10_Select1stIS7_ESt4lessIjESaIS7_EE8_M_eraseEPS
-__ZN8Security12MachPlusPlus10MachServer7HandlerD2Ev
-__ZNK16KeychainDbCommon10identifierEv
-__ZNK12DbIdentifiereqERKS_
-__ZNK8Security14DLDbIdentifier4ImpleqERKS1_
-__ZNK8Security17CssmSubserviceUideqERK19cssm_subservice_uid
-__ZNK8Security6DbNameeqERKS0_
-__ZNK8Security6DbNameltERKS0_
-__ZN8Security6DbNameD1Ev
-__ZN8Security6DbNameD2Ev
-__ZL17_XgetDbParametersP17mach_msg_header_tS0_
-__Z27ucsp_server_getDbParametersjj13audit_token_tPijPN8Security14SecurityServer12DBParametersE
-__ZN16KeychainDatabase13getParametersERN8Security14SecurityServer12DBParametersE
-__ZThn16_N16KeychainDatabaseD0Ev
-__ZN16KeychainDatabaseD0Ev
-__ZN13LocalDatabaseD2Ev
-__ZN8DatabaseD2Ev
-__ZN8Security13AnyAclSubjectD0Ev
-__ZN8Security13MappingHandleIjE4findI7SessionEERT_ji
-__ZN8Security13MappingHandleIjE5State4findEji
-__ZL13_XsetupThreadP17mach_msg_header_tS0_
-__Z23ucsp_server_setupThreadjj13audit_token_tPij
-__ZL10_XsetupNewP17mach_msg_header_tS0_
-__Z20ucsp_server_setupNewjj13audit_token_tPijN8Security14SecurityServer15ClientSetupInfoEPKcPj
-__ZN14DynamicSessionC1EN8Security12MachPlusPlus8TaskPortE
-__ZN14DynamicSessionC2EN8Security12MachPlusPlus8TaskPortE
-__ZNK8Security12MachPlusPlus8TaskPort9bootstrapEv
-__ZN8Security12MachPlusPlus4Port11insertRightEj
-__ZNK8Security12MachPlusPlus9Bootstrap10registerAsEjPKc
-__ZN8Security12MachPlusPlus10MachServer3addENS0_4PortE
-__ZNK8Security12MachPlusPlus10MachServer14notifyIfUnusedENS0_4PortEb
-__ZN7Process13changeSessionEN8Security12MachPlusPlus4PortE
-__ZL14_XsetupSessionP17mach_msg_header_tS0_
-__Z24ucsp_server_setupSessionjj13audit_token_tPijj
-__ZN14DynamicSession15setupAttributesEjj
-__ZN14DynamicSession15checkOriginatorEv
+__ZN9__gnu_cxx13new_allocatorISt4pairIKN8Security14SecurityServer17AuthorizationBlobENS2_10RefPointerI18AuthorizationTokenEEEE9
+__ZNSt4pairIKN8Security14SecurityServer17AuthorizationBlobENS0_10RefPointerI18AuthorizationTokenEEEC2ERKS7_
+__ZN8Security10RefPointerI18AuthorizationTokenE7releaseEv
+__ZN8Security10RefPointerI18AuthorizationTokenE10setPointerEPS1_
+__ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EEaSERKS7_
+__ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE8_M_eraseEPSt13_Rb_tree_nodeIS1_E
+__ZN13Authorization6Engine9authorizeERKNS_11AuthItemSetES3_jPKSt3setINS_10CredentialESt4lessIS5_ESaIS5_EEPS9_RS1_R18Authorizati
+__ZN13Authorization20AuthorizationDBPlist4syncEd
+__ZN13Authorization11AuthItemSetC1ERKS0_
+__ZN13Authorization11AuthItemSetC2ERKS0_
+__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EEC2ERKS7_
+__ZN8Security14CommonCriteria9Securityd25RightAuthenticationLoggerC1ERKNS0_10AuditTokenEs
+__ZN8Security14CommonCriteria9Securityd25RightAuthenticationLoggerC2ERKNS0_10AuditTokenEs
+__ZN8Security14CommonCriteria9Securityd11AuditLoggerC2ERKNS0_10AuditTokenEs
+__ZN8Security14CommonCriteria9Securityd11RightLoggerC2Ev
+__ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE4swapERS7_
+__ZNSt6vectorIN13Authorization11AuthItemRefESaIS1_EED2Ev
+__ZN8Security14CommonCriteria9Securityd25RightAuthenticationLoggerD2Ev
+__ZN8Security14CommonCriteria9Securityd11AuditLoggerD2Ev
+__ZN8Security14CommonCriteria9Securityd11AuditLogger5closeEb
+__ZN13Authorization11AuthItemSetD1Ev
+__ZN13Authorization11AuthItemSetD2Ev
+__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EED2Ev
+__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE8_M_eraseEPSt13_Rb_tree_nodeIS1_E
+__ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EED2Ev
+__ZN7Process16addAuthorizationEP18AuthorizationToken
+__ZNSt8_Rb_treeIP18AuthorizationTokenS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE15_M_insert_equalERKS1_
+__ZNSt8_Rb_treeIP18AuthorizationTokenS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE9_M_insertEPSt18_Rb_tree_node_baseS9_RKS1_
+__ZN18AuthorizationToken10addProcessER7Process
+__ZNSt8_Rb_treeIP7ProcessS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE16_M_insert_uniqueERKS1_
+__ZNSt8_Rb_treeIP7ProcessS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE9_M_insertEPSt18_Rb_tree_node_baseS9_RKS1_
+__ZN6Server15requestCompleteERi
+__ZN10Connection7endWorkERi

 __ZL25_XauthorizationCopyRightsP17mach_msg_header_tS0_
 __Z35ucsp_server_authorizationCopyRightsjj13audit_token_tPiN8Security14SecurityServer17AuthorizationBlobEPvjjS4_jPS4_Pj
 _copyout_AuthorizationItemSet
 __ZL25_XauthorizationCopyRightsP17mach_msg_header_tS0_
 __Z35ucsp_server_authorizationCopyRightsjj13audit_token_tPiN8Security14SecurityServer17AuthorizationBlobEPvjjS4_jPS4_Pj
 _copyout_AuthorizationItemSet

+_copyout
+_sec_xdrmem_create
+_sec_xdr_sizeof_out
+_sec_xdr_arena_init_size_alloc

 _xdr_AuthorizationItemSetPtr
 _xdr_AuthorizationItemSetPtr

+_sec_xdr_reference
+_sec_xdr_arena_size_allocator
+_sec_mem_alloc

 _xdr_AuthorizationItemSet
 _xdr_AuthorizationItemSet

+_sec_xdr_array
+_sec_xdrmem_getlong_aligned

 _xdr_AuthorizationItem
 _xdr_AuthorizationItem

+_sec_xdr_charp
+_sec_xdr_bytes
+_sec_xdrmem_getbytes
+_sec_xdr_arena_init

 __ZN13Authorization11AuthItemRefC2ERK17AuthorizationItem
 __ZN13Authorization8AuthItemC2ERK17AuthorizationItem
 __ZN13Authorization11AuthItemRefC2ERK17AuthorizationItem
 __ZN13Authorization8AuthItemC2ERK17AuthorizationItem

+__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE16_M_insert_uniqueERKS1_
+__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE9_M_insertEPSt18_Rb_tree_node_baseS9_RKS1
+__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE14_M_create_nodeERKS1_
+__ZN9__gnu_cxx13new_allocatorIN13Authorization11AuthItemRefEE9constructEPS2_RKS2_
+__ZN8Security10RefPointerIN13Authorization8AuthItemEE7releaseEv

 __ZN7Session13authGetRightsERKN8Security14SecurityServer17AuthorizationBlobERKN13Authorization11AuthItemSetES8_jRS6_
 __ZN7Session13authGetRightsERKN8Security14SecurityServer17AuthorizationBlobERKN13Authorization11AuthItemSetES8_jRS6_

+__ZN18AuthorizationToken4findERKN8Security14SecurityServer17AuthorizationBlobE
+__ZN7Process18checkAuthorizationEP18AuthorizationToken
+__ZNSt8_Rb_treeIP18AuthorizationTokenS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE4findERKS1_

 __ZNK18AuthorizationToken7sessionEv
 __ZN7Session13authGetRightsER18AuthorizationTokenRKN13Authorization11AuthItemSetES5_jRS3_
 __ZNK18AuthorizationToken7sessionEv
 __ZN7Session13authGetRightsER18AuthorizationTokenRKN13Authorization11AuthItemSetES5_jRS3_

+__ZNK18AuthorizationToken14effectiveCredsEv
+__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE7_M_copyEPKSt13_Rb_tree_nodeIS1_EPS9_
+__ZNSt6vectorIN13Authorization11AuthItemRefESaIS1_EE6insertEN9__gnu_cxx17__normal_iteratorIPS1_S3_EERKS1_
+__ZNSt6vectorIN13Authorization11AuthItemRefESaIS1_EE13_M_insert_auxEN9__gnu_cxx17__normal_iteratorIPS1_S3_EERKS1_
+__ZNSt12_Vector_baseIN13Authorization11AuthItemRefESaIS1_EE11_M_allocateEm
+__ZSt24__uninitialized_copy_auxIPN13Authorization11AuthItemRefES2_ET0_T_S4_S3_St12__false_type
+__ZNK13Authorization20AuthorizationDBPlist7getRuleERKNS_11AuthItemRefE
+__ZNKSt8_Rb_treeISsSt4pairIKSsN13Authorization4RuleEESt10_Select1stIS4_ESt4lessISsESaIS4_EE4findERS1_
+__ZN8Security8cfStringEPK7__CFURLb
+__ZNK13Authorization8RuleImpl8evaluateERKNS_11AuthItemRefERKNS_4RuleERNS_11AuthItemSetEjdPKSt3setINS_10CredentialESt4lessISA_ES

 __ZNK13Authorization8RuleImpl21evaluateMechanismOnlyERKNS_11AuthItemRefERKNS_4RuleERNS_11AuthItemSetER18AuthorizationTokenRSt3s
 __ZN13Authorization23AgentMechanismEvaluatorC1EjR7SessionRKSt6vectorISsSaISsEE
 __ZN13Authorization23AgentMechanismEvaluatorC2EjR7SessionRKSt6vectorISsSaISsEE
 __ZNSt6vectorISsSaISsEEC2ERKS1_
 __ZNSt12_Vector_baseISsSaISsEEC2EmRKS0_
 __ZNK13Authorization8RuleImpl21evaluateMechanismOnlyERKNS_11AuthItemRefERKNS_4RuleERNS_11AuthItemSetER18AuthorizationTokenRSt3s
 __ZN13Authorization23AgentMechanismEvaluatorC1EjR7SessionRKSt6vectorISsSaISsEE
 __ZN13Authorization23AgentMechanismEvaluatorC2EjR7SessionRKSt6vectorISsSaISsEE
 __ZNSt6vectorISsSaISsEEC2ERKS1_
 __ZNSt12_Vector_baseISsSaISsEEC2EmRKS0_

+__ZNSt12_Vector_baseISsSaISsEE11_M_allocateEm
+__ZSt24__uninitialized_copy_auxIN9__gnu_cxx17__normal_iteratorIPKSsSt6vectorISsSaISsEEEEPSsET0_T_SA_S9_St12__false_type

 __ZN13Authorization12AuthValueRefC1EjPv
 __ZN13Authorization12AuthValueRefC2EjPv
 __ZN13Authorization9AuthValueC2EjPv
 __ZNSt6vectorIN13Authorization12AuthValueRefESaIS1_EE9push_backERKS1_
 __ZNSt6vectorIN13Authorization12AuthValueRefESaIS1_EE13_M_insert_auxEN9__gnu_cxx17__normal_iteratorIPS1_S3_EERKS1_
 __ZN13Authorization12AuthValueRefC1EjPv
 __ZN13Authorization12AuthValueRefC2EjPv
 __ZN13Authorization9AuthValueC2EjPv
 __ZNSt6vectorIN13Authorization12AuthValueRefESaIS1_EE9push_backERKS1_
 __ZNSt6vectorIN13Authorization12AuthValueRefESaIS1_EE13_M_insert_auxEN9__gnu_cxx17__normal_iteratorIPS1_S3_EERKS1_

-__ZN9__gnu_cxx13new_allocatorIN13Authorization12AuthValueRefEE8allocateEmPKv
+__ZNSt12_Vector_baseIN13Authorization12AuthValueRefESaIS1_EE11_M_allocateEm

 __ZSt24__uninitialized_copy_auxIPN13Authorization12AuthValueRefES2_ET0_T_S4_S3_St12__false_type
 __ZSt24__uninitialized_copy_auxIPN13Authorization12AuthValueRefES2_ET0_T_S4_S3_St12__false_type

+__ZN9__gnu_cxx13new_allocatorIN13Authorization12AuthValueRefEE9constructEPS2_RKS2_

 __ZNK13Authorization8RuleImpl13setAgentHintsERKNS_11AuthItemRefERKNS_4RuleERNS_11AuthItemSetER18AuthorizationToken
 __ZNK13Authorization8RuleImpl13setAgentHintsERKNS_11AuthItemRefERKNS_4RuleERNS_11AuthItemSetER18AuthorizationToken

+__ZN13Authorization11AuthItemRefC1EPKc
+__ZN13Authorization11AuthItemRefC2EPKc
+__ZN13Authorization8AuthItemC1EPKc

 __ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseERKS1_
 __ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseERKS1_

-__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE11equal_rangeERKS1_
+__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE11upper_boundERKS1_
+__ZNK13Authorization8AuthItemltERKS0_
+__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE11lower_boundERKS1_

 __ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseESt17_Rb_tree_iteratorIS1_ES9_
 __ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseESt17_Rb_tree_iteratorIS1_ES9_

+__ZN13Authorization8AuthItemD1Ev
+__ZN13Authorization8AuthItemD2Ev

 __ZN13Authorization11AuthItemRefC1EPKc18AuthorizationValuej
 __ZN13Authorization11AuthItemRefC2EPKc18AuthorizationValuej
 __ZN13Authorization8AuthItemC2EPKc18AuthorizationValuej
 __ZN13Authorization11AuthItemRefC1EPKc18AuthorizationValuej
 __ZN13Authorization11AuthItemRefC2EPKc18AuthorizationValuej
 __ZN13Authorization8AuthItemC2EPKc18AuthorizationValuej

-__ZNK13Authorization8AuthItemltERKS0_

 __Z8codePathPK9__SecCode
 __ZN13SecurityAgent6Client11clientHintsENS_13RequestorTypeERSsij
 __ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE16_M_insert_uniqueISt23_Rb_tree_const_ite
 __ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE16_M_insert_uniqueESt17_Rb_tree_iteratorI
 __ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EEC2ERKS8_
 __ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EEaSERKS8_
 __Z8codePathPK9__SecCode
 __ZN13SecurityAgent6Client11clientHintsENS_13RequestorTypeERSsij
 __ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE16_M_insert_uniqueISt23_Rb_tree_const_ite
 __ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE16_M_insert_uniqueESt17_Rb_tree_iteratorI
 __ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EEC2ERKS8_
 __ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EEaSERKS8_

+__ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E
+__ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EED2Ev
+__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE15_M_destroy_nodeEPSt13_Rb_tree_nodeIS1_E

 __ZN13Authorization23AgentMechanismEvaluator3runERKNS_15AuthValueVectorERKNS_11AuthItemSetERK18AuthorizationToken
 __ZN8Security14CommonCriteria9Securityd14AuthMechLoggerC1ERKNS0_10AuditTokenEs
 __ZN8Security14CommonCriteria9Securityd14AuthMechLoggerC2ERKNS0_10AuditTokenEs
 __ZN13Authorization23AgentMechanismEvaluator3runERKNS_15AuthValueVectorERKNS_11AuthItemSetERK18AuthorizationToken
 __ZN8Security14CommonCriteria9Securityd14AuthMechLoggerC1ERKNS0_10AuditTokenEs
 __ZN8Security14CommonCriteria9Securityd14AuthMechLoggerC2ERKNS0_10AuditTokenEs

-__ZNKSt6vectorIN13Authorization12AuthValueRefESaIS1_EE14_M_range_checkEm
+__ZN8Security14CommonCriteria9Securityd11RightLogger8setRightERKSs

 __ZN18AuthorizationToken7infoSetEPKc
 __ZN18AuthorizationToken7infoSetEPKc

+__ZN13Authorization11AuthItemSetaSERKS0_

 __ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EEaSERKS7_
 __ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EEaSERKS7_

-__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE7_M_copyEPKSt13_Rb_tree_nodeIS1_EPS9_

 __ZN8Security14CommonCriteria9Securityd14AuthMechLogger19setCurrentMechanismEPKc
 __ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization17AgentMechanismRefEESt10_Select1stIS4_ESt4lessISsESaIS4_EE4findERS1_
 __ZN13Authorization17AgentMechanismRefC2E12AuthHostTypeR7Session
 __ZN20QueryInvokeMechanismC1E12AuthHostTypeR7Session
 __ZN20QueryInvokeMechanismC2E12AuthHostTypeR7Session
 __ZN18SecurityAgentQueryC2E12AuthHostTypeR7Session
 __ZN8Security14CommonCriteria9Securityd14AuthMechLogger19setCurrentMechanismEPKc
 __ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization17AgentMechanismRefEESt10_Select1stIS4_ESt4lessISsESaIS4_EE4findERS1_
 __ZN13Authorization17AgentMechanismRefC2E12AuthHostTypeR7Session
 __ZN20QueryInvokeMechanismC1E12AuthHostTypeR7Session
 __ZN20QueryInvokeMechanismC2E12AuthHostTypeR7Session
 __ZN18SecurityAgentQueryC2E12AuthHostTypeR7Session

+__ZN23SecurityAgentConnectionC2E12AuthHostTypeR7Session

 __ZN13SecurityAgent6ClientC2Ev
 __ZN8Security11ThreadNexusIN13SecurityAgent7ClientsEEclEv
 __ZN13SecurityAgent7ClientsC2Ev
 __ZN13SecurityAgent6ClientC2Ev
 __ZN8Security11ThreadNexusIN13SecurityAgent7ClientsEEclEv
 __ZN13SecurityAgent7ClientsC2Ev

+__ZNK8Security15ThreadStoreSlotaSEPv
+__ZN8Security11ModuleNexusINS_5MutexEEclEv
+__ZN8Security11ModuleNexusISt3setIPvSt4lessIS2_ESaIS2_EEEclEv
+__ZNSt8_Rb_treeIPvS0_St9_IdentityIS0_ESt4lessIS0_ESaIS0_EE16_M_insert_uniqueERKS0_
+__ZNSt8_Rb_treeIPvS0_St9_IdentityIS0_ESt4lessIS0_ESaIS0_EE9_M_insertEPSt18_Rb_tree_node_baseS8_RKS0_

 __ZN13SecurityAgent7Clients6insertEPNS_6ClientE
 __ZNSt8_Rb_treeIPN13SecurityAgent6ClientES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE16_M_insert_uniqueERKS2_
 __ZNSt8_Rb_treeIPN13SecurityAgent6ClientES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE9_M_insertEPSt18_Rb_tree_node_baseSA_RKS2_
 __ZN13SecurityAgent7Clients6insertEPNS_6ClientE
 __ZNSt8_Rb_treeIPN13SecurityAgent6ClientES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE16_M_insert_uniqueERKS2_
 __ZNSt8_Rb_treeIPN13SecurityAgent6ClientES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE9_M_insertEPSt18_Rb_tree_node_baseSA_RKS2_

-__ZNSt8_Rb_treeIPN13SecurityAgent6ClientES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE14_M_create_nodeERKS2_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeIPN13SecurityAgent6ClientEEE8allocateEmPKv
-__ZN23SecurityAgentConnectionC2E12AuthHostTypeR7Session

 __ZN7Session8authhostE12AuthHostTypeb
 __ZN16AuthHostInstanceC1ER7Session12AuthHostType
 __ZN16AuthHostInstanceC2ER7Session12AuthHostType
 __ZN11ServerChildC2Ev
 __ZN7Session8authhostE12AuthHostTypeb
 __ZN16AuthHostInstanceC1ER7Session12AuthHostType
 __ZN16AuthHostInstanceC2ER7Session12AuthHostType
 __ZN11ServerChildC2Ev

+__ZN8Security12UnixPlusPlus5ChildC2Ev

 __ZN8Security9ConditionC1ERNS_5MutexE
 __ZN8Security9ConditionC2ERNS_5MutexE
 __ZN8Security9ConditionC1ERNS_5MutexE
 __ZN8Security9ConditionC2ERNS_5MutexE

+__ZN8NodeCore12addReferenceERS_
+__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE16_M_insert_uniqueERKS3_
+__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE9_M_insertEPSt18_Rb_tree_node_baseSB_
+__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE14_M_create_nodeERKS3_
+__ZN9__gnu_cxx13new_allocatorIN8Security10RefPointerI8NodeCoreEEE9constructEPS4_RKS4_
+__Z22initialize_agent_credsv

 __ZN20QueryInvokeMechanism10initializeERKSsS1_RKN13Authorization15AuthValueVectorEj
 __ZN18SecurityAgentQuery6createEPKcS1_j
 __ZN20QueryInvokeMechanism10initializeERKSsS1_RKN13Authorization15AuthValueVectorEj
 __ZN18SecurityAgentQuery6createEPKcS1_j

-__ZN18SecurityAgentQuery8activateEv

 __ZN23SecurityAgentConnection8activateEv
 __ZN23SecurityAgentConnection8activateEv

-__ZN10Connection8useAgentEP32SecurityAgentConnectionInterface
-__ZN16AuthHostInstance8activateEv
-__ZN8Security12MachPlusPlus11StBootstrapC1ERKNS0_9BootstrapERKNS0_8TaskPortE
-__ZN8Security12MachPlusPlus11StBootstrapC2ERKNS0_9BootstrapERKNS0_8TaskPortE
-__ZN8Security12MachPlusPlus8TaskPort9bootstrapENS0_9BootstrapE
-__ZN8Security12UnixPlusPlus5Child4forkEv
-__ZNSt8_Rb_treeIiSt4pairIKiPN8Security12UnixPlusPlus5ChildEESt10_Select1stIS6_ESt4lessIiESaIS6_EE16_M_insert_uniqueERKS6_
-__ZNSt8_Rb_treeIiSt4pairIKiPN8Security12UnixPlusPlus5ChildEESt10_Select1stIS6_ESt4lessIiESaIS6_EE9_M_insertEPSt18_Rb_tree_node_
-__ZNSt8_Rb_treeIiSt4pairIKiPN8Security12UnixPlusPlus5ChildEESt10_Select1stIS6_ESt4lessIiESaIS6_EE14_M_create_nodeERKS6_
-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeISt4pairIKiPN8Security12UnixPlusPlus5ChildEEEE8allocateEmPKv
-__ZN11ServerChild12parentActionEv
-__ZN8Security9Condition4waitEv
-__ZL14_XchildCheckInP17mach_msg_header_tS0_
-__Z24ucsp_server_childCheckInjjj
-__ZN11ServerChild7checkInEN8Security12MachPlusPlus4PortEi
-__ZN8Security9Condition6signalEv
-__ZN8Security12MachPlusPlus11StBootstrapD1Ev
-__ZN8Security12MachPlusPlus11StBootstrapD2Ev
+__ZNK16AuthHostInstance7sessionEv
+__ZN14DynamicSession13copyUserPrefsEv
+__ZN16AuthHostInstance6lookupEj
+__ZNK7Session11updateAuditEv

 __ZN13SecurityAgent6Client8activateEN8Security12MachPlusPlus4PortE
 __ZN13SecurityAgent6Client8activateEN8Security12MachPlusPlus4PortE

+__ZN13SecurityAgent6Client7contactEjN8Security12MachPlusPlus9BootstrapEj
+_sa_request_client_contact

 __ZN13SecurityAgent6Client6createEPKcS2_j
 _sa_request_client_create
 __ZN13SecurityAgent6Client7receiveEv
 __ZN13SecurityAgent7Clients7receiveEv
 __ZN13SecurityAgent6Client6createEPKcS2_j
 _sa_request_client_create
 __ZN13SecurityAgent6Client7receiveEv
 __ZN13SecurityAgent7Clients7receiveEv

+__ZN8Security12MachPlusPlus7MessageC1Em
+__ZN8Security12MachPlusPlus7Message9setBufferEm

 __ZN8Security12MachPlusPlus7Message7receiveEjijj
 _secagentreply_server
 __ZL11_XdidCreateP17mach_msg_header_tS0_
 __Z25sa_reply_server_didCreatejj
 __ZNK13SecurityAgent7Clients4findEj
 __ZN8Security12MachPlusPlus7Message7receiveEjijj
 _secagentreply_server
 __ZL11_XdidCreateP17mach_msg_header_tS0_
 __Z25sa_reply_server_didCreatejj
 __ZNK13SecurityAgent7Clients4findEj

+__ZN13SecurityAgent6Client9didCreateEj

 __ZN8Security12MachPlusPlus7MessageD1Ev
 __ZN8Security12MachPlusPlus7MessageD2Ev
 __ZNSt6vectorIN13Authorization12AuthValueRefESaIS1_EEaSERKS3_
 __ZN8Security12MachPlusPlus7MessageD1Ev
 __ZN8Security12MachPlusPlus7MessageD2Ev
 __ZNSt6vectorIN13Authorization12AuthValueRefESaIS1_EEaSERKS3_


@@ -967,26 +326,34 @@ __ZNSt4pairIKSsN13Authorization17AgentMechanismRefEEC2ERS0_RKS2_
 __ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization17AgentMechanismRefEESt10_Select1stIS4_ESt4lessISsESaIS4_EE16_M_insert_uniqueERKS4
 __ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization17AgentMechanismRefEESt10_Select1stIS4_ESt4lessISsESaIS4_EE9_M_insertEPSt18_Rb_tre
 __ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization17AgentMechanismRefEESt10_Select1stIS4_ESt4lessISsESaIS4_EE14_M_create_nodeERKS4_
 __ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization17AgentMechanismRefEESt10_Select1stIS4_ESt4lessISsESaIS4_EE16_M_insert_uniqueERKS4
 __ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization17AgentMechanismRefEESt10_Select1stIS4_ESt4lessISsESaIS4_EE9_M_insertEPSt18_Rb_tre
 __ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization17AgentMechanismRefEESt10_Select1stIS4_ESt4lessISsESaIS4_EE14_M_create_nodeERKS4_

-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeISt4pairIKSsN13Authorization17AgentMechanismRefEEEE8allocateEmPKv
+__ZN9__gnu_cxx13new_allocatorISt4pairIKSsN13Authorization17AgentMechanismRefEEE9constructEPS5_RKS5_

 __ZNSt4pairIKSsN13Authorization17AgentMechanismRefEEC2ERKS3_
 __ZNSt4pairIKSsN13Authorization17AgentMechanismRefEED2Ev
 __ZN8Security10RefPointerI20QueryInvokeMechanismE7releaseEv
 __ZN20QueryInvokeMechanism3runERKN13Authorization15AuthValueVectorERNS0_11AuthItemSetES5_Pj
 __ZNSt4pairIKSsN13Authorization17AgentMechanismRefEEC2ERKS3_
 __ZNSt4pairIKSsN13Authorization17AgentMechanismRefEED2Ev
 __ZN8Security10RefPointerI20QueryInvokeMechanismE7releaseEv
 __ZN20QueryInvokeMechanism3runERKN13Authorization15AuthValueVectorERNS0_11AuthItemSetES5_Pj

-__ZN13SecurityAgent6Client8setInputERKN13Authorization11AuthItemSetES4_

 __ZN13SecurityAgent6Client6invokeEv
 __ZN13SecurityAgent6Client6invokeEv

+__ZN8Security9Allocator8standardEj
+__ZN8Security11ModuleNexusI17DefaultAllocatorsEclEv

 __ZNK13Authorization11AuthItemSet4copyERP20AuthorizationItemSetRmRN8Security9AllocatorE
 __ZN8Security11DataWalkers6CopierI20AuthorizationItemSetEC2EPKS2_RNS_9AllocatorE
 __ZN8Security11DataWalkers4walkINS0_10SizeWalkerEEEP20AuthorizationItemSetRT_RS4_
 __ZNK13Authorization11AuthItemSet4copyERP20AuthorizationItemSetRmRN8Security9AllocatorE
 __ZN8Security11DataWalkers6CopierI20AuthorizationItemSetEC2EPKS2_RNS_9AllocatorE
 __ZN8Security11DataWalkers4walkINS0_10SizeWalkerEEEP20AuthorizationItemSetRT_RS4_

+__ZN8Security11DataWalkers4walkINS0_10SizeWalkerEEEPcRT_RS3_
+__ZN16DefaultAllocator6mallocEm
+__ZN8Security11DataWalkers4copyI20AuthorizationItemSetEEPT_PKS3_Pv

 __ZN8Security11DataWalkers4walkINS0_10CopyWalkerEEEP20AuthorizationItemSetRT_RS4_
 __ZN8Security11DataWalkers4walkINS0_10CopyWalkerEEEvRT_R17AuthorizationItem
 __ZN8Security11DataWalkers4walkINS0_10CopyWalkerEEEPcRT_RS3_
 __ZN8Security11DataWalkers4walkINS0_10CopyWalkerEEEP20AuthorizationItemSetRT_RS4_
 __ZN8Security11DataWalkers4walkINS0_10CopyWalkerEEEvRT_R17AuthorizationItem
 __ZN8Security11DataWalkers4walkINS0_10CopyWalkerEEEPcRT_RS3_

+__ZN16DefaultAllocator4freeEPv

 __ZNK13Authorization15AuthValueVector4copyEPP24AuthorizationValueVectorPm
 __ZN8Security11DataWalkers6CopierI24AuthorizationValueVectorEC2EPKS2_RNS_9AllocatorE
 __ZNK13Authorization15AuthValueVector4copyEPP24AuthorizationValueVectorPm
 __ZN8Security11DataWalkers6CopierI24AuthorizationValueVectorEC2EPKS2_RNS_9AllocatorE

+__ZN8Security11DataWalkers4walkINS0_10SizeWalkerEEEP24AuthorizationValueVectorRT_RS4_
+__ZN8Security11DataWalkers4copyI24AuthorizationValueVectorEEPT_PKS3_Pv

 __ZN8Security11DataWalkers4walkINS0_10CopyWalkerEEEP24AuthorizationValueVectorRT_RS4_
 _sa_request_client_invoke
 __ZN13SecurityAgent6Client5checkEi
 __ZL11_XsetResultP17mach_msg_header_tS0_
 __Z25sa_reply_server_setResultjjP20AuthorizationItemSetjS0_S0_jS0_
 __ZN8Security11DataWalkers4walkINS0_10CopyWalkerEEEP24AuthorizationValueVectorRT_RS4_
 _sa_request_client_invoke
 __ZN13SecurityAgent6Client5checkEi
 __ZL11_XsetResultP17mach_msg_header_tS0_
 __Z25sa_reply_server_setResultjjP20AuthorizationItemSetjS0_S0_jS0_

+__ZN13SecurityAgent8relocateI20AuthorizationItemSetEEvPT_S3_m

 __ZN8Security11DataWalkers4walkIN13SecurityAgent26CheckingReconstituteWalkerEEEP20AuthorizationItemSetRT_RS5_
 __ZN13SecurityAgent26CheckingReconstituteWalker4blobI20AuthorizationItemSetEEvRPT_m
 __ZN13SecurityAgent26CheckingReconstituteWalker4blobI17AuthorizationItemEEvRPT_m
 __ZN8Security11DataWalkers4walkIN13SecurityAgent26CheckingReconstituteWalkerEEEP20AuthorizationItemSetRT_RS5_
 __ZN13SecurityAgent26CheckingReconstituteWalker4blobI20AuthorizationItemSetEEvRPT_m
 __ZN13SecurityAgent26CheckingReconstituteWalker4blobI17AuthorizationItemEEvRPT_m


@@ -996,32 +363,147 @@ __ZN13SecurityAgent26CheckingReconstituteWalker4blobIvEEvRPT_m
 __ZN13SecurityAgent6Client9setResultEjPK20AuthorizationItemSetS3_
 __ZN13Authorization11AuthItemSetaSERK20AuthorizationItemSet
 __ZN8Security14CommonCriteria9Securityd11AuditLogger10logSuccessEv
 __ZN13SecurityAgent6Client9setResultEjPK20AuthorizationItemSetS3_
 __ZN13Authorization11AuthItemSetaSERK20AuthorizationItemSet
 __ZN8Security14CommonCriteria9Securityd11AuditLogger10logSuccessEv

+__ZN8Security14CommonCriteria9Securityd11AuditLogger4openEv

 __ZN8Security14CommonCriteria9Securityd14AuthMechLogger11writeCommonEv
 __ZN8Security14CommonCriteria9Securityd14AuthMechLogger11writeCommonEv

-__Z22initialize_agent_credsv
-__ZN8Security14CommonCriteria9Securityd11AuditLogger10logFailureEPKci
+__ZN8Security14CommonCriteria9Securityd11AuditLogger12writeSubjectEv
+__ZN8Security14CommonCriteria9Securityd11AuditLogger10writeTokenEP8au_tokenPKc
+__ZN8NodeCore4killERS_
+__ZN8NodeCore4killEv
+__ZN8NodeCore15clearReferencesEv
+__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE5eraseESt23_Rb_tree_const_iteratorIS3
+__ZN8NodeCore15removeReferenceERS_
+__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE5eraseERKS3_
+__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE5eraseESt17_Rb_tree_iteratorIS3_ESB_
+__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE15_M_destroy_nodeEPSt13_Rb_tree_nodeI
+__ZN8Security6Thread3runEv
+__ZN8Security6Thread6runnerEPv
+__ZN8Security12MachPlusPlus10MachServer10LoadThread6actionEv
+__ZN8Security12MachPlusPlus10MachServer9addThreadEPNS_6ThreadE
+__ZNSt8_Rb_treeIPN8Security6ThreadES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE16_M_insert_uniqueERKS2_
+__ZNSt8_Rb_treeIPN8Security6ThreadES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE9_M_insertEPSt18_Rb_tree_node_baseSA_RKS2_
+__ZN8Security12MachPlusPlus10MachServer15runServerThreadEb
+__ZL10_XdecodeDbP17mach_msg_header_tS0_
+__Z20ucsp_server_decodeDbjj13audit_token_tPiPjPvjS2_jS2_j
+__ZN7CopyOutC2EPvmPFiP9__rpc_xdrzEbP9cssm_data
+__Z25xdr_DLDbFlatIdentifierRefP9__rpc_xdrPPN8Security11DataWalkers18DLDbFlatIdentifierE
+__Z22xdr_DLDbFlatIdentifierP9__rpc_xdrPN8Security11DataWalkers18DLDbFlatIdentifierE
+_sec_xdr_pointer
+_xdr_CSSM_SUBSERVICE_UID
+_xdr_CSSM_VERSION
+__ZN8Security14DLDbIdentifierC2ERK19cssm_subservice_uidPKcPK16cssm_net_address
+__ZN8Security14DLDbIdentifier4ImplC2ERK19cssm_subservice_uidPKcPK16cssm_net_address
+__ZN8Security6DbNameC1EPKcPK16cssm_net_address
+__ZN8Security6DbNameC2EPKcPK16cssm_net_address
+__ZN8Security6DbName16CanonicalizeNameEv
+__Z8makeBlobIN8Security14SecurityServer6DbBlobEEPKT_RKNS0_8CssmDataEi
+__ZN16KeychainDatabaseC1ERKN8Security14DLDbIdentifierEPKNS0_14SecurityServer6DbBlobER7ProcessPKNS0_17AccessCredentialsE
+__ZN17SecurityServerAclC2Ev
+__ZN8Security9ObjectAclC2ERNS_9AllocatorE
+__ZN13LocalDatabaseC2ER7Process
+__ZN8DatabaseC2ER7Process
+__ZN16KeychainDatabase12validateBlobEPKN8Security14SecurityServer6DbBlobE
+__ZNK8Security14SecurityServer10CommonBlob8validateEi
+__ZN8Security11DataWalkers4copyINS_17AccessCredentialsEEEPT_PKS3_RNS_9AllocatorE
+__ZN8Security9Allocator6mallocINS_14SecurityServer6DbBlobEEEPT_m
+__ZNK8Database7processEv
+__ZN8NodeCore9findFirstI16KeychainDbCommonRK12DbIdentifierEEN8Security10RefPointerIT_EEMS7_KFT0_vES9_
+__ZNK16KeychainDbCommon10identifierEv
+__ZNK12DbIdentifiereqERKS_
+__ZNK8Security14DLDbIdentifiereqERKS0_
+__ZNK8Security14DLDbIdentifier4ImpleqERKS1_
+__ZNK8Security17CssmSubserviceUideqERK19cssm_subservice_uid
+__ZN8Security10RefPointerI16KeychainDbCommonE7releaseEv
+__ZN8Security10RefPointerINS_14DLDbIdentifier4ImplEE7releaseEv
+__ZN8Security6DbNameD1Ev
+__ZN8Security6DbNameD2Ev
+__ZN7CopyOutD1Ev
+__ZN7CopyOutD2Ev
+__ZL16_XauthenticateDbP17mach_msg_header_tS0_
+__Z26ucsp_server_authenticateDbjj13audit_token_tPijjPvj
+_xdr_CSSM_ACCESS_CREDENTIALS_PTR
+_xdr_CSSM_ACCESS_CREDENTIALS
+_xdr_CSSM_BASE_CERTS
+_sec_xdr_clip_long
+_xdr_CSSM_CERTGROUP
+_xdr_CSSM_SAMPLE
+_xdr_CSSM_LIST
+_xdr_CSSM_LIST_ELEMENT
+__ZN6Server8databaseEj
+__ZN6Server4findI8DatabaseEEN8Security10RefPointerIT_EEji
+__ZN8Security13MappingHandleIjE7findRefI8DatabaseEENS_10RefPointerIT_EEji
+__ZN8Security13MappingHandleIjE5State6locateEji
+__ZN16KeychainDatabase12authenticateEjPKN8Security17AccessCredentialsE
+__ZN8Security11DataWalkers14enumerateArrayINS0_10SizeWalkerENS_11SampleGroupENS_10CssmSampleEEEvRT_RT0_MS7_FRPT1_vE
+__ZN8Security11SampleGroup7samplesEv
+__ZN8Security11DataWalkers4walkINS0_10SizeWalkerEEEvRT_RNS_10CssmSampleE
+__ZN8Security11DataWalkers4walkINS0_10SizeWalkerEEEPNS_11ListElementERT_RS4_
+__ZN8Security11DataWalkers4copyINS_17AccessCredentialsEEEPT_PKS3_RNS_9AllocatorEm
+__ZN8Security11DataWalkers4copyINS_17AccessCredentialsEEEPT_PKS3_Pv
+__ZN8Security11DataWalkers4walkINS0_10CopyWalkerEEEPNS_17AccessCredentialsERT_RS4_
+__ZN8Security11DataWalkers14enumerateArrayINS0_10CopyWalkerENS_11SampleGroupENS_10CssmSampleEEEvRT_RT0_MS7_FRPT1_vE
+__ZN8Security11DataWalkers4walkINS0_10CopyWalkerEEEvRT_RNS_10CssmSampleE
+__ZN8Security11DataWalkers9enumerateINS0_10CopyWalkerEEEvRT_RNS_8CssmListE
+__ZN8Security11DataWalkers4walkINS0_10CopyWalkerEEEPNS_11ListElementERT_RS4_
+__ZN8Security11ListElement4lastEv
+__ZN8Security10RefPointerI8DatabaseE7releaseEv
+__ZL11_XreleaseDbP17mach_msg_header_tS0_
+__Z21ucsp_server_releaseDbjj13audit_token_tPij
+__ZN16KeychainDatabaseD0Ev
+__ZN8Security10RefPointerI16KeychainDatabaseE7releaseEv
+__ZN8DatabaseD2Ev
+__ZN9AclSourceD2Ev
+__ZN10PerProcessD2Ev
+__ZN8Security13MappingHandleIjED2Ev
+__ZN9__gnu_cxx9hashtableISt4pairIKjPN8Security13MappingHandleIjEEEjNS_4hashIjEESt10_Select1stIS7_ESt8equal_toIjESaIS6_EE5eraseE
+__ZN17SecurityServerAclD2Ev
+__ZN8Security5MutexD1Ev
+__ZN8Security9ObjectAclD2Ev
+__ZN8Security10RefPointerINS_10AclSubjectEE7releaseEv
+__ZNSt8_Rb_treeISsSt4pairIKSsN8Security9ObjectAcl8AclEntryEESt10_Select1stIS5_ESt4lessISsESaIS5_EED2Ev
+__ZNSt8_Rb_treeISsSt4pairIKSsN8Security9ObjectAcl8AclEntryEESt10_Select1stIS5_ESt4lessISsESaIS5_EE8_M_eraseEPSt13_Rb_tree_nodeI
+__ZL13_XsetupThreadP17mach_msg_header_tS0_
+__Z23ucsp_server_setupThreadjj13audit_token_tPij
+__ZNSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI7ProcessEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE4f
+__ZNSt8_Rb_treeIiSt4pairIKiP7ProcessESt10_Select1stIS4_ESt4lessIiESaIS4_EE5eraseERS1_
+__ZNSt8_Rb_treeIiSt4pairIKiP7ProcessESt10_Select1stIS4_ESt4lessIiESaIS4_EE5eraseESt17_Rb_tree_iteratorIS4_ESC_
+__ZNSt8_Rb_treeIN8Security12MachPlusPlus4PortESt4pairIKS2_NS0_10RefPointerI7ProcessEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE15
+__ZN7Process4killEv
+__ZN8Security10RefPointerI13LocalDatabaseE10setPointerEPS1_
+__ZN8Security10RefPointerI13LocalDatabaseE7releaseEv
+__ZN8Security12MachPlusPlus10MachServer4idleEv
+__ZN7ProcessD0Ev
+__ZNSt8_Rb_treeIP18AuthorizationTokenS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE8_M_eraseEPSt13_Rb_tree_nodeIS1_E
+__ZN20ClientIdentificationD2Ev
+__ZNSt8_Rb_treeIjSt4pairIKjN20ClientIdentification10GuestStateEESt10_Select1stIS4_ESt4lessIjESaIS4_EED2Ev
+__ZN14CodeSignatures8IdentityD2Ev
+__ZN15CodeSigningHostD2Ev
+__ZN15CodeSigningHost5resetEv
+__ZNSt8_Rb_treeIjSt4pairIKjN8Security10RefPointerIN15CodeSigningHost5GuestEEEESt10_Select1stIS7_ESt4lessIjESaIS7_EED2Ev
+__ZNSt8_Rb_treeIjSt4pairIKjN8Security10RefPointerIN15CodeSigningHost5GuestEEEESt10_Select1stIS7_ESt4lessIjESaIS7_EE8_M_eraseEPS
+__ZN8Security12MachPlusPlus10MachServer7HandlerD2Ev

 __ZN8Security14CommonCriteria9Securityd14AuthMechLoggerD2Ev
 __ZN8Security14CommonCriteria9Securityd14AuthMechLoggerD2Ev

-__ZNSt8_Rb_treeIN13Authorization11AuthItemRefES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseESt17_Rb_tree_iteratorIS1_E
-__ZNSt6__copyILb0ESt26random_access_iterator_tagE4copyIPKN13Authorization12AuthValueRefEPS4_EET0_T_S9_S8_
-__ZN8Security10RefPointerIN13Authorization9AuthValueEE10setPointerEPS2_
-__ZN8Security10RefPointerIN13Authorization9AuthValueEE7releaseEv
-__ZN18AuthorizationToken10setInfoSetERN13Authorization11AuthItemSetE
+__ZN18AuthorizationToken10setInfoSetERN13Authorization11AuthItemSetEb
+__ZN13Authorization11AuthItemSet4findEPKc
+__ZN7Session13setAttributesEj
+__ZN8Security14CommonCriteria9AuditInfo3setEv

 __ZNK13Authorization8RuleImpl15makeCredentialsERK18AuthorizationToken
 __ZNK13Authorization8RuleImpl15makeCredentialsERK18AuthorizationToken

-__ZSt7find_ifISt23_Rb_tree_const_iteratorIN13Authorization11AuthItemRefEENS1_23FindAuthItemByRightNameEET_S5_S5_T0_
-__ZSt9__find_ifISt23_Rb_tree_const_iteratorIN13Authorization11AuthItemRefEENS1_23FindAuthItemByRightNameEET_S5_S5_T0_St18input_
+__ZNK13Authorization8AuthItem11stringValueEv

 __ZN13Authorization10CredentialC1EjRKSsS2_S2_b
 __ZN13Authorization10CredentialC2EjRKSsS2_S2_b
 __ZN13Authorization14CredentialImplC2EjRKSsS2_S2_b
 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE16_M_insert_uniqueERKS1_
 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE9_M_insertEPSt18_Rb_tree_node_baseS9_RKS1_
 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE14_M_create_nodeERKS1_
 __ZN13Authorization10CredentialC1EjRKSsS2_S2_b
 __ZN13Authorization10CredentialC2EjRKSsS2_S2_b
 __ZN13Authorization14CredentialImplC2EjRKSsS2_S2_b
 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE16_M_insert_uniqueERKS1_
 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE9_M_insertEPSt18_Rb_tree_node_baseS9_RKS1_
 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE14_M_create_nodeERKS1_

-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeIN13Authorization10CredentialEEE8allocateEmPKv
+__ZN9__gnu_cxx13new_allocatorIN13Authorization10CredentialEE9constructEPS2_RKS2_

 __ZN13Authorization10CredentialD1Ev
 __ZN8Security10RefPointerIN13Authorization14CredentialImplEE7releaseEv
 __ZN13Authorization10CredentialD1Ev
 __ZN8Security10RefPointerIN13Authorization14CredentialImplEE7releaseEv

-__ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE7_M_copyEPKSt13_Rb_tree_nodeIS1_EPS9_
+__ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE16_M_insert_uniqueISt23_Rb_tree_const_iter
+__ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE16_M_insert_uniqueESt17_Rb_tree_iteratorIS

 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE15_M_destroy_nodeEPSt13_Rb_tree_nodeIS1_E
 __ZNSt6vectorIN13Authorization12AuthValueRefESaIS1_EED2Ev
 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE15_M_destroy_nodeEPSt13_Rb_tree_nodeIS1_E
 __ZNSt6vectorIN13Authorization12AuthValueRefESaIS1_EED2Ev

-__ZNSt12_Vector_baseIN13Authorization12AuthValueRefESaIS1_EED2Ev
+__ZN8Security10RefPointerIN13Authorization9AuthValueEE7releaseEv

 __ZN13Authorization23AgentMechanismEvaluatorD2Ev
 __ZN13Authorization23AgentMechanismEvaluatorD2Ev

+__ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization17AgentMechanismRefEESt10_Select1stIS4_ESt4lessISsESaIS4_EED2Ev

 __ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization17AgentMechanismRefEESt10_Select1stIS4_ESt4lessISsESaIS4_EE8_M_eraseEPSt13_Rb_tree
 __ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization17AgentMechanismRefEESt10_Select1stIS4_ESt4lessISsESaIS4_EE15_M_destroy_nodeEPSt13
 __ZN20QueryInvokeMechanismD0Ev
 __ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization17AgentMechanismRefEESt10_Select1stIS4_ESt4lessISsESaIS4_EE8_M_eraseEPSt13_Rb_tree
 __ZNSt8_Rb_treeISsSt4pairIKSsN13Authorization17AgentMechanismRefEESt10_Select1stIS4_ESt4lessISsESaIS4_EE15_M_destroy_nodeEPSt13
 __ZN20QueryInvokeMechanismD0Ev


@@ -1030,131 +512,240 @@ __ZN13SecurityAgent6Client7destroyEv
 _sa_request_client_destroy
 __ZN23SecurityAgentConnectionD2Ev
 __ZN8Security10RefPointerI16AuthHostInstanceE7releaseEv
 _sa_request_client_destroy
 __ZN23SecurityAgentConnectionD2Ev
 __ZN8Security10RefPointerI16AuthHostInstanceE7releaseEv

+__ZN16AuthHostInstanceD0Ev
+__ZN11ServerChildD2Ev
+__ZN8Security9ConditionD1Ev
+__ZN8Security9ConditionD2Ev
+__ZN8Security12UnixPlusPlus5ChildD2Ev

 __ZN13SecurityAgent6ClientD2Ev
 __ZN13SecurityAgent6Client8teardownEv
 __ZN13SecurityAgent7Clients6removeEPNS_6ClientE
 __ZN13SecurityAgent6ClientD2Ev
 __ZN13SecurityAgent6Client8teardownEv
 __ZN13SecurityAgent7Clients6removeEPNS_6ClientE

-__ZN8Security12MachPlusPlus7PortSetmIERKNS0_4PortE

 __ZNSt8_Rb_treeIPN13SecurityAgent6ClientES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE5eraseERKS2_
 __ZNSt8_Rb_treeIPN13SecurityAgent6ClientES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE5eraseESt17_Rb_tree_iteratorIS2_ESA_
 __ZNSt8_Rb_treeIPN13SecurityAgent6ClientES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE5eraseERKS2_
 __ZNSt8_Rb_treeIPN13SecurityAgent6ClientES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE5eraseESt17_Rb_tree_iteratorIS2_ESA_

-__ZNSt8_Rb_treeIPN13SecurityAgent6ClientES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE5eraseESt17_Rb_tree_iteratorIS2_E

 __ZNSt8_Rb_treeIPN13SecurityAgent6ClientES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E
 __ZN13Authorization9AuthValueD1Ev
 __ZN13Authorization9AuthValueD2Ev
 __ZNSt8_Rb_treeIPN13SecurityAgent6ClientES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E
 __ZN13Authorization9AuthValueD1Ev
 __ZN13Authorization9AuthValueD2Ev

+__ZNSt6vectorISsSaISsEED2Ev
+__ZN8Security14CommonCriteria9Securityd11RightLogger8setRightEPKc
+__ZN8Security14CommonCriteria9Securityd25RightAuthenticationLogger22logAuthorizationResultEPKcS4_i
+__ZN8Security14CommonCriteria9Securityd25RightAuthenticationLogger11writeCommonEv
+__ZN8Security6Syslog4infoEPKcz
+__ZN8Security10RefPointerIN13Authorization8RuleImplEE7releaseEv
+__ZN7Session16mergeCredentialsERSt3setIN13Authorization10CredentialESt4lessIS2_ESaIS2_EE
+__ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE7_M_copyEPKSt13_Rb_tree_nodeIS1_EPS9_

 __ZNK13Authorization14CredentialImpl8isSharedEv
 __ZNK13Authorization14CredentialImpl7isValidEv
 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE4findERKS1_
 __ZNK13Authorization14CredentialImpl8isSharedEv
 __ZNK13Authorization14CredentialImpl7isValidEv
 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE4findERKS1_

+__ZN18AuthorizationToken16mergeCredentialsERKSt3setIN13Authorization10CredentialESt4lessIS2_ESaIS2_EE

 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseERKS1_
 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseERKS1_

-__ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE11equal_rangeERKS1_
+__ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE11upper_boundERKS1_
+__ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE11lower_boundERKS1_

 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseESt17_Rb_tree_iteratorIS1_ES9_
 __ZNK13Authorization11AuthItemSet4copyEv
 _copyin_AuthorizationItemSet
 __ZNSt8_Rb_treeIN13Authorization10CredentialES1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseESt17_Rb_tree_iteratorIS1_ES9_
 __ZNK13Authorization11AuthItemSet4copyEv
 _copyin_AuthorizationItemSet

+_copyin
+_sec_xdr_sizeof_in
+_sec_x_putlong
+_sec_x_putbytes
+_sec_xdrmem_putlong_aligned
+_sec_xdrmem_putbytes
+__ZN6Server15releaseWhenDoneEPv
+__ZN8Security12MachPlusPlus10MachServer15releaseWhenDoneERNS_9AllocatorEPv
+__ZNSt8_Rb_treeIN8Security12MachPlusPlus10MachServer10AllocationES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE16_M_insert_uniqueERKS
+__ZNSt8_Rb_treeIN8Security12MachPlusPlus10MachServer10AllocationES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE9_M_insertEPSt18_Rb_tr

 __ZL23_XauthorizationCopyInfoP17mach_msg_header_tS0_
 __Z33ucsp_server_authorizationCopyInfojj13audit_token_tPiN8Security14SecurityServer17AuthorizationBlobEPKcPPvPj
 __ZN7Session11authGetInfoERKN8Security14SecurityServer17AuthorizationBlobEPKcRN13Authorization11AuthItemSetE
 __ZL23_XauthorizationCopyInfoP17mach_msg_header_tS0_
 __Z33ucsp_server_authorizationCopyInfojj13audit_token_tPiN8Security14SecurityServer17AuthorizationBlobEPKcPPvPj
 __ZN7Session11authGetInfoERKN8Security14SecurityServer17AuthorizationBlobEPKcRN13Authorization11AuthItemSetE

+__ZN16KeychainDbCommonC2ER7SessionRK12DbIdentifier
+__ZN13LocalDbCommonC2ER7Session
+__ZN8DbCommonC2ER7Session
+__ZN18DatabaseCryptoCoreC2Ev
+__ZN8NodeCore9findFirstI16KeychainDbGlobalRK12DbIdentifierEEN8Security10RefPointerIT_EEMS7_KFT0_vES9_
+__ZN8Security10RefPointerI16KeychainDbGlobalE7releaseEv
+__ZN16KeychainDbGlobalC2ERK12DbIdentifier
+__ZNK8DbCommon7sessionEv

 __ZL24_XunlockDbWithPassphraseP17mach_msg_header_tS0_
 __Z34ucsp_server_unlockDbWithPassphrasejj13audit_token_tPijPvj
 __ZL24_XunlockDbWithPassphraseP17mach_msg_header_tS0_
 __Z34ucsp_server_unlockDbWithPassphrasejj13audit_token_tPijPvj

+__ZN6Server8keychainEj
+__ZN6Server4findI16KeychainDatabaseEEN8Security10RefPointerIT_EEji
+__ZN8Security13MappingHandleIjE7findRefI16KeychainDatabaseEENS_10RefPointerIT_EEji

 __ZN16KeychainDatabase8unlockDbERKN8Security8CssmDataE
 __ZN16KeychainDatabase12makeUnlockedERKN8Security8CssmDataE
 __ZN16KeychainDatabase8unlockDbERKN8Security8CssmDataE
 __ZN16KeychainDatabase12makeUnlockedERKN8Security8CssmDataE

-__ZN16KeychainDatabase6decodeERKN8Security8CssmDataE
+__ZN16KeychainDatabase8isLockedEv

 __ZN18DatabaseCryptoCore5setupEPKN8Security14SecurityServer6DbBlobERKNS0_8CssmDataE
 __ZNK18DatabaseCryptoCore17deriveDbMasterKeyERKN8Security8CssmDataE
 __ZN8Security10CssmClient9DeriveKeyC1ERKNS0_3CSPEjjj
 __ZN18DatabaseCryptoCore5setupEPKN8Security14SecurityServer6DbBlobERKNS0_8CssmDataE
 __ZNK18DatabaseCryptoCore17deriveDbMasterKeyERKN8Security8CssmDataE
 __ZN8Security10CssmClient9DeriveKeyC1ERKNS0_3CSPEjjj

+__ZN8Security10CssmClient5CryptC2ERKNS0_3CSPEj
+__ZN8Security10CssmClient7ContextC2ERKNS0_3CSPEj
+__ZN8Security10CssmClient10ObjectImplC2ERKNS0_6ObjectE

 __ZN8Security10CssmClient9DeriveKeyclEPNS_8CssmDataERKNS0_7KeySpecE
 __ZN8Security10CssmClient3Key10makeNewKeyERKNS0_3CSPE
 __ZN8Security10CssmClient3KeyC2ERKNS0_3CSPE
 __ZN8Security10CssmClient7KeyImplC1ERKNS0_3CSPE
 __ZN8Security10CssmClient9DeriveKeyclEPNS_8CssmDataERKNS0_7KeySpecE
 __ZN8Security10CssmClient3Key10makeNewKeyERKNS0_3CSPE
 __ZN8Security10CssmClient3KeyC2ERKNS0_3CSPE
 __ZN8Security10CssmClient7KeyImplC1ERKNS0_3CSPE

+__ZN8Security10RefPointerINS_10CssmClient10ObjectImplEE10setPointerEPS2_
+__ZN8Security10RefPointerINS_10CssmClient10ObjectImplEE7releaseEv
+__ZNK8Security10CssmClient6Object4implINS0_7KeyImplEEERT_v
+__ZNK8Security10CssmClient9RccBearer12compositeRccEv

 __ZN8Security10CssmClient9DeriveKey8activateEv
 __ZN8Security10CssmClient9DeriveKey8activateEv

+__ZNK8Security10CssmClient6Object4implINS0_7CSPImplEEERT_v
+__ZN8Security10CssmClient14AttachmentImpl8activateEv
+__ZN8Security28CssmAllocatorMemoryFunctions11relayMallocEmPv
+__ZN8Security28CssmAllocatorMemoryFunctions9relayFreeEPvS1_
+__ZN8Security10CssmClient10ObjectImpl5checkEi

 __ZN8Security10CssmClient7KeyImpl8activateEv
 __ZN8Security10CssmClient7KeyImpl8activateEv

-__ZN8Security10CssmClient9DeriveKeyD1Ev
-__ZL13handleSignalsi
-_self_client_handleSignal
-__Z11self_serverP17mach_msg_header_tS0_
-__ZL14_XhandleSignalP17mach_msg_header_tS0_
-__Z24self_server_handleSignaljji
-__ZN8Security12UnixPlusPlus5Child13checkChildrenEv
-__ZNSt3mapIiPN8Security12UnixPlusPlus5ChildESt4lessIiESaISt4pairIKiS3_EEEixERS7_
-__ZN8Security12UnixPlusPlus5Child4buryEi
-__ZNSt8_Rb_treeIiSt4pairIKiPN8Security12UnixPlusPlus5ChildEESt10_Select1stIS6_ESt4lessIiESaIS6_EE5eraseERS1_
-__ZNSt8_Rb_treeIiSt4pairIKiPN8Security12UnixPlusPlus5ChildEESt10_Select1stIS6_ESt4lessIiESaIS6_EE5eraseESt17_Rb_tree_iteratorIS
-__ZNSt4listIPN8Security12UnixPlusPlus5ChildESaIS3_EE9_M_insertESt14_List_iteratorIS3_ERKS3_
-__ZNSt4listIPN8Security12UnixPlusPlus5ChildESaIS3_EE14_M_create_nodeERKS3_
-__ZN9__gnu_cxx13new_allocatorISt10_List_nodeIPN8Security12UnixPlusPlus5ChildEEE8allocateEmPKv
-__ZN8Security12UnixPlusPlus5Child4Bier6notifyEv
-__ZN11ServerChild5dyingEv
-__ZL28_XsetSessionDistinguishedUidP17mach_msg_header_tS0_
-__Z38ucsp_server_setSessionDistinguishedUidjj13audit_token_tPijj
-__ZN7Session4findI14DynamicSessionEERT_j
-__ZN14DynamicSession13originatorUidEj
-__ZN8Security10RefPointerIN13Authorization14CredentialImplEE10setPointerEPS2_
-__ZN13Authorization14CredentialImplD1Ev
-__ZN13Authorization14CredentialImplD2Ev
+__ZN8Security10CssmClient5CryptD2Ev
+__ZN8Security10CssmClient7ContextD2Ev
+__ZN8Security10CssmClient7Context10deactivateEv
+__ZN8Security10CssmClient10ObjectImplD2Ev
+__ZN16KeychainDatabase6decodeEv
+__ZN16KeychainDbCommon8unlockDbEPN8Security14SecurityServer6DbBlobEPPv
+__ZN18DatabaseCryptoCore10decodeCoreEPKN8Security14SecurityServer6DbBlobEPPv
+__ZN8Security10CssmClient7DecryptC1ERKNS0_3CSPEj
+__ZN8Security10CssmClient7Context3setEjj
+__ZN8Security10CssmClient5Crypt3keyERKNS0_3KeyE
+__ZN8Security10CssmClient7Context3setINS_7CssmKeyEEEvjRKT_
+__ZN8Security10CssmClient7Context3setINS_8CssmDataEEEvjRKT_
+__ZN8Security10CssmClient7Decrypt7decryptEPKNS_8CssmDataEjPS2_jRS2_
+__ZN8Security10CssmClient7Context8unstagedEv
+__ZN8Security10CssmClient5Crypt8activateEv
+__ZN18DatabaseCryptoCore10makeRawKeyEPvmjj
+__ZN8Security10CssmClient9UnwrapKeyC1ERKNS0_3CSPEj
+__ZN8Security10CssmClient9UnwrapKeyclERKNS_7CssmKeyERKNS0_7KeySpecERS2_PNS_8CssmDataEPS3_
+__ZN8Security10CssmClient3KeyC2ERKNS0_3CSPERK8cssm_keyb
+__ZN8Security10CssmClient7KeyImplC1ERKNS0_3CSPERK8cssm_keyb
+__ZN8Security7CssmKeyC2ERK8cssm_key
+__ZN8Security10CssmClient9VerifyMacC1ERKNS0_3CSPEj
+__ZN8Security10CssmClient7Context3setINS0_3KeyEEEvjRKT_
+__ZN8Security10CssmClient9VerifyMac6verifyEPKNS_8CssmDataEjRS3_
+__ZN8Security10CssmClient10MacContext8activateEv
+__ZN8Security10CssmClient10MacContextD2Ev
+__ZN16KeychainDbCommon8activityEv
+__ZN8Security12MachPlusPlus10MachServer8setTimerEPNS1_5TimerENS_4Time8AbsoluteE
+__ZN8Security13ScheduleQueueINS_4Time8AbsoluteEE8scheduleEPNS3_5EventES2_
+__ZN8DbCommon6notifyEjRKN8Security14DLDbIdentifierE
+__ZN8Security19NameValueDictionaryC1Ev
+__ZN8Security19NameValueDictionary41MakeNameValueDictionaryFromDLDbIdentifierERKNS_14DLDbIdentifierERS0_
+__ZN8Security13NameValuePair9CloneDataERKNS_8CssmDataE
+__ZNSt6vectorIPN8Security13NameValuePairESaIS2_EE9push_backERKS2_
+__ZNSt6vectorIPN8Security13NameValuePairESaIS2_EE13_M_insert_auxEN9__gnu_cxx17__normal_iteratorIPS2_S4_EERKS2_
+__ZNSt12_Vector_baseIPN8Security13NameValuePairESaIS2_EE11_M_allocateEm
+__ZN8Security19NameValueDictionary6ExportERNS_8CssmDataE
+__ZNK8Security13NameValuePair6ExportERNS_8CssmDataE
+__ZN8Listener6notifyEjjRKN8Security8CssmDataE
+__ZN8Listener12NotificationC2EjjjRKN8Security8CssmDataE
+__ZN8Security12CssmAutoDataC2INS_8CssmDataEEERNS_9AllocatorERKT_
+__ZN8Security13CssmOwnedData4copyIvEEvPKT_m
+__ZN8Security12CssmAutoData5resetEv
+__ZN8Security11CssmAutoPtrIvED1Ev
+__ZN8Listener16sendNotificationEPNS_12NotificationE
+__ZN20SharedMemoryListener8notifyMeEPN8Listener12NotificationE
+__ZNK8Security13CssmOwnedData3getEv
+__ZN18SharedMemoryServer12WriteMessageEjjPKvj
+_CalculateCRC
+__ZN18SharedMemoryServer9WriteDataEPKvj
+__ZN8Security10RefPointerIN8Listener12NotificationEE7releaseEv
+__ZN8Listener12NotificationD0Ev
+__ZN8Security12CssmAutoDataD2Ev
+__ZN8Security15CssmManagedDataD2Ev
+__ZN8Security19NameValueDictionaryD1Ev
+__ZN8Security19NameValueDictionaryD2Ev
+__ZN16KeychainDatabase3aclEv
+__ZN8Security9ObjectAcl10importBlobEPKvS2_
+__ZN8Security9ObjectAcl13importSubjectERNS_23LowLevelMemoryUtilities6ReaderES3_
+__ZN8Security9ObjectAcl8makerForEi
+__ZN8Security11ModuleNexusISt3mapIiPNS_10AclSubject5MakerESt4lessIiESaISt4pairIKiS4_EEEEclEv
+__ZNSt3mapIiPN8Security10AclSubject5MakerESt4lessIiESaISt4pairIKiS3_EEEixERS7_
+__ZNK8Security13AnyAclSubject5Maker4makeEhRNS_23LowLevelMemoryUtilities6ReaderES4_
+__ZN8Security10AclSubjectC2Ejh
+__ZN8Security10RefPointerINS_10AclSubjectEE10setPointerEPS1_
+__ZNSt8_Rb_treeISsSt4pairIKSsN8Security9ObjectAcl8AclEntryEESt10_Select1stIS5_ESt4lessISsESaIS5_EE5eraseESt17_Rb_tree_iteratorI
+__ZN8Security9ObjectAcl8AclEntryC2Ev
+__ZN8Security9ObjectAcl8AclEntry10importBlobERNS_23LowLevelMemoryUtilities6ReaderES4_
+__ZNSt8_Rb_treeIiiSt9_IdentityIiESt4lessIiESaIiEE5eraseESt23_Rb_tree_const_iteratorIiES7_
+__ZNSt8_Rb_treeIiiSt9_IdentityIiESt4lessIiESaIiEE8_M_eraseEPSt13_Rb_tree_nodeIiE
+__ZN8Security9ObjectAcl3addERKSsRKNS0_8AclEntryE
+__ZN8Security9ObjectAcl8AclEntryC2ERKS1_
+__ZNSt8_Rb_treeIiiSt9_IdentityIiESt4lessIiESaIiEEC2ERKS5_
+__ZN8Security9ObjectAcl3addERKSsNS0_8AclEntryEl
+__ZNSt4pairISsN8Security9ObjectAcl8AclEntryEEC2ERKSsRKS2_
+__ZNSt4pairIKSsN8Security9ObjectAcl8AclEntryEEC2ISsS3_EERKS_IT_T0_E
+__ZNSt8_Rb_treeISsSt4pairIKSsN8Security9ObjectAcl8AclEntryEESt10_Select1stIS5_ESt4lessISsESaIS5_EE15_M_insert_equalERKS5_
+__ZNSt8_Rb_treeISsSt4pairIKSsN8Security9ObjectAcl8AclEntryEESt10_Select1stIS5_ESt4lessISsESaIS5_EE9_M_insertEPSt18_Rb_tree_node
+__ZNSt8_Rb_treeISsSt4pairIKSsN8Security9ObjectAcl8AclEntryEESt10_Select1stIS5_ESt4lessISsESaIS5_EE14_M_create_nodeERKS5_
+__ZN9__gnu_cxx13new_allocatorISt4pairIKSsN8Security9ObjectAcl8AclEntryEEE9constructEPS6_RKS6_
+__ZNSt4pairIKSsN8Security9ObjectAcl8AclEntryEEC2ERKS4_
+__ZNSt4pairIKSsN8Security9ObjectAcl8AclEntryEED2Ev
+__ZN8Security9ObjectAcl8AclEntryD2Ev
+__ZNSt4pairISsN8Security9ObjectAcl8AclEntryEED2Ev
+__ZN8Security13AnyAclSubjectD0Ev
+__ZN8Security10AclSubjectD2Ev
+__ZNSt8_Rb_treeISsSt4pairIKSsN8Security9ObjectAcl8AclEntryEESt10_Select1stIS5_ESt4lessISsESaIS5_EE15_M_destroy_nodeEPSt13_Rb_tr
+__ZN8Security13ScheduleQueueINS_4Time8AbsoluteEE5Event10unscheduleEv
+__ZN8Security12MachPlusPlus10MachServer5Timer6selectEv
+__ZThn88_N20SharedMemoryListener6actionEv
+__ZN20SharedMemoryListener6actionEv
+__ZN8Security12MachPlusPlus10MachServer5Timer8unselectEv

 __ZL21_XsetSessionUserPrefsP17mach_msg_header_tS0_
 __Z31ucsp_server_setSessionUserPrefsjj13audit_token_tPijPvj
 __ZL21_XsetSessionUserPrefsP17mach_msg_header_tS0_
 __Z31ucsp_server_setSessionUserPrefsjj13audit_token_tPijPvj

+__ZN7Session4findI14DynamicSessionEERT_j
+__ZN6Server7sessionEv

 __ZN14DynamicSession12setUserPrefsEPK8__CFData
 __ZN8Security5CFRefIPK8__CFDataEaSES3_
 __ZN20QueryInvokeMechanism14terminateAgentEv
 __ZN18SecurityAgentQuery9terminateEv
 __ZN23SecurityAgentConnection9terminateEv
 __ZN14DynamicSession12setUserPrefsEPK8__CFData
 __ZN8Security5CFRefIPK8__CFDataEaSES3_
 __ZN20QueryInvokeMechanism14terminateAgentEv
 __ZN18SecurityAgentQuery9terminateEv
 __ZN23SecurityAgentConnection9terminateEv

-__ZThn256_N18SecurityAgentQuery8activateEv

 __ZN13SecurityAgent6Client9terminateEv
 _sa_request_client_terminate
 __ZN13SecurityAgent6Client9terminateEv
 _sa_request_client_terminate

-__ZNSt8_Rb_treeIN8Security10RefPointerI8NodeCoreEES3_St9_IdentityIS3_ESt4lessIS3_ESaIS3_EE5eraseESt17_Rb_tree_iteratorIS3_E
-__ZN16AuthHostInstanceD0Ev
-__ZN11ServerChildD2Ev
-__ZN8Security9ConditionD1Ev
-__ZN8Security9ConditionD2Ev
-__ZN8Security12UnixPlusPlus5ChildD2Ev

 __ZN20QueryInvokeMechanismD2Ev
 __ZNK13Authorization10CredentialltERKS0_
 __ZNK13Authorization14CredentialImplltERKS0_
 __ZN13Authorization14CredentialImpl5mergeERKS0_
 __ZN20QueryInvokeMechanismD2Ev
 __ZNK13Authorization10CredentialltERKS0_
 __ZNK13Authorization14CredentialImplltERKS0_
 __ZN13Authorization14CredentialImpl5mergeERKS0_

-__ZNSt8_Rb_treeIiSt4pairIKiPN8Security12UnixPlusPlus5ChildEESt10_Select1stIS6_ESt4lessIiESaIS6_EE8_M_eraseEPSt13_Rb_tree_nodeIS
-__ZL26_XauthorizationExternalizeP17mach_msg_header_tS0_
-__Z36ucsp_server_authorizationExternalizejj13audit_token_tPiN8Security14SecurityServer17AuthorizationBlobEP25AuthorizationExter
-__ZN7Session15authExternalizeERKN8Security14SecurityServer17AuthorizationBlobER25AuthorizationExternalForm
-__ZNK18AuthorizationToken14mayExternalizeER7Process
-__ZL26_XauthorizationInternalizeP17mach_msg_header_tS0_
-__Z36ucsp_server_authorizationInternalizejj13audit_token_tPi25AuthorizationExternalFormPN8Security14SecurityServer17Authorizati
-__ZN7Session15authInternalizeERK25AuthorizationExternalFormRN8Security14SecurityServer17AuthorizationBlobE
-__ZN18AuthorizationToken14mayInternalizeER7Processb
-__ZL11_XreleaseDbP17mach_msg_header_tS0_
-__Z21ucsp_server_releaseDbjj13audit_token_tPij
-__ZL10_XisLockedP17mach_msg_header_tS0_
-__Z20ucsp_server_isLockedjj13audit_token_tPijPj
-__ZNK13Authorization8RuleImpl26evaluateCredentialForRightERK18AuthorizationTokenRKNS_11AuthItemRefERKNS_4RuleERKNS_11AuthItemSe
-__ZNK13Authorization8RuleImpl30evaluateUserCredentialForRightERK18AuthorizationTokenRKNS_11AuthItemRefERKNS_4RuleERKNS_11AuthIt
-__ZNK13Authorization14CredentialImpl12creationTimeEv
-__ZNK13Authorization8RuleImpl22evaluateAuthenticationERKNS_11AuthItemRefERKNS_4RuleERNS_11AuthItemSetEjdPKSt3setINS_10Credentia
-__ZNK13Authorization8RuleImpl20evaluateSessionOwnerERKNS_11AuthItemRefERKNS_4RuleERKNS_11AuthItemSetEdRK18AuthorizationTokenRNS
-__ZNK14DynamicSession17haveOriginatorUidEv
-__ZN18AuthorizationToken12scrubInfoSetEv
-__ZN8Security14CommonCriteria9Securityd25RightAuthenticationLogger10logSuccessEjjPKc
-__ZN18AuthorizationToken17setCredentialInfoERKN13Authorization10CredentialE
-__ZNSt8_Rb_treeIP7ProcessS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseESt17_Rb_tree_iteratorIS1_E
-__ZThn272_N16KeychainDbCommon6selectEv
-__ZN16KeychainDbCommon6selectEv
-__ZThn272_N16KeychainDbCommon6actionEv
-__ZN16KeychainDbCommon6actionEv
-__ZN16KeychainDbCommon6lockDbEv
-__ZN18DatabaseCryptoCore10invalidateEv
-__ZN8Security12MachPlusPlus10MachServer10clearTimerEPNS1_5TimerE
-__ZThn272_N16KeychainDbCommon8unselectEv
-__ZN16KeychainDbCommon8unselectEv
-__ZN8Security12MachPlusPlus10MachServer12removeThreadEPNS_6ThreadE
-__ZNSt8_Rb_treeIPN8Security6ThreadES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE5eraseERKS2_
-__ZNSt8_Rb_treeIPN8Security6ThreadES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE5eraseESt17_Rb_tree_iteratorIS2_ESA_
-__ZNSt8_Rb_treeIPN8Security6ThreadES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE5eraseESt17_Rb_tree_iteratorIS2_E
-__ZN8Security12MachPlusPlus10MachServer10LoadThreadD0Ev
-__ZN8Security6ThreadD2Ev
-__ZN8Security16PerThreadPointerIN13SecurityAgent7ClientsEE10destructorEPv
-__ZN13SecurityAgent7ClientsD2Ev
-__ZN8Security16PerThreadPointerINS_10RefPointerI10ConnectionEEE10destructorEPv
-__ZN8Security16PerThreadPointerINS_12MachPlusPlus10MachServer9PerThreadEE10destructorEPv
-__ZNSt8_Rb_treeIPN8Security6ThreadES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E
+__ZN13Authorization14CredentialImplD1Ev
+__ZN13Authorization14CredentialImplD2Ev
+__ZL11_XdecodeKeyP17mach_msg_header_tS0_
+__Z21ucsp_server_decodeKeyjj13audit_token_tPiPjPPvS1_jS2_j
+__Z8makeBlobIN8Security14SecurityServer7KeyBlobEEPKT_RKNS0_8CssmDataEi
+__ZN11KeychainKeyC1ER8DatabasePKN8Security14SecurityServer7KeyBlobE
+__ZN11KeychainKeyC2ER8DatabasePKN8Security14SecurityServer7KeyBlobE
+__ZN8LocalKeyC2ER8Databasej
+__ZN3KeyC2ER8Database
+__ZN8Database10SubsidiaryC2ERS_
+__ZNK8Security10CssmClient10ObjectImpl9allocatorEv
+__ZN8Security9Allocator6mallocINS_14SecurityServer7KeyBlobEEEPT_m
+__ZN8LocalKey9returnKeyERjRN8Security7CssmKey6HeaderE
+__ZN11KeychainKey9getHeaderERN8Security7CssmKey6HeaderE
+__ZN8Security4n2hiERNS_7CssmKey6HeaderE
+_xdr_CSSM_KEYHEADER
+__ZN8Security10RefPointerI3KeyE7releaseEv
+__ZL9_XdecryptP17mach_msg_header_tS0_
+__Z19ucsp_server_decryptjj13audit_token_tPiPvjjS1_jPS1_Pj
+_xdr_CSSM_CONTEXT_PTR
+_xdr_CSSM_CONTEXT
+_xdr_CSSM_CONTEXT_ATTRIBUTE
+_xdr_CSSM_KEY
+_xdr_CSSM_DATA
+__ZN6Server3keyEj
+__ZN8Security13MappingHandleIjE7findRefI3KeyEENS_10RefPointerIT_EEji
+__ZN13LocalDatabase7decryptERKN8Security7ContextER3KeyRKNS0_8CssmDataERS6_
+__ZN8LocalKey7cssmKeyEv
+__ZN8LocalKey8keyValueEv
+__ZN11KeychainKey6getKeyEv
+__ZN11KeychainKey6decodeEv
+__ZN16KeychainDatabase9decodeKeyEPN8Security14SecurityServer7KeyBlobERNS0_7CssmKeyERPvS7_
+__ZN8Security14SecurityServer7KeyBlob11isClearTextEv
+__ZN16KeychainDatabase8unlockDbEv
+__ZN16KeychainDatabase12makeUnlockedEPKN8Security17AccessCredentialsE
+__ZN8Security10CssmClient7KeyImplD0Ev
+__ZN8Security10CssmClient7KeyImpl10deactivateEv
+__ZN8Security10CssmClient9AclBearerD2Ev
+__ZNK18DatabaseCryptoCore13decodeKeyCoreEPN8Security14SecurityServer7KeyBlobERNS0_7CssmKeyERPvS7_
+__ZN8Security4h2niERNS_7CssmKey6HeaderE
+__ZN8Security10CssmClient9UnwrapKeyclERKNS_7CssmKeyERKNS0_7KeySpecERS2_PNS_8CssmDataE
+__ZN11KeychainKey3aclEv

 __ZNK8Security19ThresholdAclSubject5Maker4makeEhRNS_23LowLevelMemoryUtilities6ReaderES4_
 __ZNSt6vectorIN8Security10RefPointerINS0_10AclSubjectEEESaIS3_EEC2EmRKS3_RKS4_
 __ZNSt12_Vector_baseIN8Security10RefPointerINS0_10AclSubjectEEESaIS3_EEC2EmRKS4_
 __ZNK8Security19ThresholdAclSubject5Maker4makeEhRNS_23LowLevelMemoryUtilities6ReaderES4_
 __ZNSt6vectorIN8Security10RefPointerINS0_10AclSubjectEEESaIS3_EEC2EmRKS3_RKS4_
 __ZNSt12_Vector_baseIN8Security10RefPointerINS0_10AclSubjectEEESaIS3_EEC2EmRKS4_

-__ZN9__gnu_cxx13new_allocatorIN8Security10RefPointerINS1_10AclSubjectEEEE8allocateEmPKv
+__ZNSt12_Vector_baseIN8Security10RefPointerINS0_10AclSubjectEEESaIS3_EE11_M_allocateEm

 __ZSt26__uninitialized_fill_n_auxIPN8Security10RefPointerINS0_10AclSubjectEEEmS3_EvT_T0_RKT1_St12__false_type
 __ZNK24KeychainPromptAclSubject5Maker4makeEhRN8Security23LowLevelMemoryUtilities6ReaderES4_
 __ZN24KeychainPromptAclSubjectC2ESsRK33cssm_acl_keychain_prompt_selector
 __ZSt26__uninitialized_fill_n_auxIPN8Security10RefPointerINS0_10AclSubjectEEEmS3_EvT_T0_RKT1_St12__false_type
 __ZNK24KeychainPromptAclSubject5Maker4makeEhRN8Security23LowLevelMemoryUtilities6ReaderES4_
 __ZN24KeychainPromptAclSubjectC2ESsRK33cssm_acl_keychain_prompt_selector


@@ -1162,18 +753,35 @@ __ZN8Security19ThresholdAclSubjectC2EjjRKSt6vectorINS_10RefPointerINS_10AclSubje
 __ZNSt6vectorIN8Security10RefPointerINS0_10AclSubjectEEESaIS3_EEC2ERKS5_
 __ZSt24__uninitialized_copy_auxIN9__gnu_cxx17__normal_iteratorIPKN8Security10RefPointerINS2_10AclSubjectEEESt6vectorIS5_SaIS5_E
 __ZNSt6vectorIN8Security10RefPointerINS0_10AclSubjectEEESaIS3_EED2Ev
 __ZNSt6vectorIN8Security10RefPointerINS0_10AclSubjectEEESaIS3_EEC2ERKS5_
 __ZSt24__uninitialized_copy_auxIN9__gnu_cxx17__normal_iteratorIPKN8Security10RefPointerINS2_10AclSubjectEEESt6vectorIS5_SaIS5_E
 __ZNSt6vectorIN8Security10RefPointerINS0_10AclSubjectEEESaIS3_EED2Ev

-__ZNSt12_Vector_baseIN8Security10RefPointerINS0_10AclSubjectEEESaIS3_EED2Ev

 __ZNK8Security23CodeSignatureAclSubject5Maker4makeEhRNS_23LowLevelMemoryUtilities6ReaderES4_
 __ZNK8Security23CodeSignatureAclSubject5Maker4makeEhRNS_23LowLevelMemoryUtilities6ReaderES4_

-__ZN8Security23LowLevelMemoryUtilities6Reader11countedDataERPKvRm

 __ZNK8Security23CodeSignatureAclSubject5Maker4makeEPKhRKNS_8CssmDataE
 __ZN8Security23CodeSignatureAclSubjectC2EPKhRKSs
 __ZN8Security11OSXVerifierC2EPKhRKSs
 __ZN8Security11OSXVerifier3addEPKNS_8BlobCoreE
 __ZNK8Security23CodeSignatureAclSubject5Maker4makeEPKhRKNS_8CssmDataE
 __ZN8Security23CodeSignatureAclSubjectC2EPKhRKSs
 __ZN8Security11OSXVerifierC2EPKhRKSs
 __ZN8Security11OSXVerifier3addEPKNS_8BlobCoreE

-__ZN8Security10CFTempDataC2INS_8BlobCoreEEERKT_

 __ZNSt8_Rb_treeIiiSt9_IdentityIiESt4lessIiESaIiEE16_M_insert_uniqueERKi
 __ZNSt8_Rb_treeIiiSt9_IdentityIiESt4lessIiESaIiEE9_M_insertEPSt18_Rb_tree_node_baseS7_RKi
 __ZNSt8_Rb_treeIiiSt9_IdentityIiESt4lessIiESaIiEE16_M_insert_uniqueERKi
 __ZNSt8_Rb_treeIiiSt9_IdentityIiESt4lessIiESaIiEE9_M_insertEPSt18_Rb_tree_node_baseS7_RKi

-__ZN9__gnu_cxx13new_allocatorISt13_Rb_tree_nodeIiEE8allocateEmPKv

 __ZNSt8_Rb_treeIiiSt9_IdentityIiESt4lessIiESaIiEE7_M_copyEPKSt13_Rb_tree_nodeIiEPS7_
 __ZNSt8_Rb_treeIiiSt9_IdentityIiESt4lessIiESaIiEE7_M_copyEPKSt13_Rb_tree_nodeIiEPS7_

+__ZNK8Security7Context7replaceINS_7CssmKeyEEEvjRKT_
+__ZN8Security7Context4findEjPK22cssm_context_attributej
+__ZN9AclSource8validateEiRKN8Security7ContextE
+__ZThn160_N11KeychainKey15relatedDatabaseEv
+__ZThn160_N11KeychainKey3aclEv
+__ZN17SecurityServerAcl8validateEiRKN8Security7ContextEP8Database
+__ZThn232_N11KeychainKey8validateEiPKN8Security17AccessCredentialsEP8Database
+__ZN11KeychainKey8validateEiPKN8Security17AccessCredentialsEP8Database
+__ZN17SecurityServerAcl8validateEiPKN8Security17AccessCredentialsEP8Database
+__ZN25SecurityServerEnvironmentC1ER17SecurityServerAclP8Database
+__ZN8Security9ObjectAcl8validateEiPKNS_17AccessCredentialsEPNS_24AclValidationEnvironmentE
+__ZN8Security9ObjectAcl9validatesEiPKNS_17AccessCredentialsEPNS_24AclValidationEnvironmentE
+__ZN8Security9ObjectAcl9validatesERNS_20AclValidationContextE
+__ZThn232_N11KeychainKey14instantiateAclEv
+__ZN11KeychainKey14instantiateAclEv
+__ZNK8Security20AclValidationContext9s_credTagEv
+__ZNK8Security20AclValidationContext7credTagEv
+__ZNK8Security9ObjectAcl8getRangeERKSsRSt4pairISt23_Rb_tree_const_iteratorIS3_IS1_NS0_8AclEntryEEES7_E
+__ZNKSt8_Rb_treeIiiSt9_IdentityIiESt4lessIiESaIiEE4findERKi
+__ZN8Security20AclValidationContext4initEPNS_9ObjectAclEPNS_10AclSubjectE
+__ZN8Security20AclValidationContext8entryTagERKSs

 __ZNK8Security16SimpleAclSubject8validateERKNS_20AclValidationContextE
 __ZNK21BaseValidationContext5countEv
 __ZNK21BaseValidationContext6sampleEj
 __ZNK8Security16SimpleAclSubject8validateERKNS_20AclValidationContextE
 __ZNK21BaseValidationContext5countEv
 __ZNK21BaseValidationContext6sampleEj


@@ -1182,15 +790,123 @@ __ZNK8Security11ListElement4wordEv
 __ZNK8Security19ThresholdAclSubject8validateERKNS_20AclValidationContextERKNS_9TypedListE
 __ZNK8Security23CodeSignatureAclSubject8validateERKNS_20AclValidationContextE
 __ZTv0_n48_N25SecurityServerEnvironment19verifyCodeSignatureERKN8Security11OSXVerifierERKNS0_20AclValidationContextE
 __ZNK8Security19ThresholdAclSubject8validateERKNS_20AclValidationContextERKNS_9TypedListE
 __ZNK8Security23CodeSignatureAclSubject8validateERKNS_20AclValidationContextE
 __ZTv0_n48_N25SecurityServerEnvironment19verifyCodeSignatureERKN8Security11OSXVerifierERKNS0_20AclValidationContextE

-__ZN25SecurityServerEnvironment19verifyCodeSignatureERKN8Security11OSXVerifierERKNS0_20AclValidationContextE

 __ZN14CodeSignatures6verifyER7ProcessRKN8Security11OSXVerifierERKNS2_20AclValidationContextE
 __ZN14CodeSignatures6verifyER7ProcessRKN8Security11OSXVerifierERKNS2_20AclValidationContextE

-__ZN24SublistValidationContextD2Ev
+__ZN8Security20AclValidationContextD2Ev

 __ZNK21BaseValidationContext7matchedEPKN8Security9TypedListE
 __ZNK21BaseValidationContext7matchedEPKN8Security9TypedListE

+__ZN25SecurityServerEnvironmentD1Ev
+__ZN8Security24AclValidationEnvironmentD2Ev
+__ZNK16KeychainDatabase6commonEv
+__ZN8Security10CssmClient7Context8overrideERKNS_7ContextE
+__ZL12_XreleaseKeyP17mach_msg_header_tS0_
+__Z22ucsp_server_releaseKeyjj13audit_token_tPij
+__ZN8Database10releaseKeyER3Key
+__ZN11KeychainKeyD0Ev

 __ZN8Security19ThresholdAclSubjectD0Ev
 __ZN24KeychainPromptAclSubjectD0Ev
 __ZN8Security19ThresholdAclSubjectD0Ev
 __ZN24KeychainPromptAclSubjectD0Ev

-__ZN8Security16SimpleAclSubjectD2Ev

 __ZN8Security23CodeSignatureAclSubjectD0Ev
 __ZN8Security11OSXVerifierD2Ev
 __ZN8Security11OSXVerifier6AuxMapD2Ev
 __ZNSt8_Rb_treeIjSt4pairIKjPN8Security8BlobCoreEESt10_Select1stIS5_ESt4lessIjESaIS5_EE8_M_eraseEPSt13_Rb_tree_nodeIS5_E
 __ZN8Security23CodeSignatureAclSubjectD0Ev
 __ZN8Security11OSXVerifierD2Ev
 __ZN8Security11OSXVerifier6AuxMapD2Ev
 __ZNSt8_Rb_treeIjSt4pairIKjPN8Security8BlobCoreEESt10_Select1stIS5_ESt4lessIjESaIS5_EE8_M_eraseEPSt13_Rb_tree_nodeIS5_E

-__ZThn16_N7ProcessD0Ev
+__ZN8LocalKeyD2Ev
+__ZN3KeyD2Ev
+__ZL18_XpostNotificationP17mach_msg_header_tS0_
+__Z28ucsp_server_postNotificationjj13audit_token_tPijjPvjj
+__ZN8Listener6notifyEjjjRKN8Security8CssmDataE
+__ZN8Listener12JitterBuffer10inSequenceEPNS_12NotificationE
+__ZN8Listener12JitterBuffer15popNotificationEv
+__ZNSt8_Rb_treeIjSt4pairIKjN8Security10RefPointerIN8Listener12NotificationEEEESt10_Select1stIS7_ESt4lessIjESaIS7_EE4findERS1_
+__ZL26_XauthorizationExternalizeP17mach_msg_header_tS0_
+__Z36ucsp_server_authorizationExternalizejj13audit_token_tPiN8Security14SecurityServer17AuthorizationBlobEP25AuthorizationExter
+__ZN7Session15authExternalizeERKN8Security14SecurityServer17AuthorizationBlobER25AuthorizationExternalForm
+__ZNK18AuthorizationToken14mayExternalizeER7Process
+__ZL26_XauthorizationInternalizeP17mach_msg_header_tS0_
+__Z36ucsp_server_authorizationInternalizejj13audit_token_tPi25AuthorizationExternalFormPN8Security14SecurityServer17Authorizati
+__ZN7Session15authInternalizeERK25AuthorizationExternalFormRN8Security14SecurityServer17AuthorizationBlobE
+__ZN18AuthorizationToken14mayInternalizeER7Processb
+__ZL10_XisLockedP17mach_msg_header_tS0_
+__Z20ucsp_server_isLockedjj13audit_token_tPijPj
+__ZN14CodeSignatures28matchSignedClientToLegacyACLER7ProcessP9__SecCodeRKN8Security11OSXVerifierERKNS4_20AclValidationContextE
+__ZN17SecurityServerAcl21looksLikeLegacyDotMacERKN8Security20AclValidationContextE
+__ZN8Security8cfStringEPK10__CFStringb
+__ZL4trimSsc
+__ZL11_XunwrapKeyP17mach_msg_header_tS0_
+__Z21ucsp_server_unwrapKeyjj13audit_token_tPijPvjjS1_jS1_jjS1_jjjPS1_PjS3_S2_S3_
+_xdr_CSSM_KEY_PTR
+__ZN6Server16optionalDatabaseEjb
+__ZN7Process10localStoreEv
+__ZN12TempDatabaseC1ER7Process
+__ZN12TempDatabaseC2ER7Process
+__Z6pickDbP8DatabaseS0_
+__ZNK12TempDatabase9transientEv
+__ZN13LocalDatabase9unwrapKeyERKN8Security7ContextEPKNS0_17AccessCredentialsEPKNS0_17AclEntryPrototypeEP3KeySB_jjNS0_7CssmKeyER
+__ZN8Security10CssmClient7Context4credEPK23cssm_access_credentials
+__ZN8Security10CssmClient7Context3setINS_17AccessCredentialsEEEvjRKT_
+__ZN8LocalKey7KeySpecC1Ejj
+__ZN12TempDatabase7makeKeyERKN8Security7CssmKeyEjPKNS0_17AclEntryPrototypeE
+__ZN7TempKeyC2ER8DatabaseRKN8Security7CssmKeyEjPKNS2_17AclEntryPrototypeE
+__ZN8LocalKeyC2ER8DatabaseRKN8Security7CssmKeyEj
+__ZN8LocalKey5setupERKN8Security7CssmKeyEj
+__ZN8LocalKey8setOwnerEPKN8Security17AclEntryPrototypeE
+__ZThn160_N7TempKey3aclEv
+__ZN8Security9ObjectAcl14cssmSetInitialERKNS_10RefPointerINS_10AclSubjectEEE
+__ZN8Security9ObjectAcl5EntryC2ERKNS_10RefPointerINS_10AclSubjectEEE
+__ZN8Security9ObjectAcl8AclEntryC2ERKNS_10RefPointerINS_10AclSubjectEEE
+__ZN8Security10RefPointerI3KeyE10setPointerEPS1_
+__ZL17_XverifySignatureP17mach_msg_header_tS0_
+__Z27ucsp_server_verifySignaturejj13audit_token_tPiPvjjjS1_jS1_j
+__ZN13LocalDatabase15verifySignatureERKN8Security7ContextER3KeyjRKNS0_8CssmDataES8_
+__ZN8Security10CssmClient6VerifyC1ERKNS0_3CSPEjj
+__ZN8Security10CssmClient6Verify6verifyEPKNS_8CssmDataEjRS3_
+__ZN8Security10CssmClient14SigningContext8activateEv
+__ZN8Security10CssmClient14SigningContextD2Ev
+__ZThn16_N7TempKeyD0Ev
+__ZN7TempKeyD0Ev
+__ZThn16_N16KeychainDatabaseD0Ev
+__ZThn16_N12TempDatabaseD0Ev
+__ZNSt8_Rb_treeIjSt4pairIKjN20ClientIdentification10GuestStateEESt10_Select1stIS4_ESt4lessIjESaIS4_EE15_M_destroy_nodeEPSt13_Rb
+__ZL13_XhostingPortP17mach_msg_header_tS0_
+__Z23ucsp_server_hostingPortjj13audit_token_tPiiPj
+__ZNK6Server7findPidEi
+__ZNKSt8_Rb_treeIiSt4pairIKiP7ProcessESt10_Select1stIS4_ESt4lessIiESaIS4_EE4findERS1_
+__ZNSt6vectorIN13Authorization11AuthItemRefESaIS1_EE9push_backERKS1_
+__ZNK13Authorization8RuleImpl12evaluateUserERKNS_11AuthItemRefERKNS_4RuleERNS_11AuthItemSetEjdPKSt3setINS_10CredentialESt4lessI
+__ZNK13Authorization8RuleImpl26evaluateCredentialForRightERK18AuthorizationTokenRKNS_11AuthItemRefERKNS_4RuleERKNS_11AuthItemSe
+__ZNK13Authorization8RuleImpl30evaluateUserCredentialForRightERK18AuthorizationTokenRKNS_11AuthItemRefERKNS_4RuleERKNS_11AuthIt
+__ZNK13Authorization14CredentialImpl12creationTimeEv
+__ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE7_M_copyEPKSt13_Rb_tree_nodeIS2_EPSA_
+__ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE14_M_create_nodeERKS2_
+__ZN9__gnu_cxx13new_allocatorISt4pairIKSsSsEE9constructEPS3_RKS3_
+__ZNSt4pairIKSsSsEC2ERKS1_
+__ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE15_M_destroy_nodeEPSt13_Rb_tree_nodeIS2_E
+__ZNSt4pairIKSsSsED2Ev
+__ZNK13Authorization8RuleImpl22evaluateAuthenticationERKNS_11AuthItemRefERKNS_4RuleERNS_11AuthItemSetEjdPKSt3setINS_10Credentia
+__ZNK13Authorization8RuleImpl20evaluateSessionOwnerERKNS_11AuthItemRefERKNS_4RuleERKNS_11AuthItemSetEdRK18AuthorizationTokenRNS
+__ZNK7Session13originatorUidEv
+__ZN8Security10RefPointerIN13Authorization14CredentialImplEE10setPointerEPS2_
+__ZN18AuthorizationToken12scrubInfoSetEb
+__ZN8Security14CommonCriteria9Securityd25RightAuthenticationLogger10logSuccessEjjPKc
+__ZN18AuthorizationToken17setCredentialInfoERKN13Authorization10CredentialEb
+__ZNK13Authorization8RuleImpl13evaluateRulesERKNS_11AuthItemRefERKNS_4RuleERNS_11AuthItemSetEjdPKSt3setINS_10CredentialESt4less
+__ZL22_XauthorizationReleaseP17mach_msg_header_tS0_
+__Z32ucsp_server_authorizationReleasejj13audit_token_tPiN8Security14SecurityServer17AuthorizationBlobEj
+__ZN7Session8authFreeERKN8Security14SecurityServer17AuthorizationBlobEj
+__ZN18AuthorizationToken7DeleterC1ERKN8Security14SecurityServer17AuthorizationBlobE
+__ZN18AuthorizationToken7DeleterC2ERKN8Security14SecurityServer17AuthorizationBlobE
+__ZN7Process19removeAuthorizationEP18AuthorizationToken
+__ZN18AuthorizationToken10endProcessER7Process
+__ZNSt8_Rb_treeIP7ProcessS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseERKS1_
+__ZNSt8_Rb_treeIP7ProcessS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE5eraseESt17_Rb_tree_iteratorIS1_ES9_
+__ZNSt8_Rb_treeIP7ProcessS1_St9_IdentityIS1_ESt4lessIS1_ESaIS1_EE8_M_eraseEPSt13_Rb_tree_nodeIS1_E
+__ZN18AuthorizationToken7Deleter6removeEv
+__ZN18AuthorizationTokenD0Ev
+__ZN13Authorization14CredentialImpl10invalidateEv
+__ZN7Session7destroyEi
+__ZL13handleSignalsi
+_self_client_handleSignal
+__ZL14_XhandleSignalP17mach_msg_header_tS0_
+__Z24self_server_handleSignaljji
+__ZN6Server13beginShutdownEv
+__ZN7Session19invalidateAuthHostsEv
+__ZN7Session26invalidateSessionAuthHostsEv
+__ZN8Security6Syslog7warningEPKcz
+__ZN8Security12UnixPlusPlus5Child4killEi

diff --git a/src/server.cpp b/src/server.cpp
index b5f29018a0f036dff9375735b301abf5eed1384f..017767901c18f2537b6d925497b85f605d024c49 100644 (file)
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -65,15 +65,12 @@ Server::Server(Authority &authority, CodeSignatures &signatures, const char *boo
     mCSPModule(gGuidAppleCSP, mCssm), mCSP(mCSPModule),
     mAuthority(authority),
        mCodeSignatures(signatures), 
     mCSPModule(gGuidAppleCSP, mCssm), mCSP(mCSPModule),
     mAuthority(authority),
        mCodeSignatures(signatures), 

-       mAudit(geteuid(), getpid()),

        mVerbosity(0),
        mWaitForClients(true), mShuttingDown(false)
 {
        // make me eternal (in the object mesh)
        ref();
 
        mVerbosity(0),
        mWaitForClients(true), mShuttingDown(false)
 {
        // make me eternal (in the object mesh)
        ref();
 

-       mAudit.registerSession();
-

     // engage the subsidiary port handler for sleep notifications
        add(sleepWatcher);
 }
     // engage the subsidiary port handler for sleep notifications
        add(sleepWatcher);
 }


@@ -99,6 +96,7 @@ Connection &Server::connection(mach_port_t port, audit_token_t &auditToken)
        Server &server = active();
        StLock<Mutex> _(server);
        Connection *conn = server.mConnections.get(port, CSSM_ERRCODE_INVALID_CONTEXT_HANDLE);
        Server &server = active();
        StLock<Mutex> _(server);
        Connection *conn = server.mConnections.get(port, CSSM_ERRCODE_INVALID_CONTEXT_HANDLE);

+       conn->process().checkSession(auditToken);

        active().mCurrentConnection() = conn;
        conn->beginWork(auditToken);
        return *conn;
        active().mCurrentConnection() = conn;
        conn->beginWork(auditToken);
        return *conn;


@@ -221,27 +219,27 @@ boolean_t Server::handle(mach_msg_header_t *in, mach_msg_header_t *out)
 // Everything at and below that level is constructed. This is straight-forward except
 // in the case of session re-initialization (see below).
 //
 // Everything at and below that level is constructed. This is straight-forward except
 // in the case of session re-initialization (see below).
 //

-void Server::setupConnection(ConnectLevel type, Port servicePort, Port replyPort, Port taskPort,
-    const audit_token_t &auditToken, const ClientSetupInfo *info, const char *identity)
+void Server::setupConnection(ConnectLevel type, Port replyPort, Port taskPort,
+    const audit_token_t &auditToken, const ClientSetupInfo *info)

 {
 {

+       AuditToken audit(auditToken);
+       

        // first, make or find the process based on task port
        StLock<Mutex> _(*this);
        RefPointer<Process> &proc = mProcesses[taskPort];
        // first, make or find the process based on task port
        StLock<Mutex> _(*this);
        RefPointer<Process> &proc = mProcesses[taskPort];

-       if (type == connectNewSession && proc) {
-               // The client has talked to us before and now wants to create a new session.
-               proc->changeSession(servicePort);
-       }
+       if (proc && proc->session().sessionId() != audit.sessionId())
+               proc->changeSession(audit.sessionId());

        if (proc && type == connectNewProcess) {
                // the client has amnesia - reset it
        if (proc && type == connectNewProcess) {
                // the client has amnesia - reset it

-               assert(info && identity);
-               proc->reset(servicePort, taskPort, info, identity, AuditToken(auditToken));
-               proc->changeSession(servicePort);
+               assert(info);
+               proc->reset(taskPort, info, audit);
+               proc->changeSession(audit.sessionId());

        }
        if (!proc) {
                if (type == connectNewThread)   // client error (or attack)
                        CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);
        }
        if (!proc) {
                if (type == connectNewThread)   // client error (or attack)
                        CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);

-               assert(info && identity);
-               proc = new Process(servicePort, taskPort, info, identity, AuditToken(auditToken));
+               assert(info);
+               proc = new Process(taskPort, info, audit);

                notifyIfDead(taskPort);
                mPids[proc->pid()] = proc;
        }
                notifyIfDead(taskPort);
                mPids[proc->pid()] = proc;
        }


@@ -270,6 +268,7 @@ void Server::endConnection(Port replyPort)
        mConnections.erase(it);
 }
 
        mConnections.erase(it);
 }
 

+

 //
 // Handling dead-port notifications.
 // This receives DPNs for all kinds of ports we're interested in.
 //
 // Handling dead-port notifications.
 // This receives DPNs for all kinds of ports we're interested in.


@@ -277,8 +276,8 @@ void Server::endConnection(Port replyPort)
 void Server::notifyDeadName(Port port)
 {
        // We need the lock to get a proper iterator on mConnections or mProcesses,
 void Server::notifyDeadName(Port port)
 {
        // We need the lock to get a proper iterator on mConnections or mProcesses,

-       // but must release it before we call abort or kill, as these might also
-       // need the server lock
+       // but must release it before we call abort or kill, as these might take 
+       // unbounded time, including calls out to token daemons etc.

        
        StLock<Mutex> serverLock(*this);
        secdebug("SSports", "port %d is dead", port.port());
        
        StLock<Mutex> serverLock(*this);
        secdebug("SSports", "port %d is dead", port.port());


@@ -288,10 +287,10 @@ void Server::notifyDeadName(Port port)
     if (conIt != mConnections.end()) {
                SECURITYD_PORTS_DEAD_CONNECTION(port);
         RefPointer<Connection> con = conIt->second;
     if (conIt != mConnections.end()) {
                SECURITYD_PORTS_DEAD_CONNECTION(port);
         RefPointer<Connection> con = conIt->second;

-        mConnections.erase(conIt);
+               mConnections.erase(conIt);

         serverLock.unlock();
                con->abort();        
         serverLock.unlock();
                con->abort();        

-               return;
+        return;

     }
     
     // is it a process?
     }
     
     // is it a process?


@@ -299,8 +298,8 @@ void Server::notifyDeadName(Port port)
     if (procIt != mProcesses.end()) {
                SECURITYD_PORTS_DEAD_PROCESS(port);
         RefPointer<Process> proc = procIt->second;
     if (procIt != mProcesses.end()) {
                SECURITYD_PORTS_DEAD_PROCESS(port);
         RefPointer<Process> proc = procIt->second;

-        mPids.erase(proc->pid());
-        mProcesses.erase(procIt);
+               mPids.erase(proc->pid());
+               mProcesses.erase(procIt);

         serverLock.unlock();
                // The kill may take some time; make sure there is a spare thread around
                // to prevent deadlocks
         serverLock.unlock();
                // The kill may take some time; make sure there is a spare thread around
                // to prevent deadlocks


@@ -322,8 +321,6 @@ void Server::notifyDeadName(Port port)
 void Server::notifyNoSenders(Port port, mach_port_mscount_t)
 {
        SECURITYD_PORTS_DEAD_SESSION(port);
 void Server::notifyNoSenders(Port port, mach_port_mscount_t)
 {
        SECURITYD_PORTS_DEAD_SESSION(port);

-       secdebug("SSports", "port %d no senders", port.port());
-       Session::destroy(port);

 }
 
 
 }
 
 


@@ -380,6 +377,24 @@ kern_return_t self_server_handleSignal(mach_port_t sport,
 }
 
 
 }
 
 

+kern_return_t self_server_handleSession(mach_port_t sport,
+       mach_port_t taskPort, uint32_t event, uint64_t ident)
+{
+    try {
+        if (taskPort != mach_task_self()) {
+            Syslog::error("handleSession: received from someone other than myself");
+                       return KERN_SUCCESS;
+               }
+               if (event == AUE_SESSION_CLOSE)
+                       Session::destroy(ident);
+    } catch(...) {
+               secdebug("SS", "exception handling a signal (ignored)");
+       }
+    mach_port_deallocate(mach_task_self(), taskPort);
+    return KERN_SUCCESS;
+}
+
+

 //
 // Notifier for system sleep events
 //
 //
 // Notifier for system sleep events
 //

diff --git a/src/server.h b/src/server.h
index f3c5b4caafaeb3ebd98e2ace8d6c5e072de2672a..2c534b0e9ccf70dfb2c171f8389568db98e66d17 100644 (file)
--- a/src/server.h
+++ b/src/server.h
@@ -141,13 +141,11 @@ public:
 public:
        // set up a new connection
        enum ConnectLevel {
 public:
        // set up a new connection
        enum ConnectLevel {

-               connectNewSession,

                connectNewProcess,
                connectNewThread
        };
                connectNewProcess,
                connectNewThread
        };

-       void setupConnection(ConnectLevel type, Port servicePort, Port replyPort, Port taskPort,
-        const audit_token_t &auditToken,
-               const ClientSetupInfo *info = NULL, const char *executablePath = NULL);
+       void setupConnection(ConnectLevel type, Port replyPort, Port taskPort, const audit_token_t &auditToken,
+               const ClientSetupInfo *info = NULL);

                
        void endConnection(Port replyPort);
        
                
        void endConnection(Port replyPort);
        


@@ -219,9 +217,6 @@ private:
     
        Authority &mAuthority;
        CodeSignatures &mCodeSignatures;
     
        Authority &mAuthority;
        CodeSignatures &mCodeSignatures;

-    
-    // Per-process audit initialization
-    CommonCriteria::AuditSession mAudit;

        
        // busy state for primary state authority
        unsigned int mVerbosity;
        
        // busy state for primary state authority
        unsigned int mVerbosity;

diff --git a/src/session.cpp b/src/session.cpp
index 704cf902386725de0a829f23bab1a6c0c0276783..d7cecbf861bab5b8f4bbaff00677cbae2a28b89a 100644 (file)
--- a/src/session.cpp
+++ b/src/session.cpp
@@ -25,11 +25,16 @@
 //
 // session - authentication session domains
 //
 //
 // session - authentication session domains
 //

-// A Session is defined by a mach_init bootstrap dictionary. These dictionaries are
-// hierarchical and inherited, so they work well for characterization of processes
-// that "belong" together. (Of course, if your mach_init is broken, you're in bad shape.)
+// Security sessions are now by definition congruent to audit subsystem sessions.
+// We represent these sessions within securityd as subclasses of class Session,
+// but we reach for the kernel's data whenever we're not sure if our data is
+// up to date.

 //
 //

-// Sessions are multi-threaded objects.
+// Modifications to session state are made from client space using system calls.
+// We discover them when we see changes in audit records as they come in with
+// new requests. We cannot use system notifications for such changes because
+// securityd is fully symmetrically multi-threaded, and thus may process new
+// requests from clients before it gets those notifications.

 //
 #include <pwd.h>
 #include <signal.h>                     // SIGTERM
 //
 #include <pwd.h>
 #include <signal.h>                     // SIGTERM


@@ -40,25 +45,37 @@
 #include "server.h"
 #include <security_utilities/logging.h>
 
 #include "server.h"
 #include <security_utilities/logging.h>
 

+using namespace CommonCriteria;
+
+

 //
 // The static session map
 //
 //
 // The static session map
 //

-PortMap<Session> Session::mSessions;
+Session::SessionMap Session::mSessions;
+Mutex Session::mSessionLock(Mutex::recursive);
+
+
+const char Session::kUsername[] = "username";
+const char Session::kRealname[] = "realname";

 
 

-std::string Session::kUsername = "username";
-std::string Session::kRealname = "realname";

 
 //
 // Create a Session object from initial parameters (create)
 //
 
 //
 // Create a Session object from initial parameters (create)
 //

-Session::Session(Bootstrap bootstrap, Port servicePort, SessionAttributeBits attrs) 
-    : mBootstrap(bootstrap), mServicePort(servicePort),
-         mAttributes(attrs), mSecurityAgent(NULL), mAuthHost(NULL)
+Session::Session(const AuditInfo &audit, Server &server)
+       : mAudit(audit), mSecurityAgent(NULL), mAuthHost(NULL)

 {
 {

-    secdebug("SSsession", "%p CREATED: handle=%#x bootstrap=%d service=%d attrs=%#x",
-        this, handle(), mBootstrap.port(), mServicePort.port(), uint32_t(mAttributes));
-       SECURITYD_SESSION_CREATE(this, attrs, servicePort);
-       Syslog::notice("Session 0x%lx created", this->handle());
+       // link to Server as the global nexus in the object mesh
+       parent(server);
+       
+       // self-register
+       StLock<Mutex> _(mSessionLock);
+       assert(!mSessions[audit.sessionId()]);
+       mSessions[audit.sessionId()] = this;
+       
+       // log it
+       SECURITYD_SESSION_CREATE(this, this->sessionId(), &mAudit, sizeof(mAudit));
+       Syslog::notice("Session %d created", this->sessionId());

 }
 
 
 }
 
 


@@ -67,64 +84,60 @@ Session::Session(Bootstrap bootstrap, Port servicePort, SessionAttributeBits att
 //
 Session::~Session()
 {
 //
 Session::~Session()
 {

-    secdebug("SSsession", "%p DESTROYED: handle=%#x bootstrap=%d",
-        this, handle(), mBootstrap.port());
-       Syslog::notice("Session 0x%lx destroyed", this->handle());
+       SECURITYD_SESSION_DESTROY(this, this->sessionId());
+       Syslog::notice("Session %d destroyed", this->sessionId());

 }
 
 
 //
 }
 
 
 //

-// Locate a session object by service port or (Session API) identifier
+// Locate a session object by session identifier

 //
 //

-Session &Session::find(Port servicePort)
+Session &Session::find(pid_t id, bool create)

 {
 {

-    StLock<Mutex> _(mSessions);
-       PortMap<Session>::const_iterator it = mSessions.find(servicePort);
-       assert(it != mSessions.end());
-       return *it->second;
-}
+       if (id == callerSecuritySession)
+               return Server::session();
+       StLock<Mutex> _(mSessionLock);
+       SessionMap::iterator it = mSessions.find(id);
+       if (it != mSessions.end())
+               return *it->second;

 
 

-Session &Session::find(SecuritySessionId id)
-{
-    switch (id) {
-    case callerSecuritySession:
-        return Server::session();
-    default:
-               try {
-                       return U32HandleObject::find<Session>(id, CSSMERR_CSSM_INVALID_ADDIN_HANDLE);
-               } catch (const CommonError &err) {
-                       Syslog::warning("Session::find(%#x) failed rcode=%d", id, err.osStatus());
-                       for (PortMap<Session>::const_iterator it = mSessions.begin(); it != mSessions.end(); ++it)
-                               Syslog::notice(" Valid sessions include %#x attrs=%#x",
-                                       it->second->handle(), it->second->attributes());
-                       throw;
-               }
-    }
+       // new session
+       if (!create)
+               CssmError::throwMe(errSessionInvalidId);
+       AuditInfo info;
+       info.get(id);
+       assert(info.sessionId() == id);
+       RefPointer<Session> session = new DynamicSession(info);
+       mSessions.insert(make_pair(id, session));
+       return *session;

 }
 
 
 //
 }
 
 
 //

-// Act on a death notification for a session's (sub)bootstrap port.
+// Act on a death notification for a session's underlying audit session object.

 // We may not destroy the Session outright here (due to processes that use it),
 // but we do clear out its accumulated wealth.
 // We may not destroy the Session outright here (due to processes that use it),
 // but we do clear out its accumulated wealth.

+// Note that we may get spurious death notifications for audit sessions that we
+// never learned about. Ignore those.

 //
 //

-void Session::destroy(Port servPort)
+void Session::destroy(SessionId id)

 {
     // remove session from session map
 {
     // remove session from session map

-    StLock<Mutex> _(mSessions);
-    PortMap<Session>::iterator it = mSessions.find(servPort);
-    assert(it != mSessions.end());
-       RefPointer<Session> session = it->second;
-       SECURITYD_SESSION_DESTROY(session);
-       Syslog::notice("Session 0x%lx dead", session->handle());
-    mSessions.erase(it);
-       session->kill();
+    StLock<Mutex> _(mSessionLock);
+    SessionMap::iterator it = mSessions.find(id);
+       if (it != mSessions.end()) {
+               RefPointer<Session> session = it->second;
+               assert(session->sessionId() == id);
+               mSessions.erase(it);
+               session->kill();
+       }

 }
 
 }
 

+

 void Session::kill()
 {
     StLock<Mutex> _(*this);     // do we need to take this so early?
 void Session::kill()
 {
     StLock<Mutex> _(*this);     // do we need to take this so early?

-       
+       SECURITYD_SESSION_KILL(this, this->sessionId());

     invalidateSessionAuthHosts();
        
     // invalidate shared credentials
     invalidateSessionAuthHosts();
        
     // invalidate shared credentials


@@ -142,6 +155,24 @@ void Session::kill()
        PerSession::kill();
 }
 
        PerSession::kill();
 }
 

+
+//
+// Refetch audit session data for the current audit session (to catch outside updates
+// to the audit record). This is the price we're paying for not requiring an IPC to
+// securityd when audit session data changes (this is desirable for delayering the
+// software layer cake).
+// If we ever disallow changes to (parts of the) audit session record in the kernel,
+// we can loosen up on this continual re-fetching.
+//
+void Session::updateAudit() const
+{
+       mAudit.get(mAudit.sessionId());
+}
+
+
+//
+// Manage authorization client processes
+//

 void Session::invalidateSessionAuthHosts()
 {
     StLock<Mutex> _(mAuthHostLock);
 void Session::invalidateSessionAuthHosts()
 {
     StLock<Mutex> _(mAuthHostLock);


@@ -156,8 +187,8 @@ void Session::invalidateSessionAuthHosts()
 
 void Session::invalidateAuthHosts()
 {
 
 void Session::invalidateAuthHosts()
 {

-       StLock<Mutex> _(mSessions);
-       for (PortMap<Session>::const_iterator it = mSessions.begin(); it != mSessions.end(); it++)
+       StLock<Mutex> _(mSessionLock);
+       for (SessionMap::const_iterator it = mSessions.begin(); it != mSessions.end(); it++)

         it->second->invalidateSessionAuthHosts();
 }
 
         it->second->invalidateSessionAuthHosts();
 }
 


@@ -166,8 +197,8 @@ void Session::invalidateAuthHosts()
 //
 void Session::processSystemSleep()
 {
 //
 void Session::processSystemSleep()
 {

-       StLock<Mutex> _(mSessions);
-       for (PortMap<Session>::const_iterator it = mSessions.begin(); it != mSessions.end(); it++)
+       StLock<Mutex> _(mSessionLock);
+       for (SessionMap::const_iterator it = mSessions.begin(); it != mSessions.end(); it++)

                it->second->allReferences(&DbCommon::sleepProcessing);
 }
 
                it->second->allReferences(&DbCommon::sleepProcessing);
 }
 


@@ -180,126 +211,30 @@ void Session::processLockAll()
        allReferences(&DbCommon::lockProcessing);
 }
 
        allReferences(&DbCommon::lockProcessing);
 }
 

-//
-// The root session inherits the startup bootstrap and service port
-//
-RootSession::RootSession(Server &server, SessionAttributeBits attrs)
-    : Session(Bootstrap(), server.primaryServicePort(),
-               sessionIsRoot | sessionWasInitialized | attrs)
-{
-       parent(server);         // the Server is our parent
-       ref();                          // eternalize
-
-    // self-install (no thread safety issues here)
-       mSessions[mServicePort] = this;
-}
-
-//
-// Dynamic sessions use the given bootstrap and re-register in it
-//
-DynamicSession::DynamicSession(TaskPort taskPort)
-       : ReceivePort(Server::active().bootstrapName(), taskPort.bootstrap(), false),
-         Session(taskPort.bootstrap(), *this),
-         mOriginatorTask(taskPort), mHaveOriginatorUid(false)
-{
-       // link to Server as the global nexus in the object mesh
-       parent(Server::active());
-       
-       // tell the server to listen to our port
-       Server::active().add(*this);
-       
-       // register for port notifications
-    Server::active().notifyIfDead(bootstrapPort());    //@@@??? still needed?
-       Server::active().notifyIfUnused(*this);
-
-       // self-register
-       StLock<Mutex> _(mSessions);
-       assert(!mSessions[*this]);  // can't be registered already (we just made it)
-       mSessions[*this] = this;
-       
-       secdebug("SSsession", "%p dynamic session originator=%d (pid=%d)",
-               this, mOriginatorTask.port(), taskPort.pid());
-}
-
-DynamicSession::~DynamicSession()
-{
-       // remove our service port from the server
-       Server::active().remove(*this);
-}
-
-
-void DynamicSession::kill()
-{
-       StLock<Mutex> _(*this);
-       mBootstrap.destroy();           // release our bootstrap port
-       Session::kill();                        // continue with parent kill
-}
-
-
-//
-// Set up a DynamicSession.
-// This call must be made from a process within the session, and it must be the first
-// such process to make the call.
-//
-void DynamicSession::setupAttributes(SessionCreationFlags flags, SessionAttributeBits attrs)
-{
-       StLock<Mutex> _(*this);
-       SECURITYD_SESSION_SETATTR(this, attrs);
-       Syslog::notice("Session 0x%lx attributes 0x%x", this->handle(), attrs);
-    secdebug("SSsession", "%p setup flags=%#x attrs=%#x", this, uint32_t(flags), uint32_t(attrs));
-    if (attrs & ~settableAttributes)
-        MacOSError::throwMe(errSessionInvalidAttributes);
-       checkOriginator();
-    if (attribute(sessionWasInitialized))
-        MacOSError::throwMe(errSessionAuthorizationDenied);
-    setAttributes(attrs | sessionWasInitialized);
-}
-

 
 //
 
 //

-// Check whether the calling process is the session originator.
-// If it's not, throw.
+// The root session corresponds to the audit session that security is running in.
+// This is usually the initial system session; but in debug scenarios it may be
+// an "ordinary" graphic login session. In such a debug case, we may add attribute
+// flags to the session to make our (debugging) life easier.

 //
 //

-void DynamicSession::checkOriginator()
+RootSession::RootSession(uint64_t attributes, Server &server)
+       : Session(AuditInfo::current(), server)

 {
 {

-       if (mOriginatorTask != Server::process().taskPort())
-               MacOSError::throwMe(errSessionAuthorizationDenied);
+       ref();                          // eternalize
+       mAudit.ai_flags |= attributes;          // merge imposed attributes

 }
 
 
 //
 }
 
 
 //

-// The "originator uid" is a uid value that can be provided by the session originator
-// and retrieved by anyone. Securityd places no semantic meaning on this value.
+// Dynamic sessions use the audit session context of the first-contact client caller.

 //
 //

-uid_t DynamicSession::originatorUid() const
+DynamicSession::DynamicSession(const AuditInfo &audit)
+       : Session(audit, Server::active())

 {
 {

-       if (mHaveOriginatorUid)
-               return mOriginatorUid;
-       else
-               MacOSError::throwMe(errSessionValueNotSet);

 }
 
 
 }
 
 

-void DynamicSession::originatorUid(uid_t uid)
-{
-       checkOriginator();
-       if (mHaveOriginatorUid)         // must not re-set this
-               MacOSError::throwMe(errSessionAuthorizationDenied);
-       mHaveOriginatorUid = true;
-       mOriginatorUid = uid;
-
-       Server::active().longTermActivity();
-       struct passwd *pw = getpwuid(uid);
-
-       if (pw != NULL) {
-
-        mOriginatorCredential = Credential(uid, pw->pw_name ? pw->pw_name : "", pw->pw_gecos ? pw->pw_gecos : "", "", true/*shared*/);
-        endpwent();
-       }
-
-       secdebug("SSsession", "%p session uid set to %d", this, uid);
-}
-

 //
 // Authorization operations
 //
 //
 // Authorization operations
 //


@@ -420,7 +355,7 @@ OSStatus Session::authExternalize(const AuthorizationBlob &authBlob,
         AuthorizationExternalBlob &extBlob =
             reinterpret_cast<AuthorizationExternalBlob &>(extForm);
         extBlob.blob = auth.handle();
         AuthorizationExternalBlob &extBlob =
             reinterpret_cast<AuthorizationExternalBlob &>(extForm);
         extBlob.blob = auth.handle();

-        extBlob.session = bootstrapPort();
+        extBlob.session = this->sessionId();

                secdebug("SSauth", "Authorization %p externalized", &auth);
                return noErr;
        } else
                secdebug("SSauth", "Authorization %p externalized", &auth);
                return noErr;
        } else


@@ -449,6 +384,18 @@ OSStatus Session::authInternalize(const AuthorizationExternalForm &extForm,
 }
 
 
 }
 
 

+// 
+// Accessor method for setting audit session flags.
+// 
+void Session::setAttributes(SessionAttributeBits bits)
+{
+       StLock<Mutex> _(*this);
+       updateAudit();
+       assert((bits & ~settableAttributes) == 0);
+       mAudit.ai_flags = bits;
+       mAudit.set();
+}
+

 //
 // The default session setup operation always fails.
 // Subclasses can override this to support session setup calls.
 //
 // The default session setup operation always fails.
 // Subclasses can override this to support session setup calls.


@@ -618,7 +565,6 @@ Session::authhost(const AuthHostType hostType, const bool restart)
 
 void DynamicSession::setUserPrefs(CFDataRef userPrefsDict)
 {
 
 void DynamicSession::setUserPrefs(CFDataRef userPrefsDict)
 {

-       checkOriginator();

        if (Server::process().uid() != 0)
                MacOSError::throwMe(errSessionAuthorizationDenied);
        StLock<Mutex> _(*this);
        if (Server::process().uid() != 0)
                MacOSError::throwMe(errSessionAuthorizationDenied);
        StLock<Mutex> _(*this);


@@ -642,8 +588,8 @@ CFDataRef DynamicSession::copyUserPrefs()
 void Session::dumpNode()
 {
        PerSession::dumpNode();
 void Session::dumpNode()
 {
        PerSession::dumpNode();

-       Debug::dump(" boot=%d service=%d attrs=%#x authhost=%p securityagent=%p",
-               mBootstrap.port(), mServicePort.port(), uint32_t(mAttributes), mAuthHost, mSecurityAgent);
+       Debug::dump(" auid=%d attrs=%#x authhost=%p securityagent=%p",
+               this->sessionId(), uint32_t(this->attributes()), mAuthHost, mSecurityAgent);

 }
 
 #endif //DEBUGDUMP
 }
 
 #endif //DEBUGDUMP

diff --git a/src/session.h b/src/session.h
index 08042acc7f1c1ee1586e571b491ba2405c92eed9..fd7111c776e59a26e5ea0c500958174e227bcea3 100644 (file)
--- a/src/session.h
+++ b/src/session.h
@@ -33,17 +33,13 @@
 #include "authority.h"
 #include "authhost.h"
 #include <Security/AuthSession.h>
 #include "authority.h"
 #include "authhost.h"
 #include <Security/AuthSession.h>

+#include <security_utilities/ccaudit.h>

 #include <security_cdsa_utilities/handletemplates_defs.h>
 #include <security_cdsa_utilities/u32handleobject.h>
 #include <security_cdsa_utilities/cssmdb.h>
 #include <security_cdsa_utilities/handletemplates_defs.h>
 #include <security_cdsa_utilities/u32handleobject.h>
 #include <security_cdsa_utilities/cssmdb.h>

-
-#if __GNUC__ > 2
-#include <ext/hash_map>
-using __gnu_cxx::hash_map;
-#else
-#include <hash_map>
-#endif
-
+#include <bsm/audit.h>
+#include <bsm/audit_session.h>
+#include <sys/event.h>

 
 class Key;
 class Connection;
 
 class Key;
 class Connection;


@@ -58,38 +54,34 @@ class AuthHostInstance;
 // with a modicum of security, and so Sessions are the natural nexus of
 // single-sign-on functionality.
 //
 // with a modicum of security, and so Sessions are the natural nexus of
 // single-sign-on functionality.
 //

-class Session : public U32HandleObject, public PerSession {
+class Session : public PerSession {

 public:
 public:

-    typedef MachPlusPlus::Bootstrap Bootstrap;
+       typedef au_asid_t SessionId;                    // internal session identifier (audit session id)

 
 

-    Session(Bootstrap bootstrap, Port servicePort, SessionAttributeBits attrs = 0);
+    Session(const CommonCriteria::AuditInfo &audit, Server &server);

        virtual ~Session();
     
        virtual ~Session();
     

-    Bootstrap bootstrapPort() const            { return mBootstrap; }
-       Port servicePort() const                        { return mServicePort; }
+       SessionId sessionId() const { return mAudit.sessionId(); }
+       CommonCriteria::AuditInfo &auditInfo() { return mAudit; }

     
        IFDUMP(virtual void dumpNode());
     
 public:
     static const SessionAttributeBits settableAttributes =
     
        IFDUMP(virtual void dumpNode());
     
 public:
     static const SessionAttributeBits settableAttributes =

-        sessionHasGraphicAccess | sessionHasTTY | sessionIsRemote;
+        sessionHasGraphicAccess | sessionHasTTY | sessionIsRemote | AU_SESSION_FLAG_HAS_AUTHENTICATED;

 
 

-    SessionAttributeBits attributes() const                    { return mAttributes; }
-    bool attribute(SessionAttributeBits bits) const    { return mAttributes & bits; }
+    SessionAttributeBits attributes() const                    { updateAudit(); return mAudit.ai_flags; }
+    bool attribute(SessionAttributeBits bits) const    { return attributes() & bits; }
+       void setAttributes(SessionAttributeBits bits);

        
     virtual void setupAttributes(SessionCreationFlags flags, SessionAttributeBits attrs);
 
        
     virtual void setupAttributes(SessionCreationFlags flags, SessionAttributeBits attrs);
 

-       virtual bool haveOriginatorUid() const = 0;
-       virtual uid_t originatorUid() const = 0;
-    Credential originatorCredential() const { return mOriginatorCredential; }
+       virtual uid_t originatorUid() const             { updateAudit(); return mAudit.uid(); }

 
        virtual CFDataRef copyUserPrefs() = 0;
 
 
        virtual CFDataRef copyUserPrefs() = 0;
 

-       static std::string kUsername;
-    static std::string kRealname;
-    
-protected:
-    void setAttributes(SessionAttributeBits attrs)     { mAttributes |= attrs; }
+       static const char kUsername[];
+    static const char kRealname[];

     
 public:
        const CredentialSet &authCredentials() const    { return mSessionCreds; }
     
 public:
        const CredentialSet &authCredentials() const    { return mSessionCreds; }


@@ -119,10 +111,13 @@ public:
     // authCheckRight() with exception-handling and Boolean return semantics
     bool isRightAuthorized(string &rightName, Connection &connection, bool allowUI);
 
     // authCheckRight() with exception-handling and Boolean return semantics
     bool isRightAuthorized(string &rightName, Connection &connection, bool allowUI);
 

+protected:
+       void updateAudit() const;
+

 private:
     struct AuthorizationExternalBlob {
         AuthorizationBlob blob;
 private:
     struct AuthorizationExternalBlob {
         AuthorizationBlob blob;

-        mach_port_t session;
+               uint32_t session;

     };
        
 protected:
     };
        
 protected:


@@ -133,10 +128,6 @@ protected:
        void mergeCredentials(CredentialSet &creds);
 
 public:
        void mergeCredentials(CredentialSet &creds);
 
 public:

-    static Session &find(Port servPort);
-    static Session &find(SecuritySessionId id);
-       template <class SessionType> static SessionType &find(SecuritySessionId id);
-    static void destroy(Port servPort);

     void invalidateSessionAuthHosts();      // invalidate auth hosts in this session
     static void invalidateAuthHosts();      // invalidate auth hosts in all sessions
        
     void invalidateSessionAuthHosts();      // invalidate auth hosts in this session
     static void invalidateAuthHosts();      // invalidate auth hosts in all sessions
        


@@ -146,12 +137,10 @@ public:
        RefPointer<AuthHostInstance> authhost(const AuthHostType hostType = securityAgent, const bool restart = false);
 
 protected:
        RefPointer<AuthHostInstance> authhost(const AuthHostType hostType = securityAgent, const bool restart = false);
 
 protected:

-    Bootstrap mBootstrap;                      // session bootstrap port
-       Port mServicePort;                              // SecurityServer service port for this session
-    SessionAttributeBits mAttributes; // attribute bits (see AuthSession.h)
-
-    mutable Mutex mCredsLock;  // lock for mSessionCreds
-       CredentialSet mSessionCreds;    // shared session authorization credentials
+       mutable CommonCriteria::AuditInfo mAudit;
+       
+       mutable Mutex mCredsLock;                               // lock for mSessionCreds
+       CredentialSet mSessionCreds;                    // shared session authorization credentials

 
        mutable Mutex mAuthHostLock;
        AuthHostInstance *mSecurityAgent;
 
        mutable Mutex mAuthHostLock;
        AuthHostInstance *mSecurityAgent;


@@ -161,15 +150,23 @@ protected:
     Credential mOriginatorCredential;
        
        void kill();
     Credential mOriginatorCredential;
        
        void kill();

-       
+
+public:
+       static Session &find(SessionId id, bool create);        // find and optionally create
+    template <class SessionType> static SessionType &find(SecuritySessionId id);
+       static void destroy(SessionId id);
+

 protected:
 protected:

-       static PortMap<Session> mSessions;
+       typedef std::map<SessionId, RefPointer<Session> > SessionMap;
+       static SessionMap mSessions;
+       static Mutex mSessionLock;

 };
 
 };
 

+

 template <class SessionType>
 SessionType &Session::find(SecuritySessionId id)
 {
 template <class SessionType>
 SessionType &Session::find(SecuritySessionId id)
 {

-       if (SessionType *ssn = dynamic_cast<SessionType *>(&find(id)))
+       if (SessionType *ssn = dynamic_cast<SessionType *>(&find(id, false)))

                return *ssn;
        else
                MacOSError::throwMe(errSessionInvalidId);
                return *ssn;
        else
                MacOSError::throwMe(errSessionInvalidId);


@@ -177,49 +174,31 @@ SessionType &Session::find(SecuritySessionId id)
 
 
 //
 
 
 //

-// The RootSession is the session (i.e. bootstrap dictionary) of system daemons that are
-// started early and don't belong to anything more restrictive. The RootSession is considered
-// immortal.
-// Currently, telnet sessions et al also default into this session, but this will change
-// (we hope).
+// The RootSession is the session of all code that originates from system startup processing
+// and does not belong to any particular login origin. (Or, if you prefer, whose login origin
+// is the system itself.)

 //
 class RootSession : public Session {
 public:
 //
 class RootSession : public Session {
 public:

-    RootSession(Server &server, SessionAttributeBits attrs = 0);
+    RootSession(uint64_t attributes, Server &server);

        
        

-       bool haveOriginatorUid() const          { return true; }
-       uid_t originatorUid() const         { return 0; }

        CFDataRef copyUserPrefs()           { return NULL; }
 };
 
 
 //
        CFDataRef copyUserPrefs()           { return NULL; }
 };
 
 
 //

-// A DynamicSession is the default type of session object. We create one when a new
-// Connection initializes whose bootstrap port we haven't seen before. These Sessions
-// are torn down when their bootstrap object disappears (which happens when mach_init
-// destroys it due to its requestor referent vanishing).
+// A DynamicSession object represents a session that is dynamically constructed
+// when we first encounter it. These sessions are actually created in client
+// space using the audit session APIs.
+// We tear down a DynamicSession when the system reports (via kevents) that the
+// kernel audit session object has been destroyed.

 //
 class DynamicSession : private ReceivePort, public Session {
 public:
 //
 class DynamicSession : private ReceivePort, public Session {
 public:

-    DynamicSession(TaskPort taskPort);
-       ~DynamicSession();
-       
-       void setupAttributes(SessionCreationFlags flags, SessionAttributeBits attrs);
+    DynamicSession(const CommonCriteria::AuditInfo &audit);

 
 

-       bool haveOriginatorUid() const                                  { return mHaveOriginatorUid; }
-       uid_t originatorUid() const;
-       void originatorUid(uid_t uid);

        void setUserPrefs(CFDataRef userPrefsDict);
        CFDataRef copyUserPrefs();
        void setUserPrefs(CFDataRef userPrefsDict);
        CFDataRef copyUserPrefs();

-       
-protected:
-       void checkOriginator();                 // fail unless current process is originator
-       void kill();                                    // augment parent's kill
-
-private:
-       Port mOriginatorTask;                   // originating process's task port
-       bool mHaveOriginatorUid;                // originator uid was set by session originator
-       uid_t mOriginatorUid;                   // uid as set by session originator

 };
 
 
 };
 
 

diff --git a/src/transition.cpp b/src/transition.cpp
index 09a01b814d9a24003a0a16c57cc05b0e36f9e19e..65fb0b3d88752cce467d81a3c9a438315c8b3aca 100644 (file)
--- a/src/transition.cpp
+++ b/src/transition.cpp
@@ -223,45 +223,20 @@ kern_return_t ucsp_server_setup(UCSP_ARGS, mach_port_t taskPort, ClientSetupInfo
 {
        BEGIN_IPCN
        SECURITYD_REQUEST_ENTRY((char*)"setup", NULL, NULL);
 {
        BEGIN_IPCN
        SECURITYD_REQUEST_ENTRY((char*)"setup", NULL, NULL);

-       Server::active().setupConnection(Server::connectNewProcess, servicePort, replyPort,
-               taskPort, auditToken, &info, identity);
+       Server::active().setupConnection(Server::connectNewProcess, replyPort,
+               taskPort, auditToken, &info);

        END_IPCN(CSSM)
        if (*rcode)
                Syslog::notice("setup(%s) failed rcode=%d", identity ? identity : "<NULL>", *rcode);
        return KERN_SUCCESS;
 }
 
        END_IPCN(CSSM)
        if (*rcode)
                Syslog::notice("setup(%s) failed rcode=%d", identity ? identity : "<NULL>", *rcode);
        return KERN_SUCCESS;
 }
 

-kern_return_t ucsp_server_setupNew(UCSP_ARGS, mach_port_t taskPort,
-       ClientSetupInfo info, const char *identity,
-       mach_port_t *newServicePort)
-{
-       BEGIN_IPCN
-       SECURITYD_REQUEST_ENTRY((char*)"setupNew", NULL, NULL);
-       try {
-               RefPointer<Session> session = new DynamicSession(taskPort);
-               Server::active().setupConnection(Server::connectNewSession, session->servicePort(), replyPort,
-                       taskPort, auditToken, &info, identity);
-               *newServicePort = session->servicePort();
-       } catch (const MachPlusPlus::Error &err) {
-               switch (err.error) {
-               case BOOTSTRAP_SERVICE_ACTIVE:
-                       MacOSError::throwMe(errSessionAuthorizationDenied);     // translate
-               default:
-                       throw;
-               }
-       }
-       END_IPCN(CSSM)
-       if (*rcode)
-               Syslog::notice("setupNew(%s) failed rcode=%d", identity ? identity : "<NULL>", *rcode);
-       return KERN_SUCCESS;
-}

 
 kern_return_t ucsp_server_setupThread(UCSP_ARGS, mach_port_t taskPort)
 {
        SECURITYD_REQUEST_ENTRY((char*)"setupThread", NULL, NULL);
        BEGIN_IPCN
 
 kern_return_t ucsp_server_setupThread(UCSP_ARGS, mach_port_t taskPort)
 {
        SECURITYD_REQUEST_ENTRY((char*)"setupThread", NULL, NULL);
        BEGIN_IPCN

-       Server::active().setupConnection(Server::connectNewThread, servicePort, replyPort,
-               taskPort, auditToken);
+       Server::active().setupConnection(Server::connectNewThread, replyPort, taskPort, auditToken);

        END_IPCN(CSSM)
        if (*rcode)
                Syslog::notice("setupThread failed rcode=%d", *rcode);
        END_IPCN(CSSM)
        if (*rcode)
                Syslog::notice("setupThread failed rcode=%d", *rcode);


@@ -1348,40 +1323,6 @@ kern_return_t ucsp_server_authorizationInternalize(UCSP_ARGS,
 //
 // Session management subsystem
 //
 //
 // Session management subsystem
 //

-kern_return_t ucsp_server_getSessionInfo(UCSP_ARGS,
-    SecuritySessionId *sessionId, SessionAttributeBits *attrs)
-{
-       BEGIN_IPC(getSessionInfo)
-       Session &session = Session::find(*sessionId);
-       *sessionId = session.handle();
-       *attrs = session.attributes();
-       END_IPC(CSSM)
-}
-
-kern_return_t ucsp_server_setupSession(UCSP_ARGS,
-    SessionCreationFlags flags, SessionAttributeBits attrs)
-{
-       BEGIN_IPC(setupSession)
-       Server::process().session().setupAttributes(flags, attrs);
-       END_IPC(CSSM)
-}
-
-kern_return_t ucsp_server_setSessionDistinguishedUid(UCSP_ARGS,
-       SecuritySessionId sessionId, uid_t user)
-{
-       BEGIN_IPC(setSessionDistinguishedUid)
-       Session::find<DynamicSession>(sessionId).originatorUid(user);
-       END_IPC(CSSM)
-}
-
-kern_return_t ucsp_server_getSessionDistinguishedUid(UCSP_ARGS,
-       SecuritySessionId sessionId, uid_t *user)
-{
-       BEGIN_IPC(getSessionDistinguishedUid)
-       *user = Session::find(sessionId).originatorUid();
-       END_IPC(CSSM)
-}
-

 kern_return_t ucsp_server_setSessionUserPrefs(UCSP_ARGS, SecuritySessionId sessionId, DATA_IN(userPrefs))
 {
        BEGIN_IPC(setSessionuserPrefs)
 kern_return_t ucsp_server_setSessionUserPrefs(UCSP_ARGS, SecuritySessionId sessionId, DATA_IN(userPrefs))
 {
        BEGIN_IPC(setSessionuserPrefs)


@@ -1400,7 +1341,6 @@ kern_return_t ucsp_server_setSessionUserPrefs(UCSP_ARGS, SecuritySessionId sessi
 }
 
 
 }
 
 

-

 //
 // Notification core subsystem
 //
 //
 // Notification core subsystem
 //